{"id": "SUSE_11_JAVA-1_6_0-IBM-100610.NASL", "bulletinFamily": "scanner", "title": "SuSE 11 Security Update : IBM Java 6 (SAT Patch Number 2548)", "description": "This update of IBM Java 6 to SR 8 to fixes the following security\nissues :\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0084)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0085)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0087)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0088)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect availability via unknown\n vectors. (CVE-2010-0089)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18 allows remote attackers to affect\n integrity and availability via unknown vectors.\n (CVE-2010-0090)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0091)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, and 5.0 Update 23 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0092)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18 and 5.0 Update 23 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is due to missing privilege checks during\n deserialization of RMIConnectionImpl objects, which\n allows remote attackers to call system-level Java\n functions via the class loader of a constructor that is\n being deserialized. (CVE-2010-0094)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. (CVE-2010-0095)\n\n - Unspecified vulnerability in the Pack200 component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0837)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. NOTE: the previous information was obtained\n from the March 2010 CPU. Oracle has not commented on\n claims from a reliable researcher that this is a\n stack-based buffer overflow using an untrusted size\n value in the readMabCurveData function in the CMM module\n of the JVM. (CVE-2010-0838)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. (CVE-2010-0839)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to improper checks when executing\n privileged methods in the Java Runtime Environment\n (JRE), which allows attackers to execute arbitrary code\n via (1) an untrusted object that extends the trusted\n class but has not modified a certain method, or (2) 'a\n similar trust issue with interfaces,' aka 'Trusted\n Methods Chaining Remote Code Execution Vulnerability.'.\n (CVE-2010-0840)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, and 1.4.2_25 allows remote attackers to\n affect confidentiality, integrity, and availability via\n unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an integer overflow in the Java Runtime Environment\n that allows remote attackers to execute arbitrary code\n via a JPEG image that contains subsample dimensions with\n large values, related to JPEGImageReader and 'stepX'.\n (CVE-2010-0841)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an uncontrolled array index that allows remote\n attackers to execute arbitrary code via a MIDI file with\n a crafted MixerSequencer object, related to the GM_Song\n structure. (CVE-2010-0842)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is related to XNewPtr and improper handling of an\n integer parameter when allocating heap memory in the\n com.sun.media.sound libraries, which allows remote\n attackers to execute arbitrary code. (CVE-2010-0843)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is for improper parsing of a crafted MIDI stream when\n creating a MixerSequencer object, which causes a pointer\n to be corrupted and allows a NULL byte to be written to\n arbitrary memory. (CVE-2010-0844)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n remote attackers to execute arbitrary code, related to\n an 'invalid assignment' and inconsistent length values\n in a JPEG image encoder (JPEGImageEncoderImpl).\n (CVE-2010-0846)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n arbitrary code execution via a crafted image.\n (CVE-2010-0847)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0848)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow in a decoding\n routine used by the JPEGImageDecoderImpl interface,\n which allows code execution via a crafted JPEG image.\n (CVE-2010-0849)\n\nPlease also see http://www.ibm.com/developerworks/java/jdk/alerts/ for\na more up to date list on what was fixed", "published": "2010-12-02T00:00:00", "modified": "2010-12-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/50916", "reporter": "This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.", "references": ["http://support.novell.com/security/cve/CVE-2010-0838.html", "http://support.novell.com/security/cve/CVE-2010-0841.html", "http://support.novell.com/security/cve/CVE-2010-0844.html", "http://support.novell.com/security/cve/CVE-2010-0087.html", "http://support.novell.com/security/cve/CVE-2010-0094.html", "http://support.novell.com/security/cve/CVE-2010-0849.html", "http://support.novell.com/security/cve/CVE-2010-0842.html", "http://support.novell.com/security/cve/CVE-2010-0846.html", "https://bugzilla.novell.com/show_bug.cgi?id=603283", "http://support.novell.com/security/cve/CVE-2010-0840.html", "http://support.novell.com/security/cve/CVE-2010-0084.html", "http://support.novell.com/security/cve/CVE-2010-0088.html", "http://support.novell.com/security/cve/CVE-2010-0089.html", "http://support.novell.com/security/cve/CVE-2010-0847.html", "http://support.novell.com/security/cve/CVE-2010-0085.html", "http://support.novell.com/security/cve/CVE-2010-0848.html", "http://support.novell.com/security/cve/CVE-2010-0837.html", "http://support.novell.com/security/cve/CVE-2010-0090.html", "http://support.novell.com/security/cve/CVE-2010-0095.html", "http://support.novell.com/security/cve/CVE-2010-0092.html", "http://support.novell.com/security/cve/CVE-2010-0839.html", "http://support.novell.com/security/cve/CVE-2010-0843.html", "http://support.novell.com/security/cve/CVE-2010-0091.html"], "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0090", "CVE-2010-0843", "CVE-2010-0084"], "type": "nessus", "lastseen": "2021-01-17T14:11:12", "edition": 24, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2010:0586", "RHSA-2010:0130", "RHSA-2010:0339", "RHSA-2010:0574", "RHSA-2010:0471", "RHSA-2010:0383", "RHSA-2010:0338", "RHSA-2010:0489", "RHSA-2010:0337"]}, {"type": "suse", "idList": ["SUSE-SA:2010:028", "SUSE-SA:2010:026"]}, {"type": "nessus", "idList": ["SUSE9_12626.NASL", "SUSE_JAVA-1_5_0-IBM-7077.NASL", "SUSE_11_JAVA-1_6_0-IBM-100525.NASL", "REDHAT-RHSA-2010-0574.NASL", "SUSE_JAVA-1_4_2-IBM-7106.NASL", "REDHAT-RHSA-2010-0337.NASL", "SUSE_11_JAVA-1_4_2-IBM-100728.NASL", "REDHAT-RHSA-2010-0471.NASL", "SUSE9_12623.NASL", "REDHAT-RHSA-2010-0383.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:835234", "OPENVAS:136141256231069021", "OPENVAS:1361412562310102045", "OPENVAS:102045", "OPENVAS:1361412562310835234", "OPENVAS:1361412562310800500", "OPENVAS:800499", "OPENVAS:69021", "OPENVAS:102047", "OPENVAS:1361412562310800499"]}, {"type": "gentoo", "idList": ["GLSA-201006-18"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24282", "SECURITYVULNS:VULN:10737", "SECURITYVULNS:DOC:23588"]}, {"type": "fedora", "idList": ["FEDORA:09491110673", "FEDORA:E36CC10FA25", "FEDORA:8D2D811080B"]}, {"type": "centos", "idList": ["CESA-2010:0339"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0339"]}, {"type": "ubuntu", "idList": ["USN-923-1"]}, {"type": "cve", "idList": ["CVE-2010-0842", "CVE-2010-0089", "CVE-2010-0091", "CVE-2010-0840", "CVE-2010-0848", "CVE-2010-0849", "CVE-2010-0088", "CVE-2010-0846", "CVE-2010-0843", "CVE-2010-0090"]}], "modified": "2021-01-17T14:11:12", "rev": 2}, "score": {"value": 8.6, "vector": "NONE", "modified": "2021-01-17T14:11:12", "rev": 2}, "vulnersScore": 8.6}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50916);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0090\", \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\");\n\n script_name(english:\"SuSE 11 Security Update : IBM Java 6 (SAT Patch Number 2548)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of IBM Java 6 to SR 8 to fixes the following security\nissues :\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0084)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0085)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0087)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0088)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect availability via unknown\n vectors. (CVE-2010-0089)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18 allows remote attackers to affect\n integrity and availability via unknown vectors.\n (CVE-2010-0090)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0091)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, and 5.0 Update 23 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0092)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18 and 5.0 Update 23 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is due to missing privilege checks during\n deserialization of RMIConnectionImpl objects, which\n allows remote attackers to call system-level Java\n functions via the class loader of a constructor that is\n being deserialized. (CVE-2010-0094)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. (CVE-2010-0095)\n\n - Unspecified vulnerability in the Pack200 component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0837)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. NOTE: the previous information was obtained\n from the March 2010 CPU. Oracle has not commented on\n claims from a reliable researcher that this is a\n stack-based buffer overflow using an untrusted size\n value in the readMabCurveData function in the CMM module\n of the JVM. (CVE-2010-0838)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. (CVE-2010-0839)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to improper checks when executing\n privileged methods in the Java Runtime Environment\n (JRE), which allows attackers to execute arbitrary code\n via (1) an untrusted object that extends the trusted\n class but has not modified a certain method, or (2) 'a\n similar trust issue with interfaces,' aka 'Trusted\n Methods Chaining Remote Code Execution Vulnerability.'.\n (CVE-2010-0840)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, and 1.4.2_25 allows remote attackers to\n affect confidentiality, integrity, and availability via\n unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an integer overflow in the Java Runtime Environment\n that allows remote attackers to execute arbitrary code\n via a JPEG image that contains subsample dimensions with\n large values, related to JPEGImageReader and 'stepX'.\n (CVE-2010-0841)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an uncontrolled array index that allows remote\n attackers to execute arbitrary code via a MIDI file with\n a crafted MixerSequencer object, related to the GM_Song\n structure. (CVE-2010-0842)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is related to XNewPtr and improper handling of an\n integer parameter when allocating heap memory in the\n com.sun.media.sound libraries, which allows remote\n attackers to execute arbitrary code. (CVE-2010-0843)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is for improper parsing of a crafted MIDI stream when\n creating a MixerSequencer object, which causes a pointer\n to be corrupted and allows a NULL byte to be written to\n arbitrary memory. (CVE-2010-0844)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n remote attackers to execute arbitrary code, related to\n an 'invalid assignment' and inconsistent length values\n in a JPEG image encoder (JPEGImageEncoderImpl).\n (CVE-2010-0846)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n arbitrary code execution via a crafted image.\n (CVE-2010-0847)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0848)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow in a decoding\n routine used by the JPEGImageDecoderImpl interface,\n which allows code execution via a crafted JPEG image.\n (CVE-2010-0849)\n\nPlease also see http://www.ibm.com/developerworks/java/jdk/alerts/ for\na more up to date list on what was fixed\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0084.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0087.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0088.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0090.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0091.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0092.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0837.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0839.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0841.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0843.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0844.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0846.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0847.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0849.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2548.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-1.6.0_sr8.0-0.1.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-fonts-1.6.0_sr8.0-0.1.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-jdbc-1.6.0_sr8.0-0.1.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0_sr8.0-0.1.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr8.0-0.1.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "50916", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa"], "scheme": null}

{"redhat": [{"lastseen": "2019-12-11T13:31:57", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0090", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849"], "description": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server\n5.3. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089,\nCVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0094, CVE-2010-0095,\nCVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,\nCVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0846, CVE-2010-0848,\nCVE-2010-0849)\n\nUsers of Red Hat Network Satellite Server 5.3 are advised to upgrade to\nthese updated java-1.6.0-ibm packages, which resolve these issues. For this\nupdate to take effect, Red Hat Network Satellite Server must be restarted\n(\"/usr/sbin/rhn-satellite restart\"), as well as all running instances of\nIBM Java.\n", "modified": "2016-04-04T18:36:47", "published": "2010-06-14T04:00:00", "id": "RHSA-2010:0471", "href": "https://access.redhat.com/errata/RHSA-2010:0471", "type": "redhat", "title": "(RHSA-2010:0471) Low: Red Hat Network Satellite Server IBM Java Runtime security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T13:32:54", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0090", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849"], "description": "The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2010-0084, CVE-2010-0085, CVE-2010-0087,\nCVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,\nCVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839,\nCVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844,\nCVE-2010-0846, CVE-2010-0848, CVE-2010-0849)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR8 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.\n", "modified": "2017-09-08T11:56:18", "published": "2010-04-29T04:00:00", "id": "RHSA-2010:0383", "href": "https://access.redhat.com/errata/RHSA-2010:0383", "type": "redhat", "title": "(RHSA-2010:0383) Critical: java-1.6.0-ibm security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:04", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0091", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849"], "description": "The IBM 1.4.2 SR13-FP5 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2010-0084, CVE-2010-0085, CVE-2010-0087,\nCVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0095, CVE-2010-0839,\nCVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844,\nCVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849)\n\nNote: The java-1.4.2-ibm packages were renamed to java-1.4.2-ibm-sap to\ncorrect a naming overlap; however, java-1.4.2-ibm-sap does not\nautomatically obsolete the previous java-1.4.2-ibm packages for Red Hat\nEnterprise Linux 4 and 5 for SAP. Refer to the RHBA-2010:0491 and\nRHBA-2010:0530 advisories, listed in the References, for further\ninformation.\n\nAll users of java-1.4.2-ibm-sap for Red Hat Enterprise Linux 4 and 5 for\nSAP are advised to upgrade to these updated packages, which contain the IBM\n1.4.2 SR13-FP5 Java release. All running instances of IBM Java must be\nrestarted for this update to take effect.\n", "modified": "2017-09-08T12:05:36", "published": "2010-08-02T04:00:00", "id": "RHSA-2010:0586", "href": "https://access.redhat.com/errata/RHSA-2010:0586", "type": "redhat", "title": "(RHSA-2010:0586) Moderate: java-1.4.2-ibm-sap security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:21", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0091", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849"], "description": "The IBM 1.4.2 SR13-FP5 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2010-0084, CVE-2010-0085, CVE-2010-0087,\nCVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0095, CVE-2010-0839,\nCVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844,\nCVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP5 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "modified": "2018-05-26T04:26:19", "published": "2010-07-29T04:00:00", "id": "RHSA-2010:0574", "href": "https://access.redhat.com/errata/RHSA-2010:0574", "type": "redhat", "title": "(RHSA-2010:0574) Critical: java-1.4.2-ibm security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:34:37", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0090", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0845", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849"], "description": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. Further\ninformation about these flaws can be found on the \"Oracle Java SE and Java\nfor Business Critical Patch Update Advisory\" page, listed in the\nReferences section. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,\nCVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090,\nCVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095,\nCVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,\nCVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846,\nCVE-2010-0847, CVE-2010-0848, CVE-2010-0849)\n\nFor the CVE-2009-3555 issue, this update disables renegotiation in the Java\nSecure Socket Extension (JSSE) component. Unsafe renegotiation can be\nre-enabled using the sun.security.ssl.allowUnsafeRenegotiation property.\nRefer to the following Knowledgebase article for details:\nhttp://kbase.redhat.com/faq/docs/DOC-20491\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.\n", "modified": "2017-07-27T01:59:43", "published": "2010-03-31T04:00:00", "id": "RHSA-2010:0337", "href": "https://access.redhat.com/errata/RHSA-2010:0337", "type": "redhat", "title": "(RHSA-2010:0337) Critical: java-1.6.0-sun security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:34:05", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0845", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849"], "description": "The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThe java-1.5.0-sun packages are vulnerable to a number of security flaws\nand should no longer be used. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,\nCVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091,\nCVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,\nCVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842,\nCVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847,\nCVE-2010-0848, CVE-2010-0849)\n\nThe Sun Java SE Release family 5.0 reached its End of Service Life on\nNovember 3, 2009. The RHSA-2009:1571 update provided the final publicly\navailable update of version 5.0 (Update 22). Users interested in continuing\nto receive critical fixes for Sun Java SE 5.0 should contact Oracle:\n\nhttp://www.sun.com/software/javaforbusiness/index.jsp\n\nAn alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the\nIBM Developer Kit for Linux, which is available from the Extras and\nSupplementary channels on the Red Hat Network.\n\nApplications capable of using the Java 6 runtime can be migrated to Java 6\non: OpenJDK (java-1.6.0-openjdk), an open source JDK included in Red Hat\nEnterprise Linux 5, since 5.3; the IBM JDK, java-1.6.0-ibm; or the Sun JDK,\njava-1.6.0-sun.\n\nThis update removes the java-1.5.0-sun packages as they have reached their\nEnd of Service Life.\n", "modified": "2017-07-27T11:46:46", "published": "2010-03-31T04:00:00", "id": "RHSA-2010:0338", "href": "https://access.redhat.com/errata/RHSA-2010:0338", "type": "redhat", "title": "(RHSA-2010:0338) Critical: java-1.5.0-sun security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T13:32:28", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0839"], "description": "The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. (CVE-2009-3555)\n\nThis update disables renegotiation in the Java Secure Socket Extension\n(JSSE) component. Unsafe renegotiation can be re-enabled using the\ncom.ibm.jsse2.renegotiate property. Refer to the following Knowledgebase\narticle for details: http://kbase.redhat.com/faq/docs/DOC-20491\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11-FP1 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.", "modified": "2017-09-08T11:50:23", "published": "2010-03-03T05:00:00", "id": "RHSA-2010:0130", "href": "https://access.redhat.com/errata/RHSA-2010:0130", "type": "redhat", "title": "(RHSA-2010:0130) Moderate: java-1.5.0-ibm security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:38", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849"], "description": "The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2010-0840, CVE-2010-0841,\nCVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0846, CVE-2010-0847,\nCVE-2010-0848, CVE-2010-0849)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11-FP2 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "modified": "2017-09-08T11:48:36", "published": "2010-06-17T04:00:00", "id": "RHSA-2010:0489", "href": "https://access.redhat.com/errata/RHSA-2010:0489", "type": "redhat", "title": "(RHSA-2010:0489) Critical: java-1.5.0-ibm security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0088", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0845", "CVE-2010-0847", "CVE-2010-0848"], "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. (CVE-2009-3555)\n\nThis update disables renegotiation in the Java Secure Socket Extension\n(JSSE) component. Unsafe renegotiation can be re-enabled using the\nsun.security.ssl.allowUnsafeRenegotiation property. Refer to the following\nKnowledgebase article for details:\nhttp://kbase.redhat.com/faq/docs/DOC-20491\n\nA number of flaws have been fixed in the Java Virtual Machine (JVM) and in\nvarious Java class implementations. These flaws could allow an unsigned\napplet or application to bypass intended access restrictions.\n(CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0094)\n\nAn untrusted applet could access clipboard information if a drag operation\nwas performed over that applet's canvas. This could lead to an information\nleak. (CVE-2010-0091)\n\nThe rawIndex operation incorrectly handled large values, causing the\ncorruption of internal memory structures, resulting in an untrusted applet\nor application crashing. (CVE-2010-0092)\n\nThe System.arraycopy operation incorrectly handled large index values,\npotentially causing array corruption in an untrusted applet or application.\n(CVE-2010-0093)\n\nSubclasses of InetAddress may incorrectly interpret network addresses,\nallowing an untrusted applet or application to bypass network access\nrestrictions. (CVE-2010-0095)\n\nIn certain cases, type assignments could result in \"non-exact\" interface\ntypes. This could be used to bypass type-safety restrictions.\n(CVE-2010-0845)\n\nA buffer overflow flaw in LittleCMS (embedded in OpenJDK) could cause an\nuntrusted applet or application using color profiles from untrusted sources\nto crash. (CVE-2010-0838)\n\nAn input validation flaw was found in the JRE unpack200 functionality. An\nuntrusted applet or application could use this flaw to elevate its\nprivileges. (CVE-2010-0837)\n\nDeferred calls to trusted applet methods could be granted incorrect\npermissions, allowing an untrusted applet or application to extend its\nprivileges. (CVE-2010-0840)\n\nA missing input validation flaw in the JRE could allow an attacker to crash\nan untrusted applet or application. (CVE-2010-0848)\n\nA flaw in Java2D could allow an attacker to execute arbitrary code with the\nprivileges of a user running an untrusted applet or application that uses\nJava2D. (CVE-2010-0847)\n\nNote: The flaws concerning applets in this advisory, CVE-2010-0082,\nCVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0092,\nCVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,\nCVE-2010-0840, CVE-2010-0847, and CVE-2010-0848, can only be triggered in\njava-1.6.0-openjdk by calling the \"appletviewer\" application.\n\nThis update also provides three defense in depth patches. (BZ#575745,\nBZ#575861, BZ#575789)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2017-09-08T12:06:14", "published": "2010-03-31T04:00:00", "id": "RHSA-2010:0339", "href": "https://access.redhat.com/errata/RHSA-2010:0339", "type": "redhat", "title": "(RHSA-2010:0339) Important: java-1.6.0-openjdk security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:38:59", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0090", "CVE-2010-0843", "CVE-2010-0084"], "description": "IBM Java 6 was updated to Service Release 8 to fix various security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-07-01T17:43:53", "published": "2010-07-01T17:43:53", "id": "SUSE-SA:2010:026", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00001.html", "title": "remote code execution in java-1_6_0-ibm", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:37:24", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0843", "CVE-2010-0084"], "description": "This update of IBM Java 1.5.0 to SR11 FP2 brings various bug and lots of security fixes.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-07-06T17:26:45", "published": "2010-07-06T17:26:45", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00003.html", "id": "SUSE-SA:2010:028", "title": "remote code execution in java-1_5_0-ibm", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-17T14:11:11", "description": "This update of IBM Java 6 to Service Request 8 to fixes the following\nsecurity issues :\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0084)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0085)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0087)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0088)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect availability via unknown\n vectors. (CVE-2010-0089)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18 allows remote attackers to affect\n integrity and availability via unknown vectors.\n (CVE-2010-0090)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0091)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, and 5.0 Update 23 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0092)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18 and 5.0 Update 23 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is due to missing privilege checks during\n deserialization of RMIConnectionImpl objects, which\n allows remote attackers to call system-level Java\n functions via the class loader of a constructor that is\n being deserialized. (CVE-2010-0094)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. (CVE-2010-0095)\n\n - Unspecified vulnerability in the Pack200 component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0837)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. NOTE: the previous information was obtained\n from the March 2010 CPU. Oracle has not commented on\n claims from a reliable researcher that this is a\n stack-based buffer overflow using an untrusted size\n value in the readMabCurveData function in the CMM module\n of the JVM. (CVE-2010-0838)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. (CVE-2010-0839)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to improper checks when executing\n privileged methods in the Java Runtime Environment\n (JRE), which allows attackers to execute arbitrary code\n via (1) an untrusted object that extends the trusted\n class but has not modified a certain method, or (2) 'a\n similar trust issue with interfaces,' aka 'Trusted\n Methods Chaining Remote Code Execution Vulnerability.'.\n (CVE-2010-0840)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, and 1.4.2_25 allows remote attackers to\n affect confidentiality, integrity, and availability via\n unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an integer overflow in the Java Runtime Environment\n that allows remote attackers to execute arbitrary code\n via a JPEG image that contains subsample dimensions with\n large values, related to JPEGImageReader and 'stepX'.\n (CVE-2010-0841)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an uncontrolled array index that allows remote\n attackers to execute arbitrary code via a MIDI file with\n a crafted MixerSequencer object, related to the GM_Song\n structure. (CVE-2010-0842)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is related to XNewPtr and improper handling of an\n integer parameter when allocating heap memory in the\n com.sun.media.sound libraries, which allows remote\n attackers to execute arbitrary code. (CVE-2010-0843)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is for improper parsing of a crafted MIDI stream when\n creating a MixerSequencer object, which causes a pointer\n to be corrupted and allows a NULL byte to be written to\n arbitrary memory. (CVE-2010-0844)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n remote attackers to execute arbitrary code, related to\n an 'invalid assignment' and inconsistent length values\n in a JPEG image encoder (JPEGImageEncoderImpl).\n (CVE-2010-0846)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n arbitrary code execution via a crafted image.\n (CVE-2010-0847)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0848)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow in a decoding\n routine used by the JPEGImageDecoderImpl interface,\n which allows code execution via a crafted JPEG image.\n (CVE-2010-0849)\n\nPlease also see http://www.ibm.com/developerworks/java/jdk/alerts/ for\na more up to date list on what was fixed.", "edition": 24, "published": "2011-01-21T00:00:00", "title": "SuSE 11.1 Security Update : IBM Java 6 (SAT Patch Number 2553)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0090", "CVE-2010-0843", "CVE-2010-0084"], "modified": "2011-01-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa"], "id": "SUSE_11_JAVA-1_6_0-IBM-100525.NASL", "href": "https://www.tenable.com/plugins/nessus/51606", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51606);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0090\", \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\");\n\n script_name(english:\"SuSE 11.1 Security Update : IBM Java 6 (SAT Patch Number 2553)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of IBM Java 6 to Service Request 8 to fixes the following\nsecurity issues :\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0084)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0085)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0087)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0088)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect availability via unknown\n vectors. (CVE-2010-0089)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18 allows remote attackers to affect\n integrity and availability via unknown vectors.\n (CVE-2010-0090)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0091)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, and 5.0 Update 23 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0092)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18 and 5.0 Update 23 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is due to missing privilege checks during\n deserialization of RMIConnectionImpl objects, which\n allows remote attackers to call system-level Java\n functions via the class loader of a constructor that is\n being deserialized. (CVE-2010-0094)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. (CVE-2010-0095)\n\n - Unspecified vulnerability in the Pack200 component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0837)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. NOTE: the previous information was obtained\n from the March 2010 CPU. Oracle has not commented on\n claims from a reliable researcher that this is a\n stack-based buffer overflow using an untrusted size\n value in the readMabCurveData function in the CMM module\n of the JVM. (CVE-2010-0838)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. (CVE-2010-0839)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to improper checks when executing\n privileged methods in the Java Runtime Environment\n (JRE), which allows attackers to execute arbitrary code\n via (1) an untrusted object that extends the trusted\n class but has not modified a certain method, or (2) 'a\n similar trust issue with interfaces,' aka 'Trusted\n Methods Chaining Remote Code Execution Vulnerability.'.\n (CVE-2010-0840)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, and 1.4.2_25 allows remote attackers to\n affect confidentiality, integrity, and availability via\n unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an integer overflow in the Java Runtime Environment\n that allows remote attackers to execute arbitrary code\n via a JPEG image that contains subsample dimensions with\n large values, related to JPEGImageReader and 'stepX'.\n (CVE-2010-0841)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an uncontrolled array index that allows remote\n attackers to execute arbitrary code via a MIDI file with\n a crafted MixerSequencer object, related to the GM_Song\n structure. (CVE-2010-0842)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is related to XNewPtr and improper handling of an\n integer parameter when allocating heap memory in the\n com.sun.media.sound libraries, which allows remote\n attackers to execute arbitrary code. (CVE-2010-0843)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is for improper parsing of a crafted MIDI stream when\n creating a MixerSequencer object, which causes a pointer\n to be corrupted and allows a NULL byte to be written to\n arbitrary memory. (CVE-2010-0844)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n remote attackers to execute arbitrary code, related to\n an 'invalid assignment' and inconsistent length values\n in a JPEG image encoder (JPEGImageEncoderImpl).\n (CVE-2010-0846)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n arbitrary code execution via a crafted image.\n (CVE-2010-0847)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0848)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow in a decoding\n routine used by the JPEGImageDecoderImpl interface,\n which allows code execution via a crafted JPEG image.\n (CVE-2010-0849)\n\nPlease also see http://www.ibm.com/developerworks/java/jdk/alerts/ for\na more up to date list on what was fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0084.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0087.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0088.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0090.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0091.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0092.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0837.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0839.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0841.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0843.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0844.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0846.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0847.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0849.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2553.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"java-1_6_0-ibm-1.6.0_sr8.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"java-1_6_0-ibm-fonts-1.6.0_sr8.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"java-1_6_0-ibm-jdbc-1.6.0_sr8.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0_sr8.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr8.0-0.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:07:43", "description": "Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2010-0084, CVE-2010-0085,\nCVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090,\nCVE-2010-0091, CVE-2010-0092, CVE-2010-0094, CVE-2010-0095,\nCVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840,\nCVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844,\nCVE-2010-0846, CVE-2010-0848, CVE-2010-0849)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR8 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.", "edition": 30, "published": "2010-05-11T00:00:00", "title": "RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2010:0383)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0090", "CVE-2010-0843", "CVE-2010-0084"], "modified": "2010-05-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5.4", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm"], "id": "REDHAT-RHSA-2010-0383.NASL", "href": "https://www.tenable.com/plugins/nessus/46304", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0383. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46304);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0090\", \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\");\n script_bugtraq_id(39062, 39065, 39067, 39068, 39069, 39070, 39072, 39073, 39075, 39077, 39078, 39081, 39083, 39084, 39086, 39090, 39091, 39093, 39094, 39095, 39096);\n script_xref(name:\"RHSA\", value:\"2010:0383\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2010:0383)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2010-0084, CVE-2010-0085,\nCVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090,\nCVE-2010-0091, CVE-2010-0092, CVE-2010-0094, CVE-2010-0095,\nCVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840,\nCVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844,\nCVE-2010-0846, CVE-2010-0848, CVE-2010-0849)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR8 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0849\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0383\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0383\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-1.6.0.8-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-demo-1.6.0.8-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-devel-1.6.0.8-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.8-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.8-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.8-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.8-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-plugin-1.6.0.8-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-src-1.6.0.8-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-1.6.0.8-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.8-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.8-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.8-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-demo-1.6.0.8-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-devel-1.6.0.8-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.8-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.8-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.8-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.8-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-plugin-1.6.0.8-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-src-1.6.0.8-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:07:49", "description": "Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Network Satellite Server 5.3.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThis update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite\nServer 5.3. In a typical operating environment, these are of low\nsecurity risk as the runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,\nCVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,\nCVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,\nCVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842,\nCVE-2010-0843, CVE-2010-0844, CVE-2010-0846, CVE-2010-0848,\nCVE-2010-0849)\n\nUsers of Red Hat Network Satellite Server 5.3 are advised to upgrade\nto these updated java-1.6.0-ibm packages, which resolve these issues.\nFor this update to take effect, Red Hat Network Satellite Server must\nbe restarted ('/usr/sbin/rhn-satellite restart'), as well as all\nrunning instances of IBM Java.", "edition": 29, "published": "2010-06-15T00:00:00", "title": "RHEL 4 / 5 : IBM Java Runtime in Satellite Server (RHSA-2010:0471)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0090", "CVE-2010-0843", "CVE-2010-0084"], "modified": "2010-06-15T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm"], "id": "REDHAT-RHSA-2010-0471.NASL", "href": "https://www.tenable.com/plugins/nessus/47017", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0471. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47017);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0090\", \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\");\n script_bugtraq_id(39062, 39065, 39067, 39068, 39069, 39070, 39072, 39073, 39075, 39077, 39078, 39081, 39083, 39084, 39086, 39090, 39091, 39093, 39094, 39095, 39096);\n script_xref(name:\"RHSA\", value:\"2010:0471\");\n\n script_name(english:\"RHEL 4 / 5 : IBM Java Runtime in Satellite Server (RHSA-2010:0471)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Network Satellite Server 5.3.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThis update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite\nServer 5.3. In a typical operating environment, these are of low\nsecurity risk as the runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,\nCVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,\nCVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,\nCVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842,\nCVE-2010-0843, CVE-2010-0844, CVE-2010-0846, CVE-2010-0848,\nCVE-2010-0849)\n\nUsers of Red Hat Network Satellite Server 5.3 are advised to upgrade\nto these updated java-1.6.0-ibm packages, which resolve these issues.\nFor this update to take effect, Red Hat Network Satellite Server must\nbe restarted ('/usr/sbin/rhn-satellite restart'), as well as all\nrunning instances of IBM Java.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0471\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected java-1.6.0-ibm and / or java-1.6.0-ibm-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0471\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"spacewalk-admin-\") || rpm_exists(release:\"RHEL5\", rpm:\"spacewalk-admin-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-1.6.0.8-1jpp.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-devel-1.6.0.8-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-1.6.0.8-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-1.6.0.8-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-1.6.0.8-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-devel-1.6.0.8-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-devel-1.6.0.8-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-devel-1.6.0.8-1jpp.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-devel\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:44:39", "description": "This update of IBM Java 1.5.0 to SR11 FP2 to fixes the following\nsecurity issues :\n\n - Various unspecified and undocumented vulnerabilities\n that allows remote attackers to affect confidentiality,\n integrity and availability via various unknown vectors.\n (CVE-2010-0084 / CVE-2010-0085 / CVE-2010-0087 /\n CVE-2010-0088 / CVE-2010-0089 / CVE-2010-0091 /\n CVE-2010-0092 / CVE-2010-0095 / CVE-2010-0837 /\n CVE-2010-0839)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18 and 5.0 Update 23 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is due to missing privilege checks during\n deserialization of RMIConnectionImpl objects, which\n allows remote attackers to call system-level Java\n functions via the class loader of a constructor that is\n being deserialized. (CVE-2010-0094)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. NOTE: the previous information was obtained\n from the March 2010 CPU. Oracle has not commented on\n claims from a reliable researcher that this is a\n stack-based buffer overflow using an untrusted size\n value in the readMabCurveData function in the CMM module\n of the JVM. (CVE-2010-0838)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to improper checks when executing\n privileged methods in the Java Runtime Environment\n (JRE), which allows attackers to execute arbitrary code\n via (1) an untrusted object that extends the trusted\n class but has not modified a certain method, or (2) 'a\n similar trust issue with interfaces,' aka 'Trusted\n Methods Chaining Remote Code Execution Vulnerability.'.\n (CVE-2010-0840)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, and 1.4.2_25 allows remote attackers to\n affect confidentiality, integrity, and availability via\n unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an integer overflow in the Java Runtime Environment\n that allows remote attackers to execute arbitrary code\n via a JPEG image that contains subsample dimensions with\n large values, related to JPEGImageReader and 'stepX'.\n (CVE-2010-0841)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an uncontrolled array index that allows remote\n attackers to execute arbitrary code via a MIDI file with\n a crafted MixerSequencer object, related to the GM_Song\n structure. (CVE-2010-0842)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is related to XNewPtr and improper handling of an\n integer parameter when allocating heap memory in the\n com.sun.media.sound libraries, which allows remote\n attackers to execute arbitrary code. (CVE-2010-0843)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is for improper parsing of a crafted MIDI stream when\n creating a MixerSequencer object, which causes a pointer\n to be corrupted and allows a NULL byte to be written to\n arbitrary memory. (CVE-2010-0844)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n remote attackers to execute arbitrary code, related to\n an 'invalid assignment' and inconsistent length values\n in a JPEG image encoder (JPEGImageEncoderImpl).\n (CVE-2010-0846)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n arbitrary code execution via a crafted image.\n (CVE-2010-0847)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0848)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow in a decoding\n routine used by the JPEGImageDecoderImpl interface,\n which allows code execution via a crafted JPEG image.\n (CVE-2010-0849)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly\n earlier, as used in Microsoft Internet Information\n Services (IIS) 7.0, mod_ssl in the Apache HTTP Server\n 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5\n and earlier, Mozilla Network Security Services (NSS)\n 3.12.4 and earlier, multiple Cisco products, and other\n products, does not properly associate renegotiation\n handshakes with an existing connection, which allows\n man-in-the-middle attackers to insert data into HTTPS\n sessions, and possibly other types of sessions protected\n by TLS or SSL, by sending an unauthenticated request\n that is processed retroactively by a server in a\n post-renegotiation context, related to a 'plaintext\n injection' attack, aka the 'Project Mogul' issue.\n (CVE-2009-3555). (CVE-2009-3555)\n\nThis update of IBM Java 1.5.0 to SR11 FP2 brings various bug and lots\nof security fixes.\n\nThe following security issues were fixed: CVE-2010-0084: Unspecified\nvulnerability in the Java Runtime Environment component in Oracle Java\nSE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25\nallows remote attackers to affect confidentiality via unknown vectors.\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0085)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0087)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0088)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect availability via unknown\n vectors. (CVE-2010-0089)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0091)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, and 5.0 Update 23 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0092)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly\n earlier, as used in Microsoft Internet Information\n Services (IIS) 7.0, mod_ssl in the Apache HTTP Server\n 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5\n and earlier, Mozilla Network Security Services (NSS)\n 3.12.4 and earlier, multiple Cisco products, and other\n products, does not properly associate renegotiation\n handshakes with an existing connection, which allows\n man-in-the-middle attackers to insert data into HTTPS\n sessions, and possibly other types of sessions protected\n by TLS or SSL, by sending an unauthenticated request\n that is processed retroactively by a server in a\n post-renegotiation context, related to a 'plaintext\n injection' attack, aka the 'Project Mogul' issue.\n (CVE-2009-3555)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18 and 5.0 Update 23 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is due to missing privilege checks during\n deserialization of RMIConnectionImpl objects, which\n allows remote attackers to call system-level Java\n functions via the ClassLoader of a constructor that is\n being deserialized. (CVE-2010-0094)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. (CVE-2010-0095)\n\n - Unspecified vulnerability in the Pack200 component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0837)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. NOTE: the previous information was obtained\n from the March 2010 CPU. Oracle has not commented on\n claims from a reliable researcher that this is a\n stack-based buffer overflow using an untrusted size\n value in the readMabCurveData function in the CMM module\n in the JVM. (CVE-2010-0838)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.127 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. (CVE-2010-0839)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to improper checks when executing\n privileged methods in the Java Runtime Environment\n (JRE), which allows attackers to execute arbitrary code\n via (1) an untrusted object that extends the trusted\n class but has not modified a certain method, or (2) 'a\n similar trust issue with interfaces,' aka 'Trusted\n Methods Chaining Remote Code Execution Vulnerability.'.\n (CVE-2010-0840)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, and 1.4.2_25 allows remote attackers to\n affect confidentiality, integrity, and availability via\n unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an integer overflow in the Java Runtime Environment\n that allows remote attackers to execute arbitrary code\n via a JPEG image that contains subsample dimensions with\n large values, related to JPEGImageReader and 'stepX'.\n (CVE-2010-0841)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.127 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an uncontrolled array index that allows remote\n attackers to execute arbitrary code via a MIDI file with\n a crafted MixerSequencer object, related to the GM_Song\n structure. (CVE-2010-0842)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.127 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is related to XNewPtr and improper handling of an\n integer parameter when allocating heap memory in the\n com.sun.media.sound libraries, which allows remote\n attackers to execute arbitrary code. (CVE-2010-0843)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.127 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is for improper parsing of a crafted MIDI stream when\n creating a MixerSequencer object, which causes a pointer\n to be corrupted and allows a NULL byte to be written to\n arbitrary memory. (CVE-2010-0844)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n remote attackers to execute arbitrary code, related to\n an 'invalid assignment' and inconsistent length values\n in a JPEG image encoder (JPEGImageEncoderImpl).\n (CVE-2010-0846)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n arbitrary code execution via a crafted image.\n (CVE-2010-0847)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0848)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow in a decoding\n routine used by the JPEGImageDecoderImpl interface,\n which allows code execution via a crafted JPEG image.\n (CVE-2010-0849)", "edition": 24, "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 7077)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0843", "CVE-2010-0084"], "modified": "2010-10-11T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_5_0-IBM-7077.NASL", "href": "https://www.tenable.com/plugins/nessus/49864", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49864);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\", \"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 7077)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of IBM Java 1.5.0 to SR11 FP2 to fixes the following\nsecurity issues :\n\n - Various unspecified and undocumented vulnerabilities\n that allows remote attackers to affect confidentiality,\n integrity and availability via various unknown vectors.\n (CVE-2010-0084 / CVE-2010-0085 / CVE-2010-0087 /\n CVE-2010-0088 / CVE-2010-0089 / CVE-2010-0091 /\n CVE-2010-0092 / CVE-2010-0095 / CVE-2010-0837 /\n CVE-2010-0839)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18 and 5.0 Update 23 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is due to missing privilege checks during\n deserialization of RMIConnectionImpl objects, which\n allows remote attackers to call system-level Java\n functions via the class loader of a constructor that is\n being deserialized. (CVE-2010-0094)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. NOTE: the previous information was obtained\n from the March 2010 CPU. Oracle has not commented on\n claims from a reliable researcher that this is a\n stack-based buffer overflow using an untrusted size\n value in the readMabCurveData function in the CMM module\n of the JVM. (CVE-2010-0838)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to improper checks when executing\n privileged methods in the Java Runtime Environment\n (JRE), which allows attackers to execute arbitrary code\n via (1) an untrusted object that extends the trusted\n class but has not modified a certain method, or (2) 'a\n similar trust issue with interfaces,' aka 'Trusted\n Methods Chaining Remote Code Execution Vulnerability.'.\n (CVE-2010-0840)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, and 1.4.2_25 allows remote attackers to\n affect confidentiality, integrity, and availability via\n unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an integer overflow in the Java Runtime Environment\n that allows remote attackers to execute arbitrary code\n via a JPEG image that contains subsample dimensions with\n large values, related to JPEGImageReader and 'stepX'.\n (CVE-2010-0841)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an uncontrolled array index that allows remote\n attackers to execute arbitrary code via a MIDI file with\n a crafted MixerSequencer object, related to the GM_Song\n structure. (CVE-2010-0842)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is related to XNewPtr and improper handling of an\n integer parameter when allocating heap memory in the\n com.sun.media.sound libraries, which allows remote\n attackers to execute arbitrary code. (CVE-2010-0843)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is for improper parsing of a crafted MIDI stream when\n creating a MixerSequencer object, which causes a pointer\n to be corrupted and allows a NULL byte to be written to\n arbitrary memory. (CVE-2010-0844)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n remote attackers to execute arbitrary code, related to\n an 'invalid assignment' and inconsistent length values\n in a JPEG image encoder (JPEGImageEncoderImpl).\n (CVE-2010-0846)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n arbitrary code execution via a crafted image.\n (CVE-2010-0847)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0848)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow in a decoding\n routine used by the JPEGImageDecoderImpl interface,\n which allows code execution via a crafted JPEG image.\n (CVE-2010-0849)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly\n earlier, as used in Microsoft Internet Information\n Services (IIS) 7.0, mod_ssl in the Apache HTTP Server\n 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5\n and earlier, Mozilla Network Security Services (NSS)\n 3.12.4 and earlier, multiple Cisco products, and other\n products, does not properly associate renegotiation\n handshakes with an existing connection, which allows\n man-in-the-middle attackers to insert data into HTTPS\n sessions, and possibly other types of sessions protected\n by TLS or SSL, by sending an unauthenticated request\n that is processed retroactively by a server in a\n post-renegotiation context, related to a 'plaintext\n injection' attack, aka the 'Project Mogul' issue.\n (CVE-2009-3555). (CVE-2009-3555)\n\nThis update of IBM Java 1.5.0 to SR11 FP2 brings various bug and lots\nof security fixes.\n\nThe following security issues were fixed: CVE-2010-0084: Unspecified\nvulnerability in the Java Runtime Environment component in Oracle Java\nSE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25\nallows remote attackers to affect confidentiality via unknown vectors.\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0085)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0087)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0088)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect availability via unknown\n vectors. (CVE-2010-0089)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0091)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, and 5.0 Update 23 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0092)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly\n earlier, as used in Microsoft Internet Information\n Services (IIS) 7.0, mod_ssl in the Apache HTTP Server\n 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5\n and earlier, Mozilla Network Security Services (NSS)\n 3.12.4 and earlier, multiple Cisco products, and other\n products, does not properly associate renegotiation\n handshakes with an existing connection, which allows\n man-in-the-middle attackers to insert data into HTTPS\n sessions, and possibly other types of sessions protected\n by TLS or SSL, by sending an unauthenticated request\n that is processed retroactively by a server in a\n post-renegotiation context, related to a 'plaintext\n injection' attack, aka the 'Project Mogul' issue.\n (CVE-2009-3555)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18 and 5.0 Update 23 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is due to missing privilege checks during\n deserialization of RMIConnectionImpl objects, which\n allows remote attackers to call system-level Java\n functions via the ClassLoader of a constructor that is\n being deserialized. (CVE-2010-0094)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. (CVE-2010-0095)\n\n - Unspecified vulnerability in the Pack200 component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0837)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. NOTE: the previous information was obtained\n from the March 2010 CPU. Oracle has not commented on\n claims from a reliable researcher that this is a\n stack-based buffer overflow using an untrusted size\n value in the readMabCurveData function in the CMM module\n in the JVM. (CVE-2010-0838)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.127 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. (CVE-2010-0839)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to improper checks when executing\n privileged methods in the Java Runtime Environment\n (JRE), which allows attackers to execute arbitrary code\n via (1) an untrusted object that extends the trusted\n class but has not modified a certain method, or (2) 'a\n similar trust issue with interfaces,' aka 'Trusted\n Methods Chaining Remote Code Execution Vulnerability.'.\n (CVE-2010-0840)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, and 1.4.2_25 allows remote attackers to\n affect confidentiality, integrity, and availability via\n unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an integer overflow in the Java Runtime Environment\n that allows remote attackers to execute arbitrary code\n via a JPEG image that contains subsample dimensions with\n large values, related to JPEGImageReader and 'stepX'.\n (CVE-2010-0841)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.127 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an uncontrolled array index that allows remote\n attackers to execute arbitrary code via a MIDI file with\n a crafted MixerSequencer object, related to the GM_Song\n structure. (CVE-2010-0842)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.127 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is related to XNewPtr and improper handling of an\n integer parameter when allocating heap memory in the\n com.sun.media.sound libraries, which allows remote\n attackers to execute arbitrary code. (CVE-2010-0843)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.127 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is for improper parsing of a crafted MIDI stream when\n creating a MixerSequencer object, which causes a pointer\n to be corrupted and allows a NULL byte to be written to\n arbitrary memory. (CVE-2010-0844)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n remote attackers to execute arbitrary code, related to\n an 'invalid assignment' and inconsistent length values\n in a JPEG image encoder (JPEGImageEncoderImpl).\n (CVE-2010-0846)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n arbitrary code execution via a crafted image.\n (CVE-2010-0847)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0848)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow in a decoding\n routine used by the JPEGImageDecoderImpl interface,\n which allows code execution via a crafted JPEG image.\n (CVE-2010-0849)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3555.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0084.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0087.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0088.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0091.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0092.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0837.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0839.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0841.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0843.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0844.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0846.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0847.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0849.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7077.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-demo-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-devel-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-src-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_5_0-ibm-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_5_0-ibm-devel-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr11.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr11.2-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:02:31", "description": "This update of IBM Java 1.5.0 to SR11 FP2 to fixes the following\nsecurity issues :\n\n - Various unspecified and undocumented vulnerabilities\n that allows remote attackers to affect confidentiality,\n integrity and availability via various unknown vectors.\n (CVE-2010-0084, CVE-2010-0085, CVE-2010-0087,\n CVE-2010-0088, CVE-2010-0089, CVE-2010-0091,\n CVE-2010-0092, CVE-2010-0095, CVE-2010-0837,\n CVE-2010-0839)\n\n - Unspecified vulnerability that allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is due to missing privilege checks during\n deserialization of RMIConnectionImpl objects, which\n allows remote attackers to call system-level Java\n functions via the class loader of a constructor that is\n being deserialized. (CVE-2010-0094)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. NOTE: the previous information was obtained\n from the March 2010 CPU. Oracle has not commented on\n claims from a reliable researcher that this is a\n stack-based buffer overflow using an untrusted size\n value in the readMabCurveData function in the CMM module\n of the JVM. (CVE-2010-0838)\n\n - Unspecified vulnerability that allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is related to improper checks when executing privileged\n methods in the Java Runtime Environment (JRE), which\n allows attackers to execute arbitrary code via (1) an\n untrusted object that extends the trusted class but has\n not modified a certain method, or (2) 'a similar trust\n issue with interfaces,' aka 'Trusted Methods Chaining\n Remote Code Execution Vulnerability.'. (CVE-2010-0840)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, and 1.4.2_25 allows remote attackers to\n affect confidentiality, integrity, and availability via\n unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an integer overflow in the Java Runtime Environment\n that allows remote attackers to execute arbitrary code\n via a JPEG image that contains subsample dimensions with\n large values, related to JPEGImageReader and 'stepX'.\n (CVE-2010-0841)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an uncontrolled array index that allows remote\n attackers to execute arbitrary code via a MIDI file with\n a crafted MixerSequencer object, related to the GM_Song\n structure. (CVE-2010-0842)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is related to XNewPtr and improper handling of an\n integer parameter when allocating heap memory in the\n com.sun.media.sound libraries, which allows remote\n attackers to execute arbitrary code. (CVE-2010-0843)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is for improper parsing of a crafted MIDI stream when\n creating a MixerSequencer object, which causes a pointer\n to be corrupted and allows a NULL byte to be written to\n arbitrary memory. (CVE-2010-0844)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n remote attackers to execute arbitrary code, related to\n an 'invalid assignment' and inconsistent length values\n in a JPEG image encoder (JPEGImageEncoderImpl).\n (CVE-2010-0846)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n arbitrary code execution via a crafted image.\n (CVE-2010-0847)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0848)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow in a decoding\n routine used by the JPEGImageDecoderImpl interface,\n which allows code execution via a crafted JPEG image.\n (CVE-2010-0849)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly\n earlier, as used in Microsoft Internet Information\n Services (IIS) 7.0, mod_ssl in the Apache HTTP Server\n 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5\n and earlier, Mozilla Network Security Services (NSS)\n 3.12.4 and earlier, multiple Cisco products, and other\n products, does not properly associate renegotiation\n handshakes with an existing connection, which allows\n man-in-the-middle attackers to insert data into HTTPS\n sessions, and possibly other types of sessions protected\n by TLS or SSL, by sending an unauthenticated request\n that is processed retroactively by a server in a\n post-renegotiation context, related to a 'plaintext\n injection' attack, aka the 'Project Mogul' issue.\n (CVE-2009-3555)", "edition": 24, "published": "2010-07-07T00:00:00", "title": "SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12623)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0843", "CVE-2010-0084"], "modified": "2010-07-07T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12623.NASL", "href": "https://www.tenable.com/plugins/nessus/47617", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47617);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\", \"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\");\n\n script_name(english:\"SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12623)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of IBM Java 1.5.0 to SR11 FP2 to fixes the following\nsecurity issues :\n\n - Various unspecified and undocumented vulnerabilities\n that allows remote attackers to affect confidentiality,\n integrity and availability via various unknown vectors.\n (CVE-2010-0084, CVE-2010-0085, CVE-2010-0087,\n CVE-2010-0088, CVE-2010-0089, CVE-2010-0091,\n CVE-2010-0092, CVE-2010-0095, CVE-2010-0837,\n CVE-2010-0839)\n\n - Unspecified vulnerability that allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is due to missing privilege checks during\n deserialization of RMIConnectionImpl objects, which\n allows remote attackers to call system-level Java\n functions via the class loader of a constructor that is\n being deserialized. (CVE-2010-0094)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0,\n Update, and 23 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. NOTE: the previous information was obtained\n from the March 2010 CPU. Oracle has not commented on\n claims from a reliable researcher that this is a\n stack-based buffer overflow using an untrusted size\n value in the readMabCurveData function in the CMM module\n of the JVM. (CVE-2010-0838)\n\n - Unspecified vulnerability that allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is related to improper checks when executing privileged\n methods in the Java Runtime Environment (JRE), which\n allows attackers to execute arbitrary code via (1) an\n untrusted object that extends the trusted class but has\n not modified a certain method, or (2) 'a similar trust\n issue with interfaces,' aka 'Trusted Methods Chaining\n Remote Code Execution Vulnerability.'. (CVE-2010-0840)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, and 1.4.2_25 allows remote attackers to\n affect confidentiality, integrity, and availability via\n unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an integer overflow in the Java Runtime Environment\n that allows remote attackers to execute arbitrary code\n via a JPEG image that contains subsample dimensions with\n large values, related to JPEGImageReader and 'stepX'.\n (CVE-2010-0841)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an uncontrolled array index that allows remote\n attackers to execute arbitrary code via a MIDI file with\n a crafted MixerSequencer object, related to the GM_Song\n structure. (CVE-2010-0842)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is related to XNewPtr and improper handling of an\n integer parameter when allocating heap memory in the\n com.sun.media.sound libraries, which allows remote\n attackers to execute arbitrary code. (CVE-2010-0843)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.225, and 1.3.1 27 allows remote attackers\n to affect confidentiality, integrity, and availability\n via unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is for improper parsing of a crafted MIDI stream when\n creating a MixerSequencer object, which causes a pointer\n to be corrupted and allows a NULL byte to be written to\n arbitrary memory. (CVE-2010-0844)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n remote attackers to execute arbitrary code, related to\n an 'invalid assignment' and inconsistent length values\n in a JPEG image encoder (JPEGImageEncoderImpl).\n (CVE-2010-0846)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n arbitrary code execution via a crafted image.\n (CVE-2010-0847)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0848)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow in a decoding\n routine used by the JPEGImageDecoderImpl interface,\n which allows code execution via a crafted JPEG image.\n (CVE-2010-0849)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly\n earlier, as used in Microsoft Internet Information\n Services (IIS) 7.0, mod_ssl in the Apache HTTP Server\n 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5\n and earlier, Mozilla Network Security Services (NSS)\n 3.12.4 and earlier, multiple Cisco products, and other\n products, does not properly associate renegotiation\n handshakes with an existing connection, which allows\n man-in-the-middle attackers to insert data into HTTPS\n sessions, and possibly other types of sessions protected\n by TLS or SSL, by sending an unauthenticated request\n that is processed retroactively by a server in a\n post-renegotiation context, related to a 'plaintext\n injection' attack, aka the 'Project Mogul' issue.\n (CVE-2009-3555)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3555.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0084.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0087.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0088.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0091.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0092.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0837.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0839.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0841.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0843.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0844.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0846.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0847.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0849.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12623.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"IBMJava5-JRE-1.5.0_sr11.2-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"IBMJava5-SDK-1.5.0_sr11.2-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"IBMJava5-JRE-1.5.0_sr11.2-0.6\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"IBMJava5-SDK-1.5.0_sr11.2-0.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:02:31", "description": "This update brings IBM Java 1.4.2 to SR13 FP5, fixing various bugs and\nsecurity issues :\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0084)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0085)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0087)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0088)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect availability via unknown\n vectors. (CVE-2010-0089)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0091)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. (CVE-2010-0095)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0839)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to improper checks when executing\n privileged methods in the Java Runtime Environment\n (JRE), which allows attackers to execute arbitrary code\n via (1) an untrusted object that extends the trusted\n class but has not modified a certain method, or (2) 'a\n similar trust issue with interfaces,' aka 'Trusted\n Methods Chaining Remote Code Execution Vulnerability.'.\n (CVE-2010-0840)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, and 1.4.2_25 allows remote attackers to\n affect confidentiality, integrity, and availability via\n unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an integer overflow in the Java Runtime Environment\n that allows remote attackers to execute arbitrary code\n via a JPEG image that contains subsample dimensions with\n large values, related to JPEGImageReader and 'stepX'.\n (CVE-2010-0841)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is an uncontrolled array index that allows\n remote attackers to execute arbitrary code via a MIDI\n file with a crafted MixerSequencer object, related to\n the GM_Song structure. (CVE-2010-0842)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to XNewPtr and improper handling of\n an integer parameter when allocating heap memory in the\n com.sun.media.sound libraries, which allows remote\n attackers to execute arbitrary code. (CVE-2010-0843)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is for improper parsing of a crafted MIDI\n stream when creating a MixerSequencer object, which\n causes a pointer to be corrupted and allows a NULL byte\n to be written to arbitrary memory. (CVE-2010-0844)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n remote attackers to execute arbitrary code, related to\n an 'invalid assignment' and inconsistent length values\n in a JPEG image encoder (JPEGImageEncoderImpl).\n (CVE-2010-0846)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n arbitrary code execution via a crafted image.\n (CVE-2010-0847)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0848)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow in a decoding\n routine used by the JPEGImageDecoderImpl interface,\n which allows code execution via a crafted JPEG image.\n (CVE-2010-0849)", "edition": 24, "published": "2010-09-03T00:00:00", "title": "SuSE9 Security Update : IBM Java (YOU Patch Number 12626)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0848", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0843", "CVE-2010-0084"], "modified": "2010-09-03T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12626.NASL", "href": "https://www.tenable.com/plugins/nessus/49101", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49101);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0091\", \"CVE-2010-0095\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\");\n\n script_name(english:\"SuSE9 Security Update : IBM Java (YOU Patch Number 12626)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings IBM Java 1.4.2 to SR13 FP5, fixing various bugs and\nsecurity issues :\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0084)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0085)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0087)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0088)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect availability via unknown\n vectors. (CVE-2010-0089)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0091)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. (CVE-2010-0095)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0839)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to improper checks when executing\n privileged methods in the Java Runtime Environment\n (JRE), which allows attackers to execute arbitrary code\n via (1) an untrusted object that extends the trusted\n class but has not modified a certain method, or (2) 'a\n similar trust issue with interfaces,' aka 'Trusted\n Methods Chaining Remote Code Execution Vulnerability.'.\n (CVE-2010-0840)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, and 1.4.2_25 allows remote attackers to\n affect confidentiality, integrity, and availability via\n unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an integer overflow in the Java Runtime Environment\n that allows remote attackers to execute arbitrary code\n via a JPEG image that contains subsample dimensions with\n large values, related to JPEGImageReader and 'stepX'.\n (CVE-2010-0841)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is an uncontrolled array index that allows\n remote attackers to execute arbitrary code via a MIDI\n file with a crafted MixerSequencer object, related to\n the GM_Song structure. (CVE-2010-0842)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to XNewPtr and improper handling of\n an integer parameter when allocating heap memory in the\n com.sun.media.sound libraries, which allows remote\n attackers to execute arbitrary code. (CVE-2010-0843)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is for improper parsing of a crafted MIDI\n stream when creating a MixerSequencer object, which\n causes a pointer to be corrupted and allows a NULL byte\n to be written to arbitrary memory. (CVE-2010-0844)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n remote attackers to execute arbitrary code, related to\n an 'invalid assignment' and inconsistent length values\n in a JPEG image encoder (JPEGImageEncoderImpl).\n (CVE-2010-0846)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n arbitrary code execution via a crafted image.\n (CVE-2010-0847)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0848)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow in a decoding\n routine used by the JPEGImageDecoderImpl interface,\n which allows code execution via a crafted JPEG image.\n (CVE-2010-0849)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0084.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0087.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0088.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0091.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0839.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0841.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0843.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0844.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0846.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0847.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0849.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12626.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"IBMJava2-JRE-1.4.2_sr13.5-0.7\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"IBMJava2-SDK-1.4.2_sr13.5-0.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:44:20", "description": "This update brings IBM Java 1.4.2 to SR13 FP5, fixing various bugs and", "edition": 19, "published": "2010-10-11T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7106)", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0848", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0843", "CVE-2010-0084"], "cpe": ["cpe:/o:suse:suse_linux"], "modified": "2010-10-11T00:00:00", "id": "SUSE_JAVA-1_4_2-IBM-7106.NASL", "href": "https://www.tenable.com/plugins/nessus/49862", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49862);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0091\", \"CVE-2010-0095\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7106)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"This update brings IBM Java 1.4.2 to SR13 FP5, fixing various bugs and\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0084.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0087.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0088.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0091.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0839.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0841.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0843.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0844.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0846.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0847.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0849.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7106.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_4_2-ibm-1.4.2_sr13.5-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_4_2-ibm-devel-1.4.2_sr13.5-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.5-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13.5-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:10:59", "description": "This update brings IBM Java 1.4.2 to SR13 FP5, fixing various bugs and\nsecurity issues :\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0084)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0085)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0087)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0088)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect availability via unknown\n vectors. (CVE-2010-0089)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0091)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. (CVE-2010-0095)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0839)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to improper checks when executing\n privileged methods in the Java Runtime Environment\n (JRE), which allows attackers to execute arbitrary code\n via (1) an untrusted object that extends the trusted\n class but has not modified a certain method, or (2) 'a\n similar trust issue with interfaces,' aka 'Trusted\n Methods Chaining Remote Code Execution Vulnerability.'.\n (CVE-2010-0840)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, and 1.4.2_25 allows remote attackers to\n affect confidentiality, integrity, and availability via\n unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an integer overflow in the Java Runtime Environment\n that allows remote attackers to execute arbitrary code\n via a JPEG image that contains subsample dimensions with\n large values, related to JPEGImageReader and 'stepX'.\n (CVE-2010-0841)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is an uncontrolled array index that allows\n remote attackers to execute arbitrary code via a MIDI\n file with a crafted MixerSequencer object, related to\n the GM_Song structure. (CVE-2010-0842)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to XNewPtr and improper handling of\n an integer parameter when allocating heap memory in the\n com.sun.media.sound libraries, which allows remote\n attackers to execute arbitrary code. (CVE-2010-0843)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is for improper parsing of a crafted MIDI\n stream when creating a MixerSequencer object, which\n causes a pointer to be corrupted and allows a NULL byte\n to be written to arbitrary memory. (CVE-2010-0844)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n remote attackers to execute arbitrary code, related to\n an 'invalid assignment' and inconsistent length values\n in a JPEG image encoder (JPEGImageEncoderImpl).\n (CVE-2010-0846)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n arbitrary code execution via a crafted image.\n (CVE-2010-0847)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0848)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow in a decoding\n routine used by the JPEGImageDecoderImpl interface,\n which allows code execution via a crafted JPEG image.\n (CVE-2010-0849)", "edition": 24, "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : IBM Java / Java (SAT Patch Numbers 2812 / 2813)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0848", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0843", "CVE-2010-0084"], "modified": "2010-12-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-plugin", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm"], "id": "SUSE_11_JAVA-1_4_2-IBM-100728.NASL", "href": "https://www.tenable.com/plugins/nessus/50915", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50915);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0091\", \"CVE-2010-0095\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : IBM Java / Java (SAT Patch Numbers 2812 / 2813)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings IBM Java 1.4.2 to SR13 FP5, fixing various bugs and\nsecurity issues :\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0084)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0085)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0087)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, 1.4.225, and\n 1.3.127 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors. (CVE-2010-0088)\n\n - Unspecified vulnerability in the Java Web Start, Java\n Plug-in component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect availability via unknown\n vectors. (CVE-2010-0089)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality via unknown\n vectors. (CVE-2010-0091)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. (CVE-2010-0095)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0839)\n\n - Unspecified vulnerability in the Java Runtime\n Environment component in Oracle Java SE and Java for\n Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to improper checks when executing\n privileged methods in the Java Runtime Environment\n (JRE), which allows attackers to execute arbitrary code\n via (1) an untrusted object that extends the trusted\n class but has not modified a certain method, or (2) 'a\n similar trust issue with interfaces,' aka 'Trusted\n Methods Chaining Remote Code Execution Vulnerability.'.\n (CVE-2010-0840)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, and 1.4.2_25 allows remote attackers to\n affect confidentiality, integrity, and availability via\n unknown vectors. NOTE: the previous information was\n obtained from the March 2010 CPU. Oracle has not\n commented on claims from a reliable researcher that this\n is an integer overflow in the Java Runtime Environment\n that allows remote attackers to execute arbitrary code\n via a JPEG image that contains subsample dimensions with\n large values, related to JPEGImageReader and 'stepX'.\n (CVE-2010-0841)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is an uncontrolled array index that allows\n remote attackers to execute arbitrary code via a MIDI\n file with a crafted MixerSequencer object, related to\n the GM_Song structure. (CVE-2010-0842)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is related to XNewPtr and improper handling of\n an integer parameter when allocating heap memory in the\n com.sun.media.sound libraries, which allows remote\n attackers to execute arbitrary code. (CVE-2010-0843)\n\n - Unspecified vulnerability in the Sound component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is for improper parsing of a crafted MIDI\n stream when creating a MixerSequencer object, which\n causes a pointer to be corrupted and allows a NULL byte\n to be written to arbitrary memory. (CVE-2010-0844)\n\n - Unspecified vulnerability in the ImageIO component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n remote attackers to execute arbitrary code, related to\n an 'invalid assignment' and inconsistent length values\n in a JPEG image encoder (JPEGImageEncoderImpl).\n (CVE-2010-0846)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow that allows\n arbitrary code execution via a crafted image.\n (CVE-2010-0847)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. (CVE-2010-0848)\n\n - Unspecified vulnerability in the Java 2D component in\n Oracle Java SE and Java for Business 6 Update 18, 5.0\n Update 23, 1.4.2_25, and 1.3.1_27 allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors. NOTE: the previous\n information was obtained from the March 2010 CPU. Oracle\n has not commented on claims from a reliable researcher\n that this is a heap-based buffer overflow in a decoding\n routine used by the JPEGImageDecoderImpl interface,\n which allows code execution via a crafted JPEG image.\n (CVE-2010-0849)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=594791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0084.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0087.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0088.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0091.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0839.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0841.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0843.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0844.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0846.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0847.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0849.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 2812 / 2813 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_4_2-ibm-1.4.2_sr13.5-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.5-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13.5-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"java-1_4_2-ibm-1.4.2_sr13.5-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.5-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13.5-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:08:05", "description": "Updated java-1.4.2-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 3 Extras, Red Hat\nEnterprise Linux 4 Extras, and Red Hat Enterprise Linux 5\nSupplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IBM 1.4.2 SR13-FP5 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2010-0084, CVE-2010-0085,\nCVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091,\nCVE-2010-0095, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,\nCVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0846,\nCVE-2010-0847, CVE-2010-0848, CVE-2010-0849)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP5 Java release. All\nrunning instances of IBM Java must be restarted for this update to\ntake effect.", "edition": 30, "published": "2010-07-30T00:00:00", "title": "RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2010:0574)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0848", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0843", "CVE-2010-0084"], "modified": "2010-07-30T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-plugin", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-src", "cpe:/o:redhat:enterprise_linux:5.4", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-demo"], "id": "REDHAT-RHSA-2010-0574.NASL", "href": "https://www.tenable.com/plugins/nessus/47905", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0574. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47905);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0091\", \"CVE-2010-0095\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\");\n script_bugtraq_id(39062, 39065, 39067, 39068, 39070, 39071, 39073, 39077, 39078, 39081, 39083, 39084, 39086, 39093, 39094, 39095, 39096);\n script_xref(name:\"RHSA\", value:\"2010:0574\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2010:0574)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.4.2-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 3 Extras, Red Hat\nEnterprise Linux 4 Extras, and Red Hat Enterprise Linux 5\nSupplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IBM 1.4.2 SR13-FP5 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2010-0084, CVE-2010-0085,\nCVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091,\nCVE-2010-0095, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,\nCVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0846,\nCVE-2010-0847, CVE-2010-0848, CVE-2010-0849)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP5 Java release. All\nrunning instances of IBM Java must be restarted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0849\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0574\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0574\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", cpu:\"s390\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.4.2-ibm / java-1.4.2-ibm-demo / java-1.4.2-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:44:45", "description": "CVE-2009-3555 TLS: MITM attacks via session renegotiation\n\nCVE-2010-0082 OpenJDK Loader-constraint table allows arrays instead of\nonly the base-classes (6626217)\n\nCVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic\nProtectionDomains. (6633872)\n\nCVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability\n(6736390)\n\nCVE-2010-0088 OpenJDK Inflater/Deflater clone issues (6745393)\n\nCVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged\ninformation before drop action occurs(6887703)\n\nCVE-2010-0092 OpenJDK AtomicReferenceArray causes SIGSEGV ->\nSEGV_MAPERR error (6888149)\n\nCVE-2010-0093 OpenJDK System.arraycopy unable to reference elements\nbeyond Integer.MAX_VALUE bytes (6892265)\n\nCVE-2010-0094 OpenJDK Deserialization of RMIConnectionImpl objects\nshould enforce stricter checks (6893947)\n\nCVE-2010-0095 OpenJDK Subclasses of InetAddress may incorrectly\ninterpret network addresses (6893954)\n\nCVE-2010-0845 OpenJDK No ClassCastException for HashAttributeSet\nconstructors if run with -Xcomp (6894807)\n\nCVE-2010-0838 OpenJDK CMM readMabCurveData Buffer Overflow\nVulnerability (6899653)\n\nCVE-2010-0837 OpenJDK JAR 'unpack200' must verify input parameters\n(6902299)\n\nCVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege\nEscalation Vulnerability (6904691)\n\nCVE-2010-0841 OpenJDK JPEGImageReader stepX Integer Overflow\nVulnerability (6909597)\n\nCVE-2010-0848 OpenJDK AWT Library Invalid Index Vulnerability\n(6914823)\n\nCVE-2010-0847 OpenJDK ImagingLib arbitrary code execution\nvulnerability (6914866)\n\nCVE-2010-0846 JDK unspecified vulnerability in ImageIO component\n\nCVE-2010-0849 JDK unspecified vulnerability in Java2D component\n\nCVE-2010-0087 JDK unspecified vulnerability in JWS/Plugin component\n\nCVE-2010-0839 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 JDK multiple\nunspecified vulnerabilities\n\nCVE-2010-0090 JDK unspecified vulnerability in JavaWS/Plugin component\n\nCVE-2010-0089 JDK unspecified vulnerability in JavaWS/Plugin component\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. Further\ninformation about these flaws can be found on the 'Oracle Java SE and\nJava for Business Critical Patch Update Advisory' page, listed in the\nReferences section. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,\n\nCVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089,\n\nCVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093,\n\nCVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,\n\nCVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842,\n\nCVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846,\n\nCVE-2010-0847, CVE-2010-0848, CVE-2010-0849)\n\nFor the CVE-2009-3555 issue, this update disables renegotiation in the\nJava Secure Socket Extension (JSSE) component. Unsafe renegotiation\ncan be re-enabled using the sun.security.ssl.allowUnsafeRenegotiation\nproperty.\n\nAll running instances of Sun Java must be restarted for the update to\ntake effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0845", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0090", "CVE-2010-0093", "CVE-2010-0843", "CVE-2010-0084"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100331_JAVA__JDK_1_6_0__ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60777", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60777);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\", \"CVE-2010-0082\", \"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0090\", \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0093\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0845\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\");\n\n script_name(english:\"Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-3555 TLS: MITM attacks via session renegotiation\n\nCVE-2010-0082 OpenJDK Loader-constraint table allows arrays instead of\nonly the base-classes (6626217)\n\nCVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic\nProtectionDomains. (6633872)\n\nCVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability\n(6736390)\n\nCVE-2010-0088 OpenJDK Inflater/Deflater clone issues (6745393)\n\nCVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged\ninformation before drop action occurs(6887703)\n\nCVE-2010-0092 OpenJDK AtomicReferenceArray causes SIGSEGV ->\nSEGV_MAPERR error (6888149)\n\nCVE-2010-0093 OpenJDK System.arraycopy unable to reference elements\nbeyond Integer.MAX_VALUE bytes (6892265)\n\nCVE-2010-0094 OpenJDK Deserialization of RMIConnectionImpl objects\nshould enforce stricter checks (6893947)\n\nCVE-2010-0095 OpenJDK Subclasses of InetAddress may incorrectly\ninterpret network addresses (6893954)\n\nCVE-2010-0845 OpenJDK No ClassCastException for HashAttributeSet\nconstructors if run with -Xcomp (6894807)\n\nCVE-2010-0838 OpenJDK CMM readMabCurveData Buffer Overflow\nVulnerability (6899653)\n\nCVE-2010-0837 OpenJDK JAR 'unpack200' must verify input parameters\n(6902299)\n\nCVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege\nEscalation Vulnerability (6904691)\n\nCVE-2010-0841 OpenJDK JPEGImageReader stepX Integer Overflow\nVulnerability (6909597)\n\nCVE-2010-0848 OpenJDK AWT Library Invalid Index Vulnerability\n(6914823)\n\nCVE-2010-0847 OpenJDK ImagingLib arbitrary code execution\nvulnerability (6914866)\n\nCVE-2010-0846 JDK unspecified vulnerability in ImageIO component\n\nCVE-2010-0849 JDK unspecified vulnerability in Java2D component\n\nCVE-2010-0087 JDK unspecified vulnerability in JWS/Plugin component\n\nCVE-2010-0839 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 JDK multiple\nunspecified vulnerabilities\n\nCVE-2010-0090 JDK unspecified vulnerability in JavaWS/Plugin component\n\nCVE-2010-0089 JDK unspecified vulnerability in JavaWS/Plugin component\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. Further\ninformation about these flaws can be found on the 'Oracle Java SE and\nJava for Business Critical Patch Update Advisory' page, listed in the\nReferences section. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,\n\nCVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089,\n\nCVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093,\n\nCVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,\n\nCVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842,\n\nCVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846,\n\nCVE-2010-0847, CVE-2010-0848, CVE-2010-0849)\n\nFor the CVE-2009-3555 issue, this update disables renegotiation in the\nJava Secure Socket Extension (JSSE) component. Unsafe renegotiation\ncan be re-enabled using the sun.security.ssl.allowUnsafeRenegotiation\nproperty.\n\nAll running instances of Sun Java must be restarted for the update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1004&L=scientific-linux-errata&T=0&P=1274\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?30226ac8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-sun-compat and / or jdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"java-1.6.0-sun-compat-1.6.0.19-1.sl4.jpp\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"jdk-1.6.0_19-fcs\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-sun-compat-1.6.0.19-1.sl5.jpp\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"jdk-1.6.0_19-fcs\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:40:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0845", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0090", "CVE-2010-0093", "CVE-2010-0843", "CVE-2010-0084"], "description": "This host is installed with Sun Java SE and is prone to multiple\n vulnerabilities.", "modified": "2018-12-04T00:00:00", "published": "2010-04-07T00:00:00", "id": "OPENVAS:1361412562310800499", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800499", "type": "openvas", "title": "Oracle Java SE Multiple Vulnerabilities (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_java_se_mult_vuln_win_apr10.nasl 12653 2018-12-04 15:31:25Z cfischer $\n#\n# Oracle Java SE Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800499\");\n script_version(\"$Revision: 12653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 16:31:25 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-07 16:20:50 +0200 (Wed, 07 Apr 2010)\");\n script_cve_id(\"CVE-2009-3555\", \"CVE-2010-0082\", \"CVE-2010-0084\", \"CVE-2010-0085\",\n \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0090\",\n \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0093\", \"CVE-2010-0094\",\n \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\",\n \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\",\n \"CVE-2010-0844\", \"CVE-2010-0845\", \"CVE-2010-0846\", \"CVE-2010-0847\",\n \"CVE-2010-0848\", \"CVE-2010-0849\");\n script_bugtraq_id(36935, 39085, 39093, 39094, 39068, 39081, 39095, 39091, 39096,\n 39090, 39088, 39075, 39086, 39072, 39069, 39070, 39065, 39067,\n 39077, 39083, 39084, 39089, 39062, 39071, 39078, 39073);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Oracle Java SE Multiple Vulnerabilities (Windows)\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/0747\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2010/Mar/1023774.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JDK_or_JRE/Win/installed\");\n\n script_tag(name:\"impact\", value:\"Successful attacks will allow attackers to affect confidentiality, integrity,\n and availability via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Sun Java SE version 6 Update 18, 5.0 Update 23 on Windows.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to memory corruptions, buffer overflows, input\n validation and implementation errors in following components,\n\n - HotSpot Server\n\n - Java Runtime Environment\n\n - Java Web Start\n\n - Java Plug-in\n\n - Java 2D\n\n - Sound and\n\n - imageIO components.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to SE 6 Update 19, JDK and JRE 5.0 Update 24.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Sun Java SE and is prone to multiple\n vulnerabilities.\");\n\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\njdkVer = get_kb_item(\"Sun/Java/JDK/Win/Ver\");\nif(jdkVer)\n{\n if(version_in_range(version:jdkVer, test_version:\"1.6\", test_version2:\"1.6.0.18\") ||\n version_in_range(version:jdkVer, test_version:\"1.5\", test_version2:\"1.5.0.23\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\nif(jreVer)\n{\n if(version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.18\") ||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.23\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-11-13T12:48:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0845", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0090", "CVE-2010-0093", "CVE-2010-0843", "CVE-2010-0084"], "description": "This host is installed with Sun Java SE and is prone to multiple\n vulnerabilities.", "modified": "2017-11-08T00:00:00", "published": "2010-04-07T00:00:00", "id": "OPENVAS:800499", "href": "http://plugins.openvas.org/nasl.php?oid=800499", "type": "openvas", "title": "Oracle Java SE Multiple Vulnerabilities (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_java_se_mult_vuln_win_apr10.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Oracle Java SE Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful attacks will allow attackers to affect confidentiality, integrity,\n and availability via unknown vectors.\n Impact Level: Application\";\ntag_affected = \"Sun Java SE version 6 Update 18, 5.0 Update 23 on Windows.\";\ntag_insight = \"Multiple flaws are due to memory corruptions, buffer overflows, input\n validation and implementation errors in following components,\n - HotSpot Server\n - Java Runtime Environment\n - Java Web Start\n - Java Plug-in\n - Java 2D\n - Sound and\n - imageIO components,\";\ntag_solution = \"Upgrade to SE 6 Update 19, JDK and JRE 5.0 Update 24,\n http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\";\ntag_summary = \"This host is installed with Sun Java SE and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(800499);\n script_version(\"$Revision: 7699 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-07 16:20:50 +0200 (Wed, 07 Apr 2010)\");\n script_cve_id(\"CVE-2009-3555\", \"CVE-2010-0082\", \"CVE-2010-0084\", \"CVE-2010-0085\",\n \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0090\",\n \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0093\", \"CVE-2010-0094\",\n \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\",\n \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\",\n \"CVE-2010-0844\", \"CVE-2010-0845\", \"CVE-2010-0846\", \"CVE-2010-0847\",\n \"CVE-2010-0848\", \"CVE-2010-0849\");\n script_bugtraq_id(36935, 39085, 39093, 39094, 39068, 39081, 39095, 39091, 39096,\n 39090, 39088, 39075, 39086, 39072, 39069, 39070, 39065, 39067,\n 39077, 39083, 39084, 39089, 39062, 39071, 39078, 39073);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Oracle Java SE Multiple Vulnerabilities (Windows)\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/0747\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2010/Mar/1023774.html\");\n script_xref(name : \"URL\" , value : \"http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JDK_or_JRE/Win/installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\n# Get KB for JDK Version On Windows\njdkVer = get_kb_item(\"Sun/Java/JDK/Win/Ver\");\nif(jdkVer)\n{\n # Check for 1.6 < 1.6.0_18 (6 Update 18), 1.5 < 1.5.0_23(5 Update 23)\n if(version_in_range(version:jdkVer, test_version:\"1.6\", test_version2:\"1.6.0.18\") ||\n version_in_range(version:jdkVer, test_version:\"1.5\", test_version2:\"1.5.0.23\")){\n security_message(0);\n exit(0);\n }\n}\n\n# Get KB for JRE Version On Windows\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\nif(jreVer)\n{\n # Check for 1.6 < 1.6.0_18(6 Update 18), 1.5 < 1.6.0_23(6 Update 23)\n if(version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.18\") ||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.23\")){\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0845", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0090", "CVE-2010-0093", "CVE-2010-0843", "CVE-2010-0084"], "description": "This host is installed with Sun Java SE and is prone to multiple\n vulnerabilities.", "modified": "2019-03-19T00:00:00", "published": "2010-04-07T00:00:00", "id": "OPENVAS:1361412562310800500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800500", "type": "openvas", "title": "Oracle Java SE Multiple Vulnerabilities (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_java_se_mult_vuln_lin_apr10.nasl 14331 2019-03-19 14:03:05Z jschulte $\n#\n# Oracle Java SE Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800500\");\n script_version(\"$Revision: 14331 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 15:03:05 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-07 16:20:50 +0200 (Wed, 07 Apr 2010)\");\n script_cve_id(\"CVE-2009-3555\", \"CVE-2010-0082\", \"CVE-2010-0084\", \"CVE-2010-0085\",\n \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0090\",\n \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0093\", \"CVE-2010-0094\",\n \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\",\n \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\",\n \"CVE-2010-0844\", \"CVE-2010-0845\", \"CVE-2010-0846\", \"CVE-2010-0847\",\n \"CVE-2010-0848\", \"CVE-2010-0849\");\n script_bugtraq_id(36935, 39085, 39093, 39094, 39068, 39081, 39095, 39091, 39096,\n 39090, 39088, 39075, 39086, 39072, 39069, 39070, 39065, 39067,\n 39077, 39083, 39084, 39089, 39062, 39071, 39078, 39073);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Oracle Java SE Multiple Vulnerabilities (Linux)\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/0747\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2010/Mar/1023774.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\");\n\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful attacks will allow attackers to affect confidentiality, integrity,\n and availability via unknown vectors.\");\n script_tag(name:\"affected\", value:\"Sun Java SE version 6 Update 18, 5.0 Update 23 on Linux.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to memory corruptions, buffer overflows, input\n validation and implementation errors in following components,\n\n - HotSpot Server,\n\n - Java Runtime Environment,\n\n - Java Web Start,\n\n - Java Plug-in,\n\n - Java 2D,\n\n - Sound and\n\n - imageIO components\");\n script_tag(name:\"solution\", value:\"Upgrade to SE 6 Update 19, JDK and JRE 5.0 Update 24.\");\n script_tag(name:\"summary\", value:\"This host is installed with Sun Java SE and is prone to multiple\n vulnerabilities.\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\njreVer = get_app_version(cpe:\"cpe:/a:sun:jre\");\n\nif(jreVer)\n{\n if(version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.18\") ||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.23\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-17T11:05:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0845", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0093", "CVE-2010-0843", "CVE-2010-0084"], "description": "Check for the Version of Java", "modified": "2018-01-16T00:00:00", "published": "2010-06-07T00:00:00", "id": "OPENVAS:1361412562310835234", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835234", "type": "openvas", "title": "HP-UX Update for Java HPSBUX02524", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02524\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code\n disclosure of information and other vulnerabilities.\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.06 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.19 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.24 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities could allow remote execution of arbitrary code, disclosure \n of information, and other vulnerabilities.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02122104\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835234\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-07 15:46:00 +0200 (Mon, 07 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"02524\");\n script_cve_id(\"CVE-2009-3555\", \"CVE-2010-0082\", \"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0093\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0845\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\");\n script_name(\"HP-UX Update for Java HPSBUX02524\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-20T13:17:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0845", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0093", "CVE-2010-0843", "CVE-2010-0084"], "description": "Check for the Version of Java", "modified": "2017-12-19T00:00:00", "published": "2010-06-07T00:00:00", "id": "OPENVAS:835234", "href": "http://plugins.openvas.org/nasl.php?oid=835234", "type": "openvas", "title": "HP-UX Update for Java HPSBUX02524", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02524\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code\n disclosure of information and other vulnerabilities.\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.06 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.19 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.24 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities could allow remote execution of arbitrary code, disclosure \n of information, and other vulnerabilities.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02122104\");\n script_id(835234);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-07 15:46:00 +0200 (Mon, 07 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"02524\");\n script_cve_id(\"CVE-2009-3555\", \"CVE-2010-0082\", \"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0093\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0845\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\");\n script_name(\"HP-UX Update for Java HPSBUX02524\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.25.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.20.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.07.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.25.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.20.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.07.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.25.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.20.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.07.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0886", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0887", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0845", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0090", "CVE-2010-0093", "CVE-2010-0843", "CVE-2010-0084", "CVE-2010-0850"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201006-18.", "modified": "2019-03-14T00:00:00", "published": "2011-03-09T00:00:00", "id": "OPENVAS:136141256231069021", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069021", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201006-18 (sun-jre-bin sun-jdk emul-linux-x86-java)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201006_18.nasl 14171 2019-03-14 10:22:03Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69021\");\n script_version(\"$Revision: 14171 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 11:22:03 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3555\", \"CVE-2010-0082\", \"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0090\", \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0093\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0845\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\", \"CVE-2010-0850\", \"CVE-2010-0886\", \"CVE-2010-0887\");\n script_name(\"Gentoo Security Advisory GLSA 201006-18 (sun-jre-bin sun-jdk emul-linux-x86-java)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"The Oracle JDK and JRE are vulnerable to multiple unspecified\n vulnerabilities.\");\n script_tag(name:\"solution\", value:\"All Oracle JRE 1.6.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.6.0.20'\n\nAll Oracle JDK 1.6.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.6.0.20'\n\nAll users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to\n the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.6.0.20'\n\nAll Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle\n JRE 1.5.x users are strongly advised to unmerge Java 1.5:\n\n # emerge --unmerge =app-emulation/emul-linux-x86-java-1.5*\n # emerge --unmerge =dev-java/sun-jre-bin-1.5*\n # emerge --unmerge =dev-java/sun-jdk-1.5*\n\nGentoo is ceasing support for the 1.5 generation of the Oracle Java\n Platform in accordance with upstream. All 1.5 JRE versions are masked\n and will be removed shortly. All 1.5 JDK versions are marked as\n 'build-only' and will be masked for removal shortly. Users are advised\n to change their default user and system Java implementation to an\n unaffected version. For example:\n\n # java-config --set-system-vm sun-jdk-1.6\n\nFor more information, please consult the Gentoo Linux Java\n documentation.\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201006-18\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=306579\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=314531\");\n script_xref(name:\"URL\", value:\"http://www.gentoo.org/doc/en/java.xml#doc_chap4\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201006-18.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-java/sun-jre-bin\", unaffected: make_list(\"ge 1.6.0.20\"), vulnerable: make_list(\"lt 1.6.0.20\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"dev-java/sun-jdk\", unaffected: make_list(\"ge 1.6.0.20\"), vulnerable: make_list(\"lt 1.6.0.20\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"app-emulation/emul-linux-x86-java\", unaffected: make_list(\"ge 1.6.0.20\"), vulnerable: make_list(\"lt 1.6.0.20\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:19:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0089", "CVE-2010-0886", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0887", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0845", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0090", "CVE-2010-0093", "CVE-2010-0843", "CVE-2010-0084", "CVE-2010-0850"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201006-18.", "modified": "2017-08-28T00:00:00", "published": "2011-03-09T00:00:00", "id": "OPENVAS:69021", "href": "http://plugins.openvas.org/nasl.php?oid=69021", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201006-18 (sun-jre-bin sun-jdk emul-linux-x86-java)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Oracle JDK and JRE are vulnerable to multiple unspecified\n vulnerabilities.\";\ntag_solution = \"All Oracle JRE 1.6.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.6.0.20'\n\nAll Oracle JDK 1.6.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.6.0.20'\n\nAll users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to\n the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.6.0.20'\n\nAll Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle\n JRE 1.5.x users are strongly advised to unmerge Java 1.5:\n\n # emerge --unmerge =app-emulation/emul-linux-x86-java-1.5*\n # emerge --unmerge =dev-java/sun-jre-bin-1.5*\n # emerge --unmerge =dev-java/sun-jdk-1.5*\n\nGentoo is ceasing support for the 1.5 generation of the Oracle Java\n Platform in accordance with upstream. All 1.5 JRE versions are masked\n and will be removed shortly. All 1.5 JDK versions are marked as\n 'build-only' and will be masked for removal shortly. Users are advised\n to change their default user and system Java implementation to an\n unaffected version. For example:\n\n # java-config --set-system-vm sun-jdk-1.6\n\nFor more information, please consult the Gentoo Linux Java\n documentation.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201006-18\nhttp://bugs.gentoo.org/show_bug.cgi?id=306579\nhttp://bugs.gentoo.org/show_bug.cgi?id=314531\nhttp://www.gentoo.org/doc/en/java.xml#doc_chap4\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201006-18.\";\n\n \n \n\nif(description)\n{\n script_id(69021);\n script_version(\"$Revision: 7015 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-28 13:51:24 +0200 (Mon, 28 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3555\", \"CVE-2010-0082\", \"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0090\", \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0093\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0845\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\", \"CVE-2010-0850\", \"CVE-2010-0886\", \"CVE-2010-0887\");\n script_name(\"Gentoo Security Advisory GLSA 201006-18 (sun-jre-bin sun-jdk emul-linux-x86-java)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-java/sun-jre-bin\", unaffected: make_list(\"ge 1.6.0.20\"), vulnerable: make_list(\"lt 1.6.0.20\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"dev-java/sun-jdk\", unaffected: make_list(\"ge 1.6.0.20\"), vulnerable: make_list(\"lt 1.6.0.20\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"app-emulation/emul-linux-x86-java\", unaffected: make_list(\"ge 1.6.0.20\"), vulnerable: make_list(\"lt 1.6.0.20\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-12-06T16:46:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0539", "CVE-2010-0089", "CVE-2010-0886", "CVE-2010-0088", "CVE-2010-0085", "CVE-2009-3910", "CVE-2010-0087", "CVE-2010-0538", "CVE-2010-0887", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0090", "CVE-2010-0093", "CVE-2010-0843", "CVE-2010-0084"], "description": "The remote host is missing Java for Mac OS X 10.5 Update 7.", "modified": "2019-12-05T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:1361412562310102045", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102045", "type": "openvas", "title": "Java for Mac OS X 10.5 Update 7", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Java for Mac OS X 10.5 Update 7\n#\n# LSS-NVT-2010-034\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102045\");\n script_version(\"2019-12-05T15:10:00+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-05 15:10:00 +0000 (Thu, 05 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 13:49:16 +0200 (Fri, 28 May 2010)\");\n script_cve_id(\"CVE-2009-3555\", \"CVE-2009-3910\", \"CVE-2010-0082\", \"CVE-2010-0084\", \"CVE-2010-0085\",\n \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0090\", \"CVE-2010-0091\",\n \"CVE-2010-0092\", \"CVE-2010-0093\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0837\",\n \"CVE-2010-0838\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\",\n \"CVE-2010-0844\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\",\n \"CVE-2010-0886\", \"CVE-2010-0887\", \"CVE-2010-0538\", \"CVE-2010-0539\");\n script_name(\"Java for Mac OS X 10.5 Update 7\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.5\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4170\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Java for Mac OS X 10.5 Update 7.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n Java\");\n\n script_tag(name:\"solution\", value:\"Update your Java for Mac OS X. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.5\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.8\",\"Mac OS X Server 10.5.8\");\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.8\")) {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"7\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.8\")) {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"7\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0539", "CVE-2010-0089", "CVE-2010-0886", "CVE-2010-0088", "CVE-2010-0085", "CVE-2009-3910", "CVE-2010-0087", "CVE-2010-0538", "CVE-2010-0887", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0090", "CVE-2010-0093", "CVE-2010-0843", "CVE-2010-0084"], "description": "The remote host is missing Java for Mac OS X 10.5 Update 7.\n One or more of the following components are affected:\n\n Java", "modified": "2017-02-22T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:102045", "href": "http://plugins.openvas.org/nasl.php?oid=102045", "type": "openvas", "title": "Java for Mac OS X 10.5 Update 7", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Java for Mac OS X 10.5 Update 7\n#\n# LSS-NVT-2010-034\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Java for Mac OS X.\n\n For more information see:\n http://support.apple.com/kb/HT4170\";\n\ntag_summary = \"The remote host is missing Java for Mac OS X 10.5 Update 7.\n One or more of the following components are affected:\n\n Java\";\n\n\nif(description)\n{\n script_id(102045);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 13:49:16 +0200 (Fri, 28 May 2010)\");\n script_cve_id(\"CVE-2009-3555\",\"CVE-2009-3910\",\"CVE-2010-0082\",\"CVE-2010-0084\",\"CVE-2010-0085\",\"CVE-2010-0087\",\"CVE-2010-0088\",\"CVE-2010-0089\",\"CVE-2010-0090\",\"CVE-2010-0091\",\"CVE-2010-0092\",\"CVE-2010-0093\",\"CVE-2010-0094\",\"CVE-2010-0095\",\"CVE-2010-0837\",\"CVE-2010-0838\",\"CVE-2010-0840\",\"CVE-2010-0841\",\"CVE-2010-0842\",\"CVE-2010-0843\",\"CVE-2010-0844\",\"CVE-2010-0846\",\"CVE-2010-0847\",\"CVE-2010-0848\",\"CVE-2010-0849\",\"CVE-2010-0886\",\"CVE-2010-0887\",\"CVE-2010-0538\",\"CVE-2010-0539\");\n script_name(\"Java for Mac OS X 10.5 Update 7\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.8\",\"Mac OS X Server 10.5.8\");\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.8\")) {\n\tif (isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"7\")) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.8\")) {\n\tif (isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"7\")) { security_message(0); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0539", "CVE-2010-0089", "CVE-2010-0886", "CVE-2010-0088", "CVE-2010-0085", "CVE-2009-3910", "CVE-2010-0087", "CVE-2010-0538", "CVE-2010-0887", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0090", "CVE-2010-0093", "CVE-2010-0843", "CVE-2010-0084", "CVE-2009-1105"], "description": "The remote host is missing Java for Mac OS X 10.6 Update 2.\n One or more of the following components are affected:\n\n Java", "modified": "2017-02-22T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:102047", "href": "http://plugins.openvas.org/nasl.php?oid=102047", "type": "openvas", "title": "Java for Mac OS X 10.6 Update 2", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Java for Mac OS X 10.6 Update 2\n#\n# LSS-NVT-2010-036\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Java for Mac OS X.\n\n For more information see:\n http://support.apple.com/kb/HT4171\";\n\ntag_summary = \"The remote host is missing Java for Mac OS X 10.6 Update 2.\n One or more of the following components are affected:\n\n Java\";\n\n\nif(description)\n{\n script_id(102047);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 13:49:16 +0200 (Fri, 28 May 2010)\");\n script_cve_id(\"CVE-2009-1105\",\"CVE-2009-3555\",\"CVE-2009-3910\",\"CVE-2010-0082\",\"CVE-2010-0084\",\"CVE-2010-0085\",\"CVE-2010-0087\",\"CVE-2010-0088\",\"CVE-2010-0089\",\"CVE-2010-0090\",\"CVE-2010-0091\",\"CVE-2010-0092\",\"CVE-2010-0093\",\"CVE-2010-0094\",\"CVE-2010-0095\",\"CVE-2010-0837\",\"CVE-2010-0838\",\"CVE-2010-0840\",\"CVE-2010-0841\",\"CVE-2010-0842\",\"CVE-2010-0843\",\"CVE-2010-0844\",\"CVE-2010-0846\",\"CVE-2010-0847\",\"CVE-2010-0848\",\"CVE-2010-0849\",\"CVE-2010-0886\",\"CVE-2010-0887\",\"CVE-2010-0538\",\"CVE-2010-0539\");\n script_name(\"Java for Mac OS X 10.6 Update 2\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.6.3\",\"Mac OS X Server 10.6.3\");\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.6.3\")) {\n\tif (isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.6Update\", diff:\"2\")) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.6.3\")) {\n\tif (isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.6Update\", diff:\"2\")) { security_message(0); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:52", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0089", "CVE-2010-0886", "CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0887", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0845", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-0849", "CVE-2010-0091", "CVE-2010-0090", "CVE-2010-0093", "CVE-2010-0843", "CVE-2010-0084", "CVE-2010-0850"], "description": "### Background\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). \n\n### Description\n\nMultiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. \n\n### Impact\n\nA remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Oracle JRE 1.6.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jre-bin-1.6.0.20\"\n\nAll Oracle JDK 1.6.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jdk-1.6.0.20\"\n\nAll users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/emul-linux-x86-java-1.6.0.20\"\n\nAll Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle JRE 1.5.x users are strongly advised to unmerge Java 1.5: \n \n \n # emerge --unmerge =app-emulation/emul-linux-x86-java-1.5*\n # emerge --unmerge =dev-java/sun-jre-bin-1.5*\n # emerge --unmerge =dev-java/sun-jdk-1.5*\n\nGentoo is ceasing support for the 1.5 generation of the Oracle Java Platform in accordance with upstream. All 1.5 JRE versions are masked and will be removed shortly. All 1.5 JDK versions are marked as \"build-only\" and will be masked for removal shortly. Users are advised to change their default user and system Java implementation to an unaffected version. For example: \n \n \n # java-config --set-system-vm sun-jdk-1.6\n\nFor more information, please consult the Gentoo Linux Java documentation.", "edition": 1, "modified": "2010-06-04T00:00:00", "published": "2010-06-04T00:00:00", "id": "GLSA-201006-18", "href": "https://security.gentoo.org/glsa/201006-18", "type": "gentoo", "title": "Oracle JRE/JDK: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-0845", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0837", "CVE-2010-0091", "CVE-2010-0093", "CVE-2010-0084"], "description": "Buffer overflows on soundbank parsing, buffer overflow on images and archives parsing. Multiple code executions and privilege escalations.", "edition": 1, "modified": "2010-04-07T00:00:00", "published": "2010-04-07T00:00:00", "id": "SECURITYVULNS:VULN:10737", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10737", "title": "Oracle Sun Java multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0845", "CVE-2009-3555", "CVE-2010-0837", "CVE-2010-0091", "CVE-2010-0093", "CVE-2010-0084"], "description": "===========================================================\r\nUbuntu Security Notice USN-923-1 April 07, 2010\r\nopenjdk-6 vulnerabilities\r\nCVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085,\r\nCVE-2010-0088, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093,\r\nCVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,\r\nCVE-2010-0840, CVE-2010-0845, CVE-2010-0847, CVE-2010-0848\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 8.04 LTS\r\nUbuntu 8.10\r\nUbuntu 9.04\r\nUbuntu 9.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 8.04 LTS:\r\n openjdk-6-jre 6b11-2ubuntu2.2\r\n openjdk-6-jre-lib 6b11-2ubuntu2.2\r\n\r\nUbuntu 8.10:\r\n openjdk-6-jre 6b12-0ubuntu6.7\r\n openjdk-6-jre-lib 6b12-0ubuntu6.7\r\n\r\nUbuntu 9.04:\r\n openjdk-6-jre 6b14-1.4.1-0ubuntu13\r\n openjdk-6-jre-lib 6b14-1.4.1-0ubuntu13\r\n\r\nUbuntu 9.10:\r\n openjdk-6-jre 6b16-1.6.1-3ubuntu3\r\n openjdk-6-jre-lib 6b16-1.6.1-3ubuntu3\r\n\r\nAfter a standard system upgrade you need to restart all Java applications\r\nto effect the necessary changes.\r\n\r\nDetails follow:\r\n\r\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\r\nprotocols. If an attacker could perform a man in the middle attack at the\r\nstart of a TLS connection, the attacker could inject arbitrary content\r\nat the beginning of the user&#39;s session. &#40;CVE-2009-3555&#41;\r\n\r\nIt was discovered that Loader-constraint table, Policy/PolicyFile,\r\nInflater/Deflater, drag/drop access, and deserialization did not correctly\r\nhandle certain sensitive objects. If a user were tricked into running a\r\nspecially crafted applet, private information could be leaked to a remote\r\nattacker, leading to a loss of privacy. &#40;CVE-2010-0082, CVE-2010-0084,\r\nCVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0094&#41;\r\n\r\nIt was discovered that AtomicReferenceArray, System.arraycopy,\r\nInetAddress, and HashAttributeSet did not correctly handle certain\r\nsituations. If a remote attacker could trigger specific error conditions,\r\na Java application could crash, leading to a denial of service.\r\n&#40;CVE-2010-0092, CVE-2010-0093, CVE-2010-0095, CVE-2010-0845&#41;\r\n\r\nIt was discovered that Pack200, CMM readMabCurveData, ImagingLib, and\r\nthe AWT library did not correctly check buffer lengths. If a user or\r\nautomated system were tricked into handling specially crafted JAR files or\r\nimages, a remote attacker could crash the Java application or possibly\r\ngain user privileges &#40;CVE-2010-0837, CVE-2010-0838, CVE-2010-0847,\r\nCVE-2010-0848&#41;.\r\n\r\nIt was discovered that applets did not correctly handle certain trust\r\nchains. If a user were tricked into running a specially crafted applet,\r\na remote attacker could possibly run untrusted code with user privileges.\r\n&#40;CVE-2010-0840&#41;\r\n\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b11-2ubuntu2.2.diff.gz\r\n Size/MD5: 183148 c52d5567be104b1ecf671fae43a15682\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b11-2ubuntu2.2.dsc\r\n Size/MD5: 1797 3733e7dce2f951b329b777fb097b853a\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b11.orig.tar.gz\r\n Size/MD5: 51692912 a409bb4e935a22dcbd3529dc098c58de\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-doc_6b11-2ubuntu2.2_all.deb\r\n Size/MD5: 8465062 e8317e2c220626b5766ba857015f04e1\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-lib_6b11-2ubuntu2.2_all.deb\r\n Size/MD5: 4721000 0dea03e5492b2a86e1b0a78df4acb46b\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source_6b11-2ubuntu2.2_all.deb\r\n Size/MD5: 25593942 6fd45df7392ca30f33b4a282531eef12\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_amd64.deb\r\n Size/MD5: 47453206 eae77d94e79f5e4cb3c46cab6cd57c5c\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_amd64.deb\r\n Size/MD5: 2364290 2baf34a6a7a5a094d4b4438dbbc7147b\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_amd64.deb\r\n Size/MD5: 9447596 eef973ac531daaadf5ab760a265b41fe\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_amd64.deb\r\n Size/MD5: 22508466 8b15c220adb38f64ae754800396d3a19\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_amd64.deb\r\n Size/MD5: 228484 a323f8696f9a5378a3a631a95109450f\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_i386.deb\r\n Size/MD5: 104058320 a95066e7f890da39eb7b8556f0a36977\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_i386.deb\r\n Size/MD5: 2345048 bde1fa6d004e73a6d097b7be02f4d9ae\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_i386.deb\r\n Size/MD5: 9447476 7889de9b3b87f4a9f461b35e56ab64cf\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_i386.deb\r\n Size/MD5: 23773682 619f57ae6a09fbc56d09e1a1a6d59e62\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_i386.deb\r\n Size/MD5: 217638 428e8670220b4fbf719a3a124e60d536\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_lpia.deb\r\n Size/MD5: 104062648 13e73eae4986b94270032c8f4e3ddcf8\r\n http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_lpia.deb\r\n Size/MD5: 2344972 795aa31006cccb06d818aff24a1f82b4\r\n http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_lpia.deb\r\n Size/MD5: 9448498 98cb40a0d788c3750247379a22bee067\r\n http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_lpia.deb\r\n Size/MD5: 23773060 8d8e89c8d4e801f9911de9d12c245875\r\n http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_lpia.deb\r\n Size/MD5: 217316 6fcfbcff910e018a64ec9f76894c81ab\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_sparc.deb\r\n Size/MD5: 104450388 ce9db0e72401ee64ee59df0c816f9372\r\n http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_sparc.deb\r\n Size/MD5: 2352116 980d9aee28124513b8edacda713f1a31\r\n http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_sparc.deb\r\n Size/MD5: 9475864 71f0c82b94c1c75345067d419a265ebe\r\n http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_sparc.deb\r\n Size/MD5: 23756416 ff20b7e7079455a796cac85e9553d88b\r\n http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_sparc.deb\r\n Size/MD5: 220918 2d9b81c6d6c71a1693c4d7d886a7bb74\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.7.diff.gz\r\n Size/MD5: 1375087 10d1160d42871b6e8606373cbced4dc7\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.7.dsc\r\n Size/MD5: 2359 60d4e5bf13b4ce37812dbf188b7824ad\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12.orig.tar.gz\r\n Size/MD5: 54363262 f3aa01206f2192464b998fb7cc550686\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b12-0ubuntu6.7_all.deb\r\n Size/MD5: 8470746 29ef8fdb9c2c062a52b402d70dc692c7\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b12-0ubuntu6.7_all.deb\r\n Size/MD5: 4711518 e678e345460278483fd3a9801f99d7f6\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b12-0ubuntu6.7_all.deb\r\n Size/MD5: 25635634 6b7261befbce12caabbc1e77b093e161\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b12-0ubuntu6.7_all.deb\r\n Size/MD5: 49158148 53bcac8f60e7ee27ef10720137709f93\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_amd64.deb\r\n Size/MD5: 81034 9a0395e548e5899c74377f4a23992d71\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_amd64.deb\r\n Size/MD5: 47367112 ee7ed0d1c2bf41fb0ebb47f76111f090\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_amd64.deb\r\n Size/MD5: 2365970 ac935137ac7ca66121a675e336014e63\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_amd64.deb\r\n Size/MD5: 9982830 2d94c57fdf821cf81d34b71faa9963fa\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_amd64.deb\r\n Size/MD5: 24301504 c9a50074f40bcc93f0625c8dfb6baa1d\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_amd64.deb\r\n Size/MD5: 241776 49722cd46d681443fe4c8e1ad99deb70\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_i386.deb\r\n Size/MD5: 71514 f7cf567e9c524867a32b0920a7761965\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_i386.deb\r\n Size/MD5: 101843712 722f0c60fef209bd901c60a609f7bddc\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_i386.deb\r\n Size/MD5: 2348852 b6ee3b0392f5fe6bca46ae05a37782de\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_i386.deb\r\n Size/MD5: 9988498 cacb6b8de48b6dbe2068d85ea4d44c42\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_i386.deb\r\n Size/MD5: 25384560 f071f739e8dbccf1ed2274165d9a317f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_i386.deb\r\n Size/MD5: 230916 d6c41f5b108d3bf35a642c82dd5b3d4a\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_lpia.deb\r\n Size/MD5: 72114 416d9761e7e77aaac7509bd70bf45acf\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_lpia.deb\r\n Size/MD5: 101928710 9f3b79fde15926026775861f589c37d3\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_lpia.deb\r\n Size/MD5: 2345378 d33dc1056d95ccba50993236102ca840\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_lpia.deb\r\n Size/MD5: 9985588 38f76e4a1762ed21f37eb590f053e589\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_lpia.deb\r\n Size/MD5: 25404434 5ebe205933aab2a9c67139ed671654bd\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_lpia.deb\r\n Size/MD5: 227702 3342a99a7c3a6d3b2df8b99a088a0af1\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_sparc.deb\r\n Size/MD5: 70106 1911c148e05427b55400a399f819c51a\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_sparc.deb\r\n Size/MD5: 103684952 0756ff303702b1541950068f3ef26a94\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_sparc.deb\r\n Size/MD5: 2355094 83c8a90c6fd62bf30904bc6414d363d1\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_sparc.deb\r\n Size/MD5: 9986064 bed1922cf2dc79e014860af321d5306a\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_sparc.deb\r\n Size/MD5: 25390306 d720246e4c85631745bb08d7f6a1d226\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_sparc.deb\r\n Size/MD5: 233156 1d700e023dfb790e6f9e7bb7e24d2c27\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b14-1.4.1-0ubuntu13.diff.gz\r\n Size/MD5: 4320319 4021c8fcd4c1614a2451160790a85405\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b14-1.4.1-0ubuntu13.dsc\r\n Size/MD5: 2415 c7756818c527a60c1ae5a4ea1411813b\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b14-1.4.1.orig.tar.gz\r\n Size/MD5: 65306137 071e4d08171b577d3cb35ae3a09f4cb8\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b14-1.4.1-0ubuntu13_all.deb\r\n Size/MD5: 8472854 340422a72c165a478129695b87a3decd\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b14-1.4.1-0ubuntu13_all.deb\r\n Size/MD5: 4771496 23f3c880aa6f4d1ff5b4acdd1bcd6cb8\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b14-1.4.1-0ubuntu13_all.deb\r\n Size/MD5: 25681316 996af30b86be694c165d5a58852c99b5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b14-1.4.1-0ubuntu13_all.deb\r\n Size/MD5: 57004614 f4c7edfd8b1b2e2d53c98d31e29e603b\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_amd64.deb\r\n Size/MD5: 446312 98920eac0bb9aa7f4abb7fe5e40496c2\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_amd64.deb\r\n Size/MD5: 87810 277a7b218a36623cae073cca7449d8a4\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_amd64.deb\r\n Size/MD5: 87535158 65df1284d16dedcdf5751e1faf424b54\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_amd64.deb\r\n Size/MD5: 2365580 92d2e716091cd87020102e6e3cb4b075\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_amd64.deb\r\n Size/MD5: 10829214 4acb9fafb20f1bb228da14f1cc2da0b8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_amd64.deb\r\n Size/MD5: 24670588 29e8e6207186557e03f7b64c3262c164\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_amd64.deb\r\n Size/MD5: 267412 2b7eddeaf144c46ab38bc8712a12d138\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b14-1.4.1-0ubuntu13_amd64.deb\r\n Size/MD5: 1794560 ba9a8cced38085eeb7fb040b4dfbf691\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_i386.deb\r\n Size/MD5: 498920 e02ca2da27e70599577a60c007be8493\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_i386.deb\r\n Size/MD5: 76838 92ed2b38936e10a0eab660f077bb1757\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_i386.deb\r\n Size/MD5: 149231132 db05ea43b092e89bb4028131bb276339\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_i386.deb\r\n Size/MD5: 2348572 d1125ff6daa3f7974c065dcd41b942cb\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_i386.deb\r\n Size/MD5: 10929528 136cf1f9245338787498b575fe83de07\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_i386.deb\r\n Size/MD5: 25900108 dd0cc85c2c122b0c3c51d92d35e88338\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_i386.deb\r\n Size/MD5: 253256 c5ff4fa05eebc58a47db13a8d6065a79\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b14-1.4.1-0ubuntu13_i386.deb\r\n Size/MD5: 1558272 01dc786c3de0cddfb8b8c719b9e31ba7\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_lpia.deb\r\n Size/MD5: 436134 9316505ae832a36dc09a1c83518ba8d9\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_lpia.deb\r\n Size/MD5: 77330 5c6197772fcd49840fa7734452ed801d\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_lpia.deb\r\n Size/MD5: 149400248 d7dcc7705e50e2d7f7de5116856d4cb8\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_lpia.deb\r\n Size/MD5: 2345326 22076953b3af77f06692f7ac45483417\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_lpia.deb\r\n Size/MD5: 10848220 d6dcfe8087e5663944d594bac2995fed\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_lpia.deb\r\n Size/MD5: 25925550 47d8bd1984367794ef7f949171c1fb77\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_lpia.deb\r\n Size/MD5: 249588 89fe1d94a183806172bf5f93cba08d90\r\n http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b14-1.4.1-0ubuntu13_lpia.deb\r\n Size/MD5: 1475474 b2d04c74193cac3504e546a10c21c688\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_powerpc.deb\r\n Size/MD5: 471620 e11ec836592b371cb674132e7beb0913\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_powerpc.deb\r\n Size/MD5: 82192 2fd9797d1eb5811c2f93fbc1327b207b\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_powerpc.deb\r\n Size/MD5: 41322854 1eabcfe599bae6fd46703524d482c9dd\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_powerpc.deb\r\n Size/MD5: 2393316 c353cb8a1852f1e1da40dd0474145c74\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_powerpc.deb\r\n Size/MD5: 8651154 fa3878a77ed0d95da518c5d110a47c9c\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_powerpc.deb\r\n Size/MD5: 23432700 f9d15b89f89bd1fc046da4341653ce44\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_powerpc.deb\r\n Size/MD5: 282878 c360d272d178f1d5f8ad158646aee4b1\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b16-1.6.1-3ubuntu3.diff.gz\r\n Size/MD5: 189626 f2bce81c432bd538792e5271b2199f34\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b16-1.6.1-3ubuntu3.dsc\r\n Size/MD5: 2347 f5e807f1f9bd85ac28ec9d00915369d0\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b16-1.6.1.orig.tar.gz\r\n Size/MD5: 63908782 4fe4fd2bc93074ff7a208265888a36b0\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b16-1.6.1-3ubuntu3_all.deb\r\n Size/MD5: 8462214 43a2edb121514adf08ba9185cc135461\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b16-1.6.1-3ubuntu3_all.deb\r\n Size/MD5: 4772052 604cabebd5e9c4eeae1d186984b56b4c\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b16-1.6.1-3ubuntu3_all.deb\r\n Size/MD5: 25684570 f002f587f0773833bce4893ae5019740\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_amd64.deb\r\n Size/MD5: 331476 b13401043a474794c9f363850a75036a\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_amd64.deb\r\n Size/MD5: 88444 07a7aca4c43029ab2536e813a141f098\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_amd64.deb\r\n Size/MD5: 93589046 caaefff32bde8ad5ef5048757fdfd0d6\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_amd64.deb\r\n Size/MD5: 2369542 64dbab7480bdbda94f0e79e2d184a4e1\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_amd64.deb\r\n Size/MD5: 10835892 04b03aa158add9a5ec4fb51e14e735b6\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_amd64.deb\r\n Size/MD5: 24801720 96d4c56f665da4c4439bd4e5ddca41cc\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_amd64.deb\r\n Size/MD5: 270976 11bf2056bd8dc624fffcf99414a24abe\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_amd64.deb\r\n Size/MD5: 4700646 3ca67367189b5afb60c73783ab30519d\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_i386.deb\r\n Size/MD5: 295016 c35a01472676b0777d2efa148788cdb7\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_i386.deb\r\n Size/MD5: 77906 5726d9e09ef7cf6964dc1be85c7a1dbf\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_i386.deb\r\n Size/MD5: 154868278 665da097b3e8ec12298ce2ef4b24cac9\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_i386.deb\r\n Size/MD5: 2352980 98a442b9ec469ab4c4ed718cdd360004\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_i386.deb\r\n Size/MD5: 10953658 fe677db503bbf3dd45ed0c5ec84d1818\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_i386.deb\r\n Size/MD5: 26071290 6a46dbae9a611e7d868c414702918a81\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_i386.deb\r\n Size/MD5: 258644 60ae0f320a6cef87f1ce8e8d4b1b3657\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_i386.deb\r\n Size/MD5: 4179062 1fafce1885ba7f4f1ac42d6834ad2ddb\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_lpia.deb\r\n Size/MD5: 295648 98a7c38778a14a58cc1b2ef8cc3fc6aa\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_lpia.deb\r\n Size/MD5: 78994 eacb841dc0f72601408472022475e4ea\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_lpia.deb\r\n Size/MD5: 155028880 3cd1909d1a0c6309db78f10ba2303e47\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_lpia.deb\r\n Size/MD5: 2349960 a4ed8cbe6b808d20b3905805a88ea8f6\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_lpia.deb\r\n Size/MD5: 10834376 27f3b73570d9b0966771b6dcda748ffe\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_lpia.deb\r\n Size/MD5: 26115464 5e987d96c2ee41ec0abac25a291f2b04\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_lpia.deb\r\n Size/MD5: 254844 7382c5d11d2964b28005b8aa033ac054\r\n http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_lpia.deb\r\n Size/MD5: 4171478 97a4455fec8056d1c51758ed6498ed64\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_powerpc.deb\r\n Size/MD5: 320710 7e6f3f341c506ee102d55e0b0eeab3ec\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_powerpc.deb\r\n Size/MD5: 82728 7f74262de7084d8e02617ffa101a4c0d\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_powerpc.deb\r\n Size/MD5: 79465642 e4157d6a2e402289b5f59802e57daf35\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_powerpc.deb\r\n Size/MD5: 2368570 5fadc447b30b87a868a797f151f8a953\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_powerpc.deb\r\n Size/MD5: 8786542 e47528b55a38e7993ff0b9a8d8d94f0e\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_powerpc.deb\r\n Size/MD5: 23510102 d254a8014e50bfda3dae495007ffb3cf\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_powerpc.deb\r\n Size/MD5: 278238 e43b7f00294bcb017400afee75c61f09\r\n http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_powerpc.deb\r\n Size/MD5: 4046108 babed0cdb15cde22daf171cefcaee9f0\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_sparc.deb\r\n Size/MD5: 75514 63122f5f2dc2ea5a22b6cc96e749e2ed\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_sparc.deb\r\n Size/MD5: 119361738 2b71a8764c11424b3d389c9a3d5f9422\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_sparc.deb\r\n Size/MD5: 2358884 4f7bf2738932ebec0f78e987ee71eb60\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_sparc.deb\r\n Size/MD5: 10858710 1368b7cede30e323cba35c8b103949f1\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_sparc.deb\r\n Size/MD5: 26040612 2a4ed661590203bc0aa8ed119057012a\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_sparc.deb\r\n Size/MD5: 259016 1208328eb1a6bee5d87c0d28534767da\r\n", "edition": 1, "modified": "2010-04-07T00:00:00", "published": "2010-04-07T00:00:00", "id": "SECURITYVULNS:DOC:23588", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23588", "title": "[USN-923-1] OpenJDK vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:35", "bulletinFamily": "software", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-0089", "CVE-2010-0088", "CVE-2010-2176", "CVE-2010-0085", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-0087", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-0092", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-0848", "CVE-2010-2165", "CVE-2010-0082", "CVE-2010-2170", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-2171", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-0842", "CVE-2010-0845", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0837", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-0849", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-0091", "CVE-2010-1297", "CVE-2010-0090", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-0093", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-0843", "CVE-2010-0084", "CVE-2010-0850", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c02273751\r\nVersion: 1\r\n\r\nHPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager &#40;SIM&#41; for HP-UX, Linux, and Windows, Remote\r\nExecution of Arbitrary Code and Other Vulnerabilities\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2010-07-12\r\nLast Updated: 2010-07-12\r\n\r\nPotential Security Impact: Remote execution of arbitrary code and other vulnerabilities\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified in HP Systems Insight Manager &#40;SIM&#41; for HP-UX, Linux,\r\nand Windows. The vulnerabilities could be exploited remotely to execute arbitrary code and other exploits.\r\n\r\nReferences: Adobe Flash Player\r\n\r\nCVE-2008-4546\r\n\r\nCVE-2009-3793\r\n\r\nCVE-2010-1297\r\n\r\nCVE-2010-2160\r\n\r\nCVE-2010-2161\r\n\r\nCVE-2010-2162\r\n\r\nCVE-2010-2163\r\n\r\nCVE-2010-2164\r\n\r\nCVE-2010-2165\r\n\r\nCVE-2010-2166\r\n\r\nCVE-2010-2167\r\n\r\nCVE-2010-2169\r\n\r\nCVE-2010-2170\r\n\r\nCVE-2010-2171\r\n\r\nCVE-2010-2172\r\n\r\nCVE-2010-2173\r\n\r\nCVE-2010-2174\r\n\r\nCVE-2010-2175\r\n\r\nCVE-2010-2176\r\n\r\nCVE-2010-2177\r\n\r\nCVE-2010-2178\r\n\r\nCVE-2010-2179\r\n\r\nCVE-2010-2180\r\n\r\nCVE-2010-2181\r\n\r\nCVE-2010-2182\r\n\r\nCVE-2010-2183\r\n\r\nCVE-2010-2184\r\n\r\nCVE-2010-2185\r\n\r\nCVE-2010-2186\r\n\r\nCVE-2010-2187\r\n\r\nCVE-2010-2188\r\n\r\nCVE-2010-2189\r\n\r\nJava Runtime Environment &#40;JRE&#41;\r\n\r\nCVE-2010-0082\r\n\r\nCVE-2010-0084\r\n\r\nCVE-2010-0085\r\n\r\nCVE-2010-0087\r\n\r\nCVE-2010-0088\r\n\r\nCVE-2010-0089\r\n\r\nCVE-2010-0090\r\n\r\nCVE-2010-0091\r\n\r\nCVE-2010-0092\r\n\r\nCVE-2010-0093\r\n\r\nCVE-2010-0094\r\n\r\nCVE-2010-0095\r\n\r\nCVE-2010-0837\r\n\r\nCVE-2010-0838\r\n\r\nCVE-2010-0839\r\n\r\nCVE-2010-0840\r\n\r\nCVE-2010-0841\r\n\r\nCVE-2010-0842\r\n\r\nCVE-2010-0843\r\n\r\nCVE-2010-0844\r\n\r\nCVE-2010-0845\r\n\r\nCVE-2010-0846\r\n\r\nCVE-2010-0847\r\n\r\nCVE-2010-0848\r\n\r\nCVE-2010-0849\r\n\r\nCVE-2010-0850\r\n\r\nTLS/SSL\r\n\r\nCVE-2009-3555\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Systems Insight Manager &#40;SIM&#41; for HP-UX, Linux, and Windows prior to v6.1.\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2008-4546 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 4.3\r\nCVE-2009-3793 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-1297 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2160 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2161 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2162 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2163 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2164 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2165 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2166 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2167 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2169 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2170 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2171 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2172 &#40;AV:N/AC:M/Au:N/C:N/I:N/A:P&#41; 4.3\r\nCVE-2010-2173 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2174 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2175 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2176 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2177 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2178 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2179 &#40;AV:N/AC:M/Au:N/C:N/I:P/A:N&#41; 4.3\r\nCVE-2010-2180 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2181 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2182 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2183 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2184 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2185 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2186 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2187 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2188 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-2189 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-0082 &#40;AV:N/AC:H/Au:N/C:P/I:P/A:P&#41; 5.1\r\nCVE-2010-0084 &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41; 5.0\r\nCVE-2010-0085 &#40;AV:N/AC:H/Au:N/C:P/I:P/A:P&#41; 5.1\r\nCVE-2010-0087 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2010-0088 &#40;AV:N/AC:M/Au:N/C:P/I:P/A:P&#41; 6.8\r\nCVE-2010-0089 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:P&#41; 5.0\r\nCVE-2010-0090 &#40;AV:N/AC:M/Au:N/C:N/I:P/A:P&#41; 5.8\r\nCVE-2010-0091 &#40;AV:N/AC:M/Au:N/C:P/I:N/A:N&#41; 4.3\r\nCVE-2010-0092 &#40;AV:N/AC:H/Au:N/C:P/I:P/A:P&#41; 5.1\r\nCVE-2010-0093 &#40;AV:N/AC:H/Au:N/C:P/I:P/A:P&#41; 5.1\r\nCVE-2010-0094 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2010-0095 &#40;AV:N/AC:M/Au:N/C:P/I:P/A:P&#41; 6.8\r\nCVE-2010-0837 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2010-0838 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2010-0839 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2010-0840 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2010-0841 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2010-0842 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2010-0843 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2010-0844 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2010-0845 &#40;AV:N/AC:H/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2010-0846 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2010-0847 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2010-0848 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2010-0849 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2010-0850 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2009-3555 &#40;AV:N/AC:L/Au:N/C:N/I:P/A:P&#41; 6.4\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHp has provided HP Systems Insight Manager &#40;SIM&#41; for HP-UX, Linux, and Windows v6.1 or subsequent to resolve\r\nthese vulnerabilities.\r\nThe HP SIM v6.1 can be downloaded from http://www.hp.com/go/hpsim\r\n\r\nMANUAL ACTIONS: Yes - Update\r\nUpdate to HP SIM v6.1 or subsequent\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\n\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security\r\nPatch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a\r\nspecific HP-UX system. It can also download patches and create a depot automatically. For more information\r\nsee: https://www.hp.com/go/swa\r\n\r\nThe following text is for use by the HP-UX Software Assistant.\r\n\r\nAFFECTED VERSIONS\r\n\r\nHP-UX B.11.23\r\nHP-UX B.11.31\r\n=============\r\nSysMgmtServer.MX-CMS\r\nSysMgmtServer.MX-CORE\r\nSysMgmtServer.MX-CORE-ARCH\r\nSysMgmtServer.MX-CORE-ARCH\r\nSysMgmtServer.MX-PORTAL\r\nSysMgmtServer.MX-REPO\r\nSysMgmtServer.MX-TOOLS\r\naction: update to HP SIM v6.1 or subsequent\r\n\r\nEND AFFECTED VERSIONS\r\n\r\nHISTORY\r\nVersion: 1 &#40;rev.1&#41; - 12 July 2010 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP\r\nsoftware products should be applied in accordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to:\r\nsecurity-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP,\r\nespecially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&amp;langcode=USENG&amp;jumpid=in_SC-GEN__driverITRC&amp;topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber&#39;s choice for Business: sign-in.\r\nOn the web page: Subscriber&#39;s Choice: your profile summary - use Edit Profile to update appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing &amp; Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is\r\ncontinually reviewing and enhancing the security features of software products to provide customers with\r\ncurrent secure solutions.\r\n\r\n&quot;HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the\r\naffected HP products the important security information contained in this Bulletin. HP recommends that all\r\nusers determine the applicability of this information to their individual situations and take appropriate\r\naction. HP does not warrant that this information is necessarily accurate or complete for all user situations\r\nand, consequently, HP will not be responsible for any damages resulting from user&#39;s use or disregard of the\r\ninformation provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either\r\nexpress or implied, including the warranties of merchantability and fitness for a particular purpose, title\r\nand non-infringement.&quot;\r\n\r\nCopyright 2009 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein.\r\nThe information provided is provided &quot;as is&quot; without warranty of any kind. To the extent permitted by law,\r\nneither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or\r\nconsequential damages including downtime cost; lost profits;damages relating to the procurement of substitute\r\nproducts or services; or damages for loss of data, or software restoration. The information in this document\r\nis subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products\r\nreferenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other\r\nproduct and company names mentioned herein may be trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAkw7IkwACgkQ4B86/C0qfVlJ5QCfXkIKuTF7IcPYiRcmqfTLo8aQ\r\nCk0Anij/T6Lor5PRgLg5eharEx5Spcki\r\n=Wfca\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-07-18T00:00:00", "published": "2010-07-18T00:00:00", "id": "SECURITYVULNS:DOC:24282", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24282", "title": "[security bulletin] HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager &#40;SIM&#41; for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0088", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0845", "CVE-2010-0847", "CVE-2010-0848"], "description": "The OpenJDK runtime environment. ", "modified": "2010-04-09T21:05:39", "published": "2010-04-09T21:05:39", "id": "FEDORA:09491110673", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc13", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0088", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0845", "CVE-2010-0847", "CVE-2010-0848"], "description": "The OpenJDK runtime environment. ", "modified": "2010-04-09T01:32:00", "published": "2010-04-09T01:32:00", "id": "FEDORA:8D2D811080B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-34.b17.fc11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0088", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0845", "CVE-2010-0847", "CVE-2010-0848"], "description": "The OpenJDK runtime environment. ", "modified": "2010-04-09T01:28:22", "published": "2010-04-09T01:28:22", "id": "FEDORA:E36CC10FA25", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc12", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:26:16", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0845", "CVE-2009-3555", "CVE-2010-0837", "CVE-2010-0091", "CVE-2010-0093", "CVE-2010-0084"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0339\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. (CVE-2009-3555)\n\nThis update disables renegotiation in the Java Secure Socket Extension\n(JSSE) component. Unsafe renegotiation can be re-enabled using the\nsun.security.ssl.allowUnsafeRenegotiation property. Refer to the following\nKnowledgebase article for details:\nhttp://kbase.redhat.com/faq/docs/DOC-20491\n\nA number of flaws have been fixed in the Java Virtual Machine (JVM) and in\nvarious Java class implementations. These flaws could allow an unsigned\napplet or application to bypass intended access restrictions.\n(CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0094)\n\nAn untrusted applet could access clipboard information if a drag operation\nwas performed over that applet's canvas. This could lead to an information\nleak. (CVE-2010-0091)\n\nThe rawIndex operation incorrectly handled large values, causing the\ncorruption of internal memory structures, resulting in an untrusted applet\nor application crashing. (CVE-2010-0092)\n\nThe System.arraycopy operation incorrectly handled large index values,\npotentially causing array corruption in an untrusted applet or application.\n(CVE-2010-0093)\n\nSubclasses of InetAddress may incorrectly interpret network addresses,\nallowing an untrusted applet or application to bypass network access\nrestrictions. (CVE-2010-0095)\n\nIn certain cases, type assignments could result in \"non-exact\" interface\ntypes. This could be used to bypass type-safety restrictions.\n(CVE-2010-0845)\n\nA buffer overflow flaw in LittleCMS (embedded in OpenJDK) could cause an\nuntrusted applet or application using color profiles from untrusted sources\nto crash. (CVE-2010-0838)\n\nAn input validation flaw was found in the JRE unpack200 functionality. An\nuntrusted applet or application could use this flaw to elevate its\nprivileges. (CVE-2010-0837)\n\nDeferred calls to trusted applet methods could be granted incorrect\npermissions, allowing an untrusted applet or application to extend its\nprivileges. (CVE-2010-0840)\n\nA missing input validation flaw in the JRE could allow an attacker to crash\nan untrusted applet or application. (CVE-2010-0848)\n\nA flaw in Java2D could allow an attacker to execute arbitrary code with the\nprivileges of a user running an untrusted applet or application that uses\nJava2D. (CVE-2010-0847)\n\nNote: The flaws concerning applets in this advisory, CVE-2010-0082,\nCVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0092,\nCVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,\nCVE-2010-0840, CVE-2010-0847, and CVE-2010-0848, can only be triggered in\njava-1.6.0-openjdk by calling the \"appletviewer\" application.\n\nThis update also provides three defense in depth patches. (BZ#575745,\nBZ#575861, BZ#575789)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-June/028765.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-June/028766.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0339.html", "edition": 3, "modified": "2010-06-12T15:56:24", "published": "2010-06-12T15:56:24", "href": "http://lists.centos.org/pipermail/centos-announce/2010-June/028765.html", "id": "CESA-2010:0339", "title": "java security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:55", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0845", "CVE-2009-3555", "CVE-2010-0837", "CVE-2010-0091", "CVE-2010-0093", "CVE-2010-0084"], "description": "[1:1.6.0.0-1.11.b16.0.1.el5]\n- Add oracle-enterprise.patch\n[1:1.6.0.0-1.11.b16.el5]\n- Remove javaws alternative due to conflict with java-1.6.0-sun's alternatives\n[1:1.6.0-1.10.b16]\n- Update to openjdk build b16\n- Update to icedtea6-1.6\n- Added tzdata-java requirement\n- Added autoconf and automake build requirement\n- Added tzdata-java requirement\n- Added java-1.6.0-openjdk-gcc-stack-markings.patch\n- Added java-1.6.0-openjdk-memory-barriers.patch\n- Added java-1.6.0-openjdk-jar-misc.patch\n- Added java-1.6.0-openjdk-linux-separate-debuginfo.patch\n- Added java-1.6.0-openjdk-securitypatches-20100323.patch\n- Added STRIP_KEEP_SYMTAB=libjvm* to install section, fix bz530402\n- Resolves: rhbz#576124\n[1:1.6.0-1.8.b09]\n- Added java-1.6.0-openjdk-debuginfo.patch\n- Added java-1.6.0-openjdk-elf-debuginfo.patch ", "edition": 4, "modified": "2010-04-08T00:00:00", "published": "2010-04-08T00:00:00", "id": "ELSA-2010-0339", "href": "http://linux.oracle.com/errata/ELSA-2010-0339.html", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:26:19", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0088", "CVE-2010-0085", "CVE-2010-0092", "CVE-2010-0848", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-0094", "CVE-2010-0847", "CVE-2010-0845", "CVE-2009-3555", "CVE-2010-0837", "CVE-2010-0091", "CVE-2010-0093", "CVE-2010-0084"], "description": "Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 \nprotocols. If an attacker could perform a man in the middle attack at the \nstart of a TLS connection, the attacker could inject arbitrary content \nat the beginning of the user's session. (CVE-2009-3555)\n\nIt was discovered that Loader-constraint table, Policy/PolicyFile, \nInflater/Deflater, drag/drop access, and deserialization did not correctly \nhandle certain sensitive objects. If a user were tricked into running a \nspecially crafted applet, private information could be leaked to a remote \nattacker, leading to a loss of privacy. (CVE-2010-0082, CVE-2010-0084, \nCVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0094)\n\nIt was discovered that AtomicReferenceArray, System.arraycopy, \nInetAddress, and HashAttributeSet did not correctly handle certain \nsituations. If a remote attacker could trigger specific error conditions, \na Java application could crash, leading to a denial of service. \n(CVE-2010-0092, CVE-2010-0093, CVE-2010-0095, CVE-2010-0845)\n\nIt was discovered that Pack200, CMM readMabCurveData, ImagingLib, and \nthe AWT library did not correctly check buffer lengths. If a user or \nautomated system were tricked into handling specially crafted JAR files or \nimages, a remote attacker could crash the Java application or possibly \ngain user privileges (CVE-2010-0837, CVE-2010-0838, CVE-2010-0847, \nCVE-2010-0848).\n\nIt was discovered that applets did not correctly handle certain trust \nchains. If a user were tricked into running a specially crafted applet, \na remote attacker could possibly run untrusted code with user privileges. \n(CVE-2010-0840)", "edition": 5, "modified": "2010-04-07T00:00:00", "published": "2010-04-07T00:00:00", "id": "USN-923-1", "href": "https://ubuntu.com/security/notices/USN-923-1", "title": "OpenJDK vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-12-09T19:34:37", "description": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.", "edition": 5, "cvss3": {}, "published": "2010-04-01T16:30:00", "title": "CVE-2010-0849", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0849"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.0_02", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:sdk:1.3.0_05", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jdk:1.3.1_05", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:jdk:1.3.1_15", "cpe:/a:sun:jdk:1.3.0_04", "cpe:/a:sun:jdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_26", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:sdk:1.3.0", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jdk:1.3.1_17", "cpe:/a:sun:jre:1.3.0", "cpe:/a:sun:sdk:1.3.0_01", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.3.0_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:jdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:jdk:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_27", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jdk:1.3.1_09", "cpe:/a:sun:jdk:1.3.1_20", "cpe:/a:sun:jdk:1.3.1_26", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:jdk:1.3.0_03", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.3.1_26", "cpe:/a:sun:jdk:1.3.1_06", "cpe:/a:sun:jdk:1.3.1_27", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:sdk:1.3.1", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jdk:1.3.1_18", "cpe:/a:sun:jdk:1.3.1_25", "cpe:/a:sun:jdk:1.3.1_10", "cpe:/a:sun:jdk:1.3.1_14", "cpe:/a:sun:jdk:1.3.0_01", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.3.1", "cpe:/a:sun:jdk:1.3.1_21", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jdk:1.3.0_05", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:sdk:1.3.1_27", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jdk:1.3.1_08", "cpe:/a:sun:jdk:1.3.1_01", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jdk:1.3.1", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jdk:1.3.0", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:jdk:1.3.1_12", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:jdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jdk:1.3.1_03", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jdk:1.3.0_02", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.3.1_01a", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:jdk:1.3.1_11", "cpe:/a:sun:sdk:1.4.2_15", "cpe:/a:sun:sdk:1.3.0_04", "cpe:/a:sun:jdk:1.3.1_24"], "id": "CVE-2010-0849", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0849", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:35", "description": "Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors.\nPer: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\r\n\r\n\r\n\r\n'Affected product releases and versions:\r\n\u2022 Java SE: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux\r\n\t \r\n\r\n \u2022 JDK 5.0 Update 23 and earlier for Solaris\r\n\t \r\n\r\n \u2022 SDK 1.4.2_25 and earlier for Solaris\r\n\t \r\n\u2022 Java for Business: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'", "edition": 5, "cvss3": {}, "published": "2010-04-01T16:30:00", "title": "CVE-2010-0090", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0090"], "modified": "2018-10-10T19:50:00", "cpe": ["cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.6.0"], "id": "CVE-2010-0090", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0090", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:37", "description": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.\nPer: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\r\n\r\n\r\n\r\n'Affected product releases and versions:\r\n\u2022 Java SE: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux\r\n\t \r\n\r\n \u2022 JDK 5.0 Update 23 and earlier for Solaris\r\n\t \r\n\r\n \u2022 SDK 1.4.2_25 and earlier for Solaris\r\n\t \r\n\u2022 Java for Business: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'", "edition": 5, "cvss3": {}, "published": "2010-04-01T16:30:00", "title": "CVE-2010-0842", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0842"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.0_02", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:sdk:1.3.0_05", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jdk:1.3.1_05", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:jdk:1.3.1_15", "cpe:/a:sun:jdk:1.3.0_04", "cpe:/a:sun:jdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_26", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:sdk:1.3.0", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jdk:1.3.1_17", "cpe:/a:sun:jre:1.3.0", "cpe:/a:sun:sdk:1.3.0_01", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.3.0_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:jdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:jdk:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_27", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jdk:1.3.1_09", "cpe:/a:sun:jdk:1.3.1_20", "cpe:/a:sun:jdk:1.3.1_26", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:jdk:1.3.0_03", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.3.1_26", "cpe:/a:sun:jdk:1.3.1_06", "cpe:/a:sun:jdk:1.3.1_27", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:sdk:1.3.1", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jdk:1.3.1_18", "cpe:/a:sun:jdk:1.3.1_25", "cpe:/a:sun:jdk:1.3.1_10", "cpe:/a:sun:jdk:1.3.1_14", "cpe:/a:sun:jdk:1.3.0_01", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.3.1", "cpe:/a:sun:jdk:1.3.1_21", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jdk:1.3.0_05", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:sdk:1.3.1_27", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jdk:1.3.1_08", "cpe:/a:sun:jdk:1.3.1_01", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jdk:1.3.1", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jdk:1.3.0", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:jdk:1.3.1_12", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:jdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jdk:1.3.1_03", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jdk:1.3.0_02", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.3.1_01a", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:jdk:1.3.1_11", "cpe:/a:sun:sdk:1.4.2_15", "cpe:/a:sun:sdk:1.3.0_04", "cpe:/a:sun:jdk:1.3.1_24"], "id": "CVE-2010-0842", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0842", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:37", "description": "Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an \"invalid assignment\" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).\nPer: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\r\n\r\n\r\n\r\n'Affected product releases and versions:\r\n\u2022 Java SE: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux\r\n\t \r\n\r\n \u2022 JDK 5.0 Update 23 and earlier for Solaris\r\n\t \r\n\r\n \u2022 SDK 1.4.2_25 and earlier for Solaris\r\n\t \r\n\u2022 Java for Business: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'", "edition": 5, "cvss3": {}, "published": "2010-04-01T16:30:00", "title": "CVE-2010-0846", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0846"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.0_02", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:sdk:1.3.0_05", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jdk:1.3.1_05", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:jdk:1.3.1_15", "cpe:/a:sun:jdk:1.3.0_04", "cpe:/a:sun:jdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_26", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:sdk:1.3.0", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jdk:1.3.1_17", "cpe:/a:sun:jre:1.3.0", "cpe:/a:sun:sdk:1.3.0_01", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.3.0_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:jdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:jdk:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_27", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jdk:1.3.1_09", "cpe:/a:sun:jdk:1.3.1_20", "cpe:/a:sun:jdk:1.3.1_26", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:jdk:1.3.0_03", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.3.1_26", "cpe:/a:sun:jdk:1.3.1_06", "cpe:/a:sun:jdk:1.3.1_27", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:sdk:1.3.1", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jdk:1.3.1_18", "cpe:/a:sun:jdk:1.3.1_25", "cpe:/a:sun:jdk:1.3.1_10", "cpe:/a:sun:jdk:1.3.1_14", "cpe:/a:sun:jdk:1.3.0_01", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.3.1", "cpe:/a:sun:jdk:1.3.1_21", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jdk:1.3.0_05", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:sdk:1.3.1_27", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jdk:1.3.1_08", "cpe:/a:sun:jdk:1.3.1_01", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jdk:1.3.1", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jdk:1.3.0", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:jdk:1.3.1_12", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:jdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jdk:1.3.1_03", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jdk:1.3.0_02", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.3.1_01a", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:jdk:1.3.1_11", "cpe:/a:sun:sdk:1.4.2_15", "cpe:/a:sun:sdk:1.3.0_04", "cpe:/a:sun:jdk:1.3.1_24"], "id": "CVE-2010-0846", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0846", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:57:22", "description": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.\nPer: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\r\n\r\n\r\n\r\n'Affected product releases and versions:\r\n\u2022 Java SE: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux\r\n\t \r\n\r\n \u2022 JDK 5.0 Update 23 and earlier for Solaris\r\n\t \r\n\r\n \u2022 SDK 1.4.2_25 and earlier for Solaris\r\n\t \r\n\u2022 Java for Business: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'", "edition": 3, "cvss3": {}, "published": "2010-04-01T16:30:00", "title": "CVE-2010-0843", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0843"], "modified": "2018-10-10T19:54:00", "cpe": ["cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.3.1_27", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.3.1_27", "cpe:/a:sun:sdk:1.4.2_25"], "id": "CVE-2010-0843", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0843", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:sun:jre:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_27:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:37", "description": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) \"a similar trust issue with interfaces,\" aka \"Trusted Methods Chaining Remote Code Execution Vulnerability.\"\nPer: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\r\n\r\n\r\n\r\n'Affected product releases and versions:\r\n\u2022 Java SE: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux\r\n\t \r\n\r\n \u2022 JDK 5.0 Update 23 and earlier for Solaris\r\n\t \r\n\r\n \u2022 SDK 1.4.2_25 and earlier for Solaris\r\n\t \r\n\u2022 Java for Business: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'", "edition": 5, "cvss3": {}, "published": "2010-04-01T16:30:00", "title": "CVE-2010-0840", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0840"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2010-0840", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0840", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:37", "description": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.\nPer: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\r\n\r\n\r\n\r\n'Affected product releases and versions:\r\n\u2022 Java SE: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux\r\n\t \r\n\r\n \u2022 JDK 5.0 Update 23 and earlier for Solaris\r\n\t \r\n\r\n \u2022 SDK 1.4.2_25 and earlier for Solaris\r\n\t \r\n\u2022 Java for Business: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'", "edition": 5, "cvss3": {}, "published": "2010-04-01T16:30:00", "title": "CVE-2010-0848", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0848"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.0_02", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:sdk:1.3.0_05", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jdk:1.3.1_05", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:jdk:1.3.1_15", "cpe:/a:sun:jdk:1.3.0_04", "cpe:/a:sun:jdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_26", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:sdk:1.3.0", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jdk:1.3.1_17", "cpe:/a:sun:jre:1.3.0", "cpe:/a:sun:sdk:1.3.0_01", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.3.0_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:jdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:jdk:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_27", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jdk:1.3.1_09", "cpe:/a:sun:jdk:1.3.1_20", "cpe:/a:sun:jdk:1.3.1_26", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:jdk:1.3.0_03", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.3.1_26", "cpe:/a:sun:jdk:1.3.1_06", "cpe:/a:sun:jdk:1.3.1_27", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:sdk:1.3.1", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jdk:1.3.1_18", "cpe:/a:sun:jdk:1.3.1_25", "cpe:/a:sun:jdk:1.3.1_10", "cpe:/a:sun:jdk:1.3.1_14", "cpe:/a:sun:jdk:1.3.0_01", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.3.1", "cpe:/a:sun:jdk:1.3.1_21", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jdk:1.3.0_05", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:sdk:1.3.1_27", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jdk:1.3.1_08", "cpe:/a:sun:jdk:1.3.1_01", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jdk:1.3.1", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jdk:1.3.0", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:jdk:1.3.1_12", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:jdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jdk:1.3.1_03", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jdk:1.3.0_02", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.3.1_01a", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:jdk:1.3.1_11", "cpe:/a:sun:sdk:1.4.2_15", "cpe:/a:sun:sdk:1.3.0_04", "cpe:/a:sun:jdk:1.3.1_24"], "id": "CVE-2010-0848", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0848", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:35", "description": "Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.\nPer: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\r\n\r\n\r\n\r\n'Affected product releases and versions:\r\n\u2022 Java SE: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux\r\n\t \r\n\r\n \u2022 JDK 5.0 Update 23 and earlier for Solaris\r\n\t \r\n\r\n \u2022 SDK 1.4.2_25 and earlier for Solaris\r\n\t \r\n\u2022 Java for Business: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'\r\n", "edition": 5, "cvss3": {}, "published": "2010-04-01T16:30:00", "title": "CVE-2010-0089", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0089"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2010-0089", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0089", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:35", "description": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.\nPer: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\r\n\r\n\r\n\r\n'Affected product releases and versions:\r\n\u2022 Java SE: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux\r\n\t \r\n\r\n \u2022 JDK 5.0 Update 23 and earlier for Solaris\r\n\t \r\n\r\n \u2022 SDK 1.4.2_25 and earlier for Solaris\r\n\t \r\n\u2022 Java for Business: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'", "edition": 5, "cvss3": {}, "published": "2010-04-01T16:30:00", "title": "CVE-2010-0088", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0088"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.0_02", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:sdk:1.3.0_05", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jdk:1.3.1_05", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:jdk:1.3.1_15", "cpe:/a:sun:jdk:1.3.0_04", "cpe:/a:sun:jdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_26", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:sdk:1.3.0", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jdk:1.3.1_17", "cpe:/a:sun:jre:1.3.0", "cpe:/a:sun:sdk:1.3.0_01", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.3.0_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:jdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:jdk:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_27", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jdk:1.3.1_09", "cpe:/a:sun:jdk:1.3.1_20", "cpe:/a:sun:jdk:1.3.1_26", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:jdk:1.3.0_03", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.3.1_26", "cpe:/a:sun:jdk:1.3.1_06", "cpe:/a:sun:jdk:1.3.1_27", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:sdk:1.3.1", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jdk:1.3.1_18", "cpe:/a:sun:jdk:1.3.1_25", "cpe:/a:sun:jdk:1.3.1_10", "cpe:/a:sun:jdk:1.3.1_14", "cpe:/a:sun:jdk:1.3.0_01", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.3.1", "cpe:/a:sun:jdk:1.3.1_21", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jdk:1.3.0_05", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:sdk:1.3.1_27", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jdk:1.3.1_08", "cpe:/a:sun:jdk:1.3.1_01", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jdk:1.3.1", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jdk:1.3.0", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:jdk:1.3.1_12", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:jdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jdk:1.3.1_03", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jdk:1.3.0_02", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.3.1_01a", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:jdk:1.3.1_11", "cpe:/a:sun:sdk:1.4.2_15", "cpe:/a:sun:sdk:1.3.0_04", "cpe:/a:sun:jdk:1.3.1_24"], "id": "CVE-2010-0088", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0088", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.0_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.0_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:35", "description": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084.\nPer: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\r\n\r\n\r\n\r\n'Affected product releases and versions:\r\n\u2022 Java SE: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux\r\n\t \r\n\r\n \u2022 JDK 5.0 Update 23 and earlier for Solaris\r\n\t \r\n\r\n \u2022 SDK 1.4.2_25 and earlier for Solaris\r\n\t \r\n\u2022 Java for Business: \t \r\n\r\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux\r\n\t \r\n\r\n \u2022 SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'", "edition": 5, "cvss3": {}, "published": "2010-04-01T16:30:00", "title": "CVE-2010-0091", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0091"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2010-0091", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0091", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}]}