{"id": "SUSE_JAVA-1_4_2-SUN-4536.NASL", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-4536)", "description": "The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs, including the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enfor ce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka 'two vulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273.", "published": "2007-10-18T00:00:00", "modified": "2018-07-19T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27511", "reporter": "Tenable", "references": ["http://sunsolve.sun.com/search/document.do?assetkey=1-26-103"], "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "type": "nessus", "lastseen": "2018-09-01T23:47:47", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-devel", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-src", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-demo", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_4_2-sun"], "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "description": "The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs, including the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enfor ce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka 'two vulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "445f07a809cc153e7a7caa816834d1543807b99103fd647b89ef63390483618f", "hashmap": [{"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "75faad22045a33190a3c052d75c092e4", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8a8dd43ea2f73699b0c2dfbf2fa984c9", "key": "sourceData"}, {"hash": "82a1eec003d872ae743243fa7d287074", "key": "cpe"}, {"hash": "7649722c82bbcc62bdb39a500944d696", "key": "references"}, {"hash": "46e19e37aff849b754a7053677b14c82", "key": "title"}, {"hash": "e2d9fd0ef97cd0306514701ae05ead2a", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "25877ed99b949b57ee5ba4a0fd5c4930", "key": "cvelist"}, {"hash": "b5daaa1a65fab780763c6dc7df93d38b", "key": "pluginID"}, {"hash": "e8ddad3788979eefe7312acd699725ea", "key": "published"}, {"hash": "9d9b93c7d6e6aa8a4c31efec781be6d2", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=27511", "id": "SUSE_JAVA-1_4_2-SUN-4536.NASL", "lastseen": "2018-08-02T07:55:25", "modified": "2018-07-19T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "27511", "published": "2007-10-18T00:00:00", "references": ["http://sunsolve.sun.com/search/document.do?assetkey=1-26-103"], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_4_2-sun-4536.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27511);\n script_version (\"1.10\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5236\", \"CVE-2007-5237\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-4536)\");\n script_summary(english:\"Check for the java-1_4_2-sun-4536 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs,\nincluding the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\napplet caching is enabled, allows remote attackers to violate the\nsecurity model for an applet's outbound connections via a DNS\nrebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and\nearlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not\nproperly enfor ce access restrictions for untrusted applications,\nwhich allows user-assisted remote attackers to read local files via an\nuntrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier does not properly enforce access restrictions for untrusted\napplications, which allows user-assisted remote attackers to read and\nmodify local files via an untrusted application, aka 'two\nvulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE\n1.4.2_15 and earlier does not properly enforce access restrictions for\nuntrusted applications, which allows user-assisted remote attackers to\nobtain sensitive information (the Java Web Start cache location) via\nan untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15\nand earlier, and SDK and JRE 1.3.1_20 and earlier does not properly\nenforce access restrictions for untrusted (1) applications and (2)\napplets, which allows user-assisted remote attackers to copy or rename\narbitrary files when local users perform drag-and-drop operations from\nthe untrusted application or applet window onto certain types of\ndesktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime\nEnvironment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0\nUpdate 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and\nJRE 1.3.1_20 and earlier allows remote attackers to circumvent display\nof the untrusted-code warning banner by creating a window larger than\nthe workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\nan HTTP proxy server is used, allows remote attackers to violate the\nsecurity model for an applet's outbound connections via a multi-pin\nDNS rebinding attack in which the applet download relies on DNS\nresolution on the proxy server, but the applet's socket operations\nrely on DNS resolution on the local machine, a different issue than\nCVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\nFirefox or Opera is used, allows remote attackers to violate the\nsecurity model for JavaScript outbound connections via a multi-pin DNS\nrebinding attack dependent on the LiveConnect API, in which JavaScript\ndownload relies on DNS resolution by the browser, but JavaScript\nsocket operations rely on separate DNS resolution by a Java Virtual\nMachine (JVM), a different issue than CVE-2007-5273.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-103\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_4_2-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-alsa-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-demo-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-devel-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-jdbc-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-plugin-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-src-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-alsa-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-demo-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-devel-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-jdbc-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-plugin-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-src-1.4.2_update16-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_4_2-sun\");\n}\n", "title": "openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-4536)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-02T07:55:25"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-devel", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-src", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-demo", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_4_2-sun"], "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "description": "The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs, including the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enfor ce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka 'two vulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "1e550392a04a6d2c5c0e872b3f0f53890804df855fe34a54e94680ba6c93c911", "hashmap": [{"hash": "75faad22045a33190a3c052d75c092e4", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "118b7d8a0b344a299e1f2959d10135be", "key": "sourceData"}, {"hash": "82a1eec003d872ae743243fa7d287074", "key": "cpe"}, {"hash": "7649722c82bbcc62bdb39a500944d696", "key": "references"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "46e19e37aff849b754a7053677b14c82", "key": "title"}, {"hash": "e2d9fd0ef97cd0306514701ae05ead2a", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "25877ed99b949b57ee5ba4a0fd5c4930", "key": "cvelist"}, {"hash": "b5daaa1a65fab780763c6dc7df93d38b", "key": "pluginID"}, {"hash": "e8ddad3788979eefe7312acd699725ea", "key": "published"}, {"hash": "9d9b93c7d6e6aa8a4c31efec781be6d2", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=27511", "id": "SUSE_JAVA-1_4_2-SUN-4536.NASL", "lastseen": "2017-10-29T13:38:32", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "27511", "published": "2007-10-18T00:00:00", "references": ["http://sunsolve.sun.com/search/document.do?assetkey=1-26-103"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_4_2-sun-4536.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27511);\n script_version (\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:11:35 $\");\n\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5236\", \"CVE-2007-5237\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-4536)\");\n script_summary(english:\"Check for the java-1_4_2-sun-4536 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs,\nincluding the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\napplet caching is enabled, allows remote attackers to violate the\nsecurity model for an applet's outbound connections via a DNS\nrebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and\nearlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not\nproperly enfor ce access restrictions for untrusted applications,\nwhich allows user-assisted remote attackers to read local files via an\nuntrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier does not properly enforce access restrictions for untrusted\napplications, which allows user-assisted remote attackers to read and\nmodify local files via an untrusted application, aka 'two\nvulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE\n1.4.2_15 and earlier does not properly enforce access restrictions for\nuntrusted applications, which allows user-assisted remote attackers to\nobtain sensitive information (the Java Web Start cache location) via\nan untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15\nand earlier, and SDK and JRE 1.3.1_20 and earlier does not properly\nenforce access restrictions for untrusted (1) applications and (2)\napplets, which allows user-assisted remote attackers to copy or rename\narbitrary files when local users perform drag-and-drop operations from\nthe untrusted application or applet window onto certain types of\ndesktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime\nEnvironment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0\nUpdate 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and\nJRE 1.3.1_20 and earlier allows remote attackers to circumvent display\nof the untrusted-code warning banner by creating a window larger than\nthe workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\nan HTTP proxy server is used, allows remote attackers to violate the\nsecurity model for an applet's outbound connections via a multi-pin\nDNS rebinding attack in which the applet download relies on DNS\nresolution on the proxy server, but the applet's socket operations\nrely on DNS resolution on the local machine, a different issue than\nCVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\nFirefox or Opera is used, allows remote attackers to violate the\nsecurity model for JavaScript outbound connections via a multi-pin DNS\nrebinding attack dependent on the LiveConnect API, in which JavaScript\ndownload relies on DNS resolution by the browser, but JavaScript\nsocket operations rely on separate DNS resolution by a Java Virtual\nMachine (JVM), a different issue than CVE-2007-5273.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-103\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_4_2-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-alsa-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-demo-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-devel-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-jdbc-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-plugin-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-src-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-alsa-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-demo-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-devel-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-jdbc-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-plugin-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-src-1.4.2_update16-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_4_2-sun\");\n}\n", "title": "openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-4536)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:38:32"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "description": "The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs, including the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enfor ce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka 'two vulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273.", "edition": 1, "enchantments": {}, "hash": "5b1ab981106662538b78c86dec5ca01f757c940e851a11d2bfc8f1e288b1954a", "hashmap": [{"hash": "75faad22045a33190a3c052d75c092e4", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "118b7d8a0b344a299e1f2959d10135be", "key": "sourceData"}, {"hash": "7649722c82bbcc62bdb39a500944d696", "key": "references"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "46e19e37aff849b754a7053677b14c82", "key": "title"}, {"hash": "e2d9fd0ef97cd0306514701ae05ead2a", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "25877ed99b949b57ee5ba4a0fd5c4930", "key": "cvelist"}, {"hash": "b5daaa1a65fab780763c6dc7df93d38b", "key": "pluginID"}, {"hash": "e8ddad3788979eefe7312acd699725ea", "key": "published"}, {"hash": "9d9b93c7d6e6aa8a4c31efec781be6d2", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=27511", "id": "SUSE_JAVA-1_4_2-SUN-4536.NASL", "lastseen": "2016-09-26T17:24:43", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "27511", "published": "2007-10-18T00:00:00", "references": ["http://sunsolve.sun.com/search/document.do?assetkey=1-26-103"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_4_2-sun-4536.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27511);\n script_version (\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:11:35 $\");\n\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5236\", \"CVE-2007-5237\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-4536)\");\n script_summary(english:\"Check for the java-1_4_2-sun-4536 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs,\nincluding the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\napplet caching is enabled, allows remote attackers to violate the\nsecurity model for an applet's outbound connections via a DNS\nrebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and\nearlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not\nproperly enfor ce access restrictions for untrusted applications,\nwhich allows user-assisted remote attackers to read local files via an\nuntrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier does not properly enforce access restrictions for untrusted\napplications, which allows user-assisted remote attackers to read and\nmodify local files via an untrusted application, aka 'two\nvulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE\n1.4.2_15 and earlier does not properly enforce access restrictions for\nuntrusted applications, which allows user-assisted remote attackers to\nobtain sensitive information (the Java Web Start cache location) via\nan untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15\nand earlier, and SDK and JRE 1.3.1_20 and earlier does not properly\nenforce access restrictions for untrusted (1) applications and (2)\napplets, which allows user-assisted remote attackers to copy or rename\narbitrary files when local users perform drag-and-drop operations from\nthe untrusted application or applet window onto certain types of\ndesktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime\nEnvironment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0\nUpdate 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and\nJRE 1.3.1_20 and earlier allows remote attackers to circumvent display\nof the untrusted-code warning banner by creating a window larger than\nthe workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\nan HTTP proxy server is used, allows remote attackers to violate the\nsecurity model for an applet's outbound connections via a multi-pin\nDNS rebinding attack in which the applet download relies on DNS\nresolution on the proxy server, but the applet's socket operations\nrely on DNS resolution on the local machine, a different issue than\nCVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\nFirefox or Opera is used, allows remote attackers to violate the\nsecurity model for JavaScript outbound connections via a multi-pin DNS\nrebinding attack dependent on the LiveConnect API, in which JavaScript\ndownload relies on DNS resolution by the browser, but JavaScript\nsocket operations rely on separate DNS resolution by a Java Virtual\nMachine (JVM), a different issue than CVE-2007-5273.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-103\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_4_2-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-alsa-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-demo-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-devel-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-jdbc-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-plugin-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-src-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-alsa-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-demo-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-devel-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-jdbc-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-plugin-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-src-1.4.2_update16-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_4_2-sun\");\n}\n", "title": "openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-4536)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:43"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-devel", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-src", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-demo", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_4_2-sun"], "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs, including the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enfor ce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka 'two vulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "d2c36e206bba974e0e7d1943abe7f6815836c86d2633e03bd6109ede4d418173", "hashmap": [{"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "75faad22045a33190a3c052d75c092e4", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8a8dd43ea2f73699b0c2dfbf2fa984c9", "key": "sourceData"}, {"hash": "82a1eec003d872ae743243fa7d287074", "key": "cpe"}, {"hash": "7649722c82bbcc62bdb39a500944d696", "key": "references"}, {"hash": "46e19e37aff849b754a7053677b14c82", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "25877ed99b949b57ee5ba4a0fd5c4930", "key": "cvelist"}, {"hash": "b5daaa1a65fab780763c6dc7df93d38b", "key": "pluginID"}, {"hash": "e8ddad3788979eefe7312acd699725ea", "key": "published"}, {"hash": "9d9b93c7d6e6aa8a4c31efec781be6d2", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=27511", "id": "SUSE_JAVA-1_4_2-SUN-4536.NASL", "lastseen": "2018-08-30T19:41:31", "modified": "2018-07-19T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "27511", "published": "2007-10-18T00:00:00", "references": ["http://sunsolve.sun.com/search/document.do?assetkey=1-26-103"], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_4_2-sun-4536.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27511);\n script_version (\"1.10\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5236\", \"CVE-2007-5237\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-4536)\");\n script_summary(english:\"Check for the java-1_4_2-sun-4536 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs,\nincluding the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\napplet caching is enabled, allows remote attackers to violate the\nsecurity model for an applet's outbound connections via a DNS\nrebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and\nearlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not\nproperly enfor ce access restrictions for untrusted applications,\nwhich allows user-assisted remote attackers to read local files via an\nuntrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier does not properly enforce access restrictions for untrusted\napplications, which allows user-assisted remote attackers to read and\nmodify local files via an untrusted application, aka 'two\nvulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE\n1.4.2_15 and earlier does not properly enforce access restrictions for\nuntrusted applications, which allows user-assisted remote attackers to\nobtain sensitive information (the Java Web Start cache location) via\nan untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15\nand earlier, and SDK and JRE 1.3.1_20 and earlier does not properly\nenforce access restrictions for untrusted (1) applications and (2)\napplets, which allows user-assisted remote attackers to copy or rename\narbitrary files when local users perform drag-and-drop operations from\nthe untrusted application or applet window onto certain types of\ndesktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime\nEnvironment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0\nUpdate 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and\nJRE 1.3.1_20 and earlier allows remote attackers to circumvent display\nof the untrusted-code warning banner by creating a window larger than\nthe workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\nan HTTP proxy server is used, allows remote attackers to violate the\nsecurity model for an applet's outbound connections via a multi-pin\nDNS rebinding attack in which the applet download relies on DNS\nresolution on the proxy server, but the applet's socket operations\nrely on DNS resolution on the local machine, a different issue than\nCVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\nFirefox or Opera is used, allows remote attackers to violate the\nsecurity model for JavaScript outbound connections via a multi-pin DNS\nrebinding attack dependent on the LiveConnect API, in which JavaScript\ndownload relies on DNS resolution by the browser, but JavaScript\nsocket operations rely on separate DNS resolution by a Java Virtual\nMachine (JVM), a different issue than CVE-2007-5273.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-103\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_4_2-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-alsa-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-demo-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-devel-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-jdbc-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-plugin-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-src-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-alsa-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-demo-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-devel-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-jdbc-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-plugin-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-src-1.4.2_update16-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_4_2-sun\");\n}\n", "title": "openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-4536)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:41:31"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "82a1eec003d872ae743243fa7d287074"}, {"key": "cvelist", "hash": "25877ed99b949b57ee5ba4a0fd5c4930"}, {"key": "cvss", "hash": "e2d9fd0ef97cd0306514701ae05ead2a"}, {"key": "description", "hash": "9d9b93c7d6e6aa8a4c31efec781be6d2"}, {"key": "href", "hash": "75faad22045a33190a3c052d75c092e4"}, {"key": "modified", "hash": "e2914120514a29eeccc01e381df164d8"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "b5daaa1a65fab780763c6dc7df93d38b"}, {"key": "published", "hash": "e8ddad3788979eefe7312acd699725ea"}, {"key": "references", "hash": "7649722c82bbcc62bdb39a500944d696"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "8a8dd43ea2f73699b0c2dfbf2fa984c9"}, {"key": "title", "hash": "46e19e37aff849b754a7053677b14c82"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "445f07a809cc153e7a7caa816834d1543807b99103fd647b89ef63390483618f", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_4_2-sun-4536.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27511);\n script_version (\"1.10\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5236\", \"CVE-2007-5237\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-4536)\");\n script_summary(english:\"Check for the java-1_4_2-sun-4536 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs,\nincluding the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\napplet caching is enabled, allows remote attackers to violate the\nsecurity model for an applet's outbound connections via a DNS\nrebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and\nearlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not\nproperly enfor ce access restrictions for untrusted applications,\nwhich allows user-assisted remote attackers to read local files via an\nuntrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier does not properly enforce access restrictions for untrusted\napplications, which allows user-assisted remote attackers to read and\nmodify local files via an untrusted application, aka 'two\nvulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE\n1.4.2_15 and earlier does not properly enforce access restrictions for\nuntrusted applications, which allows user-assisted remote attackers to\nobtain sensitive information (the Java Web Start cache location) via\nan untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15\nand earlier, and SDK and JRE 1.3.1_20 and earlier does not properly\nenforce access restrictions for untrusted (1) applications and (2)\napplets, which allows user-assisted remote attackers to copy or rename\narbitrary files when local users perform drag-and-drop operations from\nthe untrusted application or applet window onto certain types of\ndesktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime\nEnvironment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0\nUpdate 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and\nJRE 1.3.1_20 and earlier allows remote attackers to circumvent display\nof the untrusted-code warning banner by creating a window larger than\nthe workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\nan HTTP proxy server is used, allows remote attackers to violate the\nsecurity model for an applet's outbound connections via a multi-pin\nDNS rebinding attack in which the applet download relies on DNS\nresolution on the proxy server, but the applet's socket operations\nrely on DNS resolution on the local machine, a different issue than\nCVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\nFirefox or Opera is used, allows remote attackers to violate the\nsecurity model for JavaScript outbound connections via a multi-pin DNS\nrebinding attack dependent on the LiveConnect API, in which JavaScript\ndownload relies on DNS resolution by the browser, but JavaScript\nsocket operations rely on separate DNS resolution by a Java Virtual\nMachine (JVM), a different issue than CVE-2007-5273.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-103\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_4_2-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_4_2-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-alsa-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-demo-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-devel-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-jdbc-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-plugin-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_4_2-sun-src-1.4.2.16-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-alsa-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-demo-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-devel-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-jdbc-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-plugin-1.4.2_update16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_4_2-sun-src-1.4.2_update16-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_4_2-sun\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "27511", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-devel", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-src", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-demo", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_4_2-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_4_2-sun"]}

{"openvas": [{"lastseen": "2017-07-26T08:55:31", "references": [], "pluginID": "65091", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java2\n java2-jre\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020427 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SLES9: Security update for Sun Java 2", "type": "openvas", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "modified": "2017-07-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65091", "id": "OPENVAS:65091", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020427.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Sun Java 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java2\n java2-jre\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020427 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65091);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5236\", \"CVE-2007-5237\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:N\");\n script_name(\"SLES9: Security update for Sun Java 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java2\", rpm:\"java2~1.4.2~129.32\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2017-07-24T12:57:00", "references": ["http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01234533-4", "02284"], "pluginID": "835094", "description": "Check for the Version of Java JRE and JDK", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-05-05T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "HP-UX Update for Java JRE and JDK HPSBUX02284", "type": "openvas", "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5689", "CVE-2007-5239", "CVE-2007-5274"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=835094", "id": "OPENVAS:835094", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java JRE and JDK HPSBUX02284\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote unauthorized access\";\ntag_affected = \"Java JRE and JDK on\n HP-UX B.11.11, B.11.23, and B.11.31 running Java Runtime Environment (JRE) \n v5.0.10 and earlier, and Java Developer Kit (JDK), v1.4.2.16 and earlier.\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities may allow remote unauthorized access.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01234533-4\");\n script_id(835094);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02284\");\n script_cve_id(\"CVE-2007-5240\", \"CVE-2007-5239\", \"CVE-2007-5236\", \"CVE-2007-5237\", \"CVE-2007-5238\", \"CVE-2007-5273\", \"CVE-2007-5274\", \"CVE-2007-5232\", \"CVE-2007-5689\");\n script_name( \"HP-UX Update for Java JRE and JDK HPSBUX02284\");\n\n script_summary(\"Check for the Version of Java JRE and JDK\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-COM\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-COM-DOC\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-IPF32\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-PA11\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-DEMO\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PNV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PWV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM-DOC\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PNV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PNV2-H\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PWV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PWV2-H\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-DEMO\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PNV2\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PWV2\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM-DOC\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PNV2\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PNV2-H\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PWV2\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PWV2-H\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-COM\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-COM-DOC\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-IPF32\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-PA11\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-DEMO\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PNV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PWV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM-DOC\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PNV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PNV2-H\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PWV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PWV2-H\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-DEMO\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PNV2\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PWV2\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM-DOC\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PNV2\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PNV2-H\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PWV2\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PWV2-H\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:21:03", "references": ["2007-055"], "pluginID": "850067", "description": "Check for the Version of Sun Java", "edition": 3, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-01-28T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SuSE Update for Sun Java SUSE-SA:2007:055", "type": "openvas", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "modified": "2017-12-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850067", "id": "OPENVAS:850067", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2007_055.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for Sun Java SUSE-SA:2007:055\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Sun JAVA JDK 1.5.0 was upgraded to release 13, and the Sun JAVA\n SDK 1.4.2 was upgraded to update 16 to fix various bugs, including\n the following security bugs:\n\n http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1\n\n CVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE\n 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK\n and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier,\n when applet caching is enabled, allows remote attackers to violate\n the security model for an applets outbound connections via a DNS\n rebinding attack.\n\n http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1\n\n CVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and\n earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not\n properly enforce access restrictions for untrusted applications,\n which allows user-assisted remote attackers to read local files via\n an untrusted application.\n\n CVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and\n earlier does not properly enforce access restrictions for untrusted\n applications, which allows user-assisted remote attackers to read\n and modify local files via an untrusted application, aka &quot;two\n vulnerabilities&quot;.\n\n CVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and\n earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE\n 1.4.2_15 and earlier does not properly enforce access restrictions for\n untrusted applications, which allows user-assisted remote attackers\n to obtain sensitive information (the Java Web Start cache location)\n via an untrusted application, aka &quot;three vulnerabilities.&quot;\n\n http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1\n\n CVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and\n earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15\n and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly\n enforce access restrictions for untrusted (1) applications and (2)\n applets, which allows user-assisted remote attackers to copy or rename\n arbitrary files when local users perform drag-and-drop operations\n from the untrusted application or applet window onto certain types\n of desktop applications.\n\n http://sunsolve.sun.com/se ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"Sun Java on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SUSE Linux Enterprise Server 10 SP1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850067);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-28 13:40:10 +0100 (Wed, 28 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:N\");\n script_xref(name: \"SUSE-SA\", value: \"2007-055\");\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5236\", \"CVE-2007-5237\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\");\n script_name( \"SuSE Update for Sun Java SUSE-SA:2007:055\");\n\n script_summary(\"Check for the Version of Sun Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update13~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update13~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update13~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update13~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update13~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update13~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update13~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u3~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u3~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u3~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u3~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u3~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u3~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun\", rpm:\"java-1_4_2-sun~1.4.2_update16~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-alsa\", rpm:\"java-1_4_2-sun-alsa~1.4.2_update16~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-demo\", rpm:\"java-1_4_2-sun-demo~1.4.2_update16~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-devel\", rpm:\"java-1_4_2-sun-devel~1.4.2_update16~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-jdbc\", rpm:\"java-1_4_2-sun-jdbc~1.4.2_update16~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-plugin\", rpm:\"java-1_4_2-sun-plugin~1.4.2_update16~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-src\", rpm:\"java-1_4_2-sun-src~1.4.2_update16~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update13~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update13~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update13~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update13~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update13~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update13~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update13~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"java2\", rpm:\"java2~1.4.2~129.32\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java2-jre\", rpm:\"java2-jre~1.4.2~129.32\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLPOS9\")\n{\n\n if ((res = isrpmvuln(pkg:\"java2\", rpm:\"java2~1.4.2~129.32\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java2-jre\", rpm:\"java2-jre~1.4.2~129.32\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"OES\")\n{\n\n if ((res = isrpmvuln(pkg:\"java2\", rpm:\"java2~1.4.2~129.32\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java2-jre\", rpm:\"java2-jre~1.4.2~129.32\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES9\")\n{\n\n if ((res = isrpmvuln(pkg:\"java2\", rpm:\"java2~1.4.2~129.32\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java2-jre\", rpm:\"java2-jre~1.4.2~129.32\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"LES10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun\", rpm:\"java-1_4_2-sun~1.4.2.16~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-alsa\", rpm:\"java-1_4_2-sun-alsa~1.4.2.16~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-demo\", rpm:\"java-1_4_2-sun-demo~1.4.2.16~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-devel\", rpm:\"java-1_4_2-sun-devel~1.4.2.16~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-jdbc\", rpm:\"java-1_4_2-sun-jdbc~1.4.2.16~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-plugin\", rpm:\"java-1_4_2-sun-plugin~1.4.2.16~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-src\", rpm:\"java-1_4_2-sun-src~1.4.2.16~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun\", rpm:\"java-1_4_2-sun~1.4.2.16~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-alsa\", rpm:\"java-1_4_2-sun-alsa~1.4.2.16~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-demo\", rpm:\"java-1_4_2-sun-demo~1.4.2.16~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-devel\", rpm:\"java-1_4_2-sun-devel~1.4.2.16~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-jdbc\", rpm:\"java-1_4_2-sun-jdbc~1.4.2.16~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-plugin\", rpm:\"java-1_4_2-sun-plugin~1.4.2.16~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-src\", rpm:\"java-1_4_2-sun-src~1.4.2.16~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun\", rpm:\"java-1_4_2-sun~1.4.2.16~0.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-alsa\", rpm:\"java-1_4_2-sun-alsa~1.4.2.16~0.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-demo\", rpm:\"java-1_4_2-sun-demo~1.4.2.16~0.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-devel\", rpm:\"java-1_4_2-sun-devel~1.4.2.16~0.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-jdbc\", rpm:\"java-1_4_2-sun-jdbc~1.4.2.16~0.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-plugin\", rpm:\"java-1_4_2-sun-plugin~1.4.2.16~0.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-sun-src\", rpm:\"java-1_4_2-sun-src~1.4.2.16~0.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_13~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_13~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_13~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_13~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_13~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_13~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_13~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-04-09T11:41:08", "references": ["http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01234533-4", "02284"], "pluginID": "1361412562310835094", "description": "Check for the Version of Java JRE and JDK", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-05-05T00:00:00", "title": "HP-UX Update for Java JRE and JDK HPSBUX02284", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5689", "CVE-2007-5239", "CVE-2007-5274"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835094", "id": "OPENVAS:1361412562310835094", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java JRE and JDK HPSBUX02284\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote unauthorized access\";\ntag_affected = \"Java JRE and JDK on\n HP-UX B.11.11, B.11.23, and B.11.31 running Java Runtime Environment (JRE) \n v5.0.10 and earlier, and Java Developer Kit (JDK), v1.4.2.16 and earlier.\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities may allow remote unauthorized access.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01234533-4\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835094\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02284\");\n script_cve_id(\"CVE-2007-5240\", \"CVE-2007-5239\", \"CVE-2007-5236\", \"CVE-2007-5237\", \"CVE-2007-5238\", \"CVE-2007-5273\", \"CVE-2007-5274\", \"CVE-2007-5232\", \"CVE-2007-5689\");\n script_name( \"HP-UX Update for Java JRE and JDK HPSBUX02284\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Java JRE and JDK\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-COM\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-COM-DOC\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-IPF32\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-PA11\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-DEMO\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PNV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PWV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM-DOC\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PNV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PNV2-H\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PWV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PWV2-H\", revision:\"1.4.2.17.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-DEMO\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PNV2\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PWV2\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM-DOC\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PNV2\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PNV2-H\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PWV2\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PWV2-H\", revision:\"1.5.0.11\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-COM\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-COM-DOC\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-IPF32\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jpi14.JPI14-PA11\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-DEMO\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PNV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PWV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM-DOC\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PNV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PNV2-H\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PWV2\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PWV2-H\", revision:\"1.4.2.17.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-DEMO\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PNV2\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PWV2\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM-DOC\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PNV2\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PNV2-H\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PWV2\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PWV2-H\", revision:\"1.5.0.11\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:10", "references": [], "pluginID": "136141256231065091", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java2\n java2-jre\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020427 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Sun Java 2", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065091", "id": "OPENVAS:136141256231065091", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020427.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Sun Java 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java2\n java2-jre\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020427 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65091\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5236\", \"CVE-2007-5237\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:N\");\n script_name(\"SLES9: Security update for Sun Java 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java2\", rpm:\"java2~1.4.2~129.32\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-04-06T11:37:54", "references": [], "pluginID": "136141256231065313", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021818 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for IBMJava5-JRE,IBMJava5-SDK", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3698", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065313", "id": "OPENVAS:136141256231065313", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021818.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for IBMJava5-JRE,IBMJava5-SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021818 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65313\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5274\", \"CVE-2007-5273\", \"CVE-2007-5236\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-4381\", \"CVE-2007-3698\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for IBMJava5-JRE,IBMJava5-SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava5-JRE\", rpm:\"IBMJava5-JRE~1.5.0~0.15\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:25", "references": [], "pluginID": "65313", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021818 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "title": "SLES9: Security update for IBMJava5-JRE,IBMJava5-SDK", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3698", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274"], "modified": "2017-07-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65313", "id": "OPENVAS:65313", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021818.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for IBMJava5-JRE,IBMJava5-SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021818 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65313);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5274\", \"CVE-2007-5273\", \"CVE-2007-5236\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-4381\", \"CVE-2007-3698\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for IBMJava5-JRE,IBMJava5-SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava5-JRE\", rpm:\"IBMJava5-JRE~1.5.0~0.15\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:21:13", "references": ["2008-025"], "pluginID": "850026", "description": "Check for the Version of IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm", "edition": 3, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-01-23T00:00:00", "title": "SuSE Update for IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm SUSE-SA:2008:025", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3698", "CVE-2008-1195", "CVE-2008-1194", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2008-1189", "CVE-2008-0657", "CVE-2008-1196", "CVE-2007-5236", "CVE-2008-1190", "CVE-2007-5273", "CVE-2008-1187", "CVE-2008-1188", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274", "CVE-2008-1193", "CVE-2008-1192"], "modified": "2017-12-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850026", "id": "OPENVAS:850026", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2008_025.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm SUSE-SA:2008:025\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"IBM Java 1.4.2 was updated to SR10 and IBM Java 1.5.0 was updated to\n SR7 to fix various security issues:\n\n - CVE-2008-1196: A buffer overflow vulnerability in Java Web Start\n may allow an untrusted Java Web Start application that is downloaded\n from a website to elevate its privileges. For example, an untrusted\n Java Web Start application may grant itself permissions to read and\n write local files or execute local applications that are accessible\n to the user running the untrusted application.\n\n - CVE-2008-1195: A vulnerability in the Java Runtime Environment may\n allow JavaScript(TM) code that is downloaded by a browser to make\n connections to network services on the system that the browser runs\n on, through Java APIs, This may allow files (that are accessible\n through these network services) or vulnerabilities (that exist on\n these network services) which are not otherwise normally accessible\n to be accessed or exploited.\n\n - CVE-2008-1192: A vulnerability in the Java Plug-in may an untrusted\n applet to bypass same origin policy and leverage this flaw to\n execute local applications that are accessible to the user running\n the untrusted applet.\n\n - CVE-2008-1190: A vulnerability in Java Web Start may allow an\n untrusted Java Web Start application to elevate its privileges. For\n example, an application may grant itself permissions to read and\n write local files or execute local applications that are accessible\n to the user running the untrusted application.\n\n - CVE-2008-1189: A buffer overflow vulnerability in the Java Runtime\n Environment may allow an untrusted applet or application to elevate\n its privileges. For example, an applet may grant itself permissions\n to read and write local files or execute local applications that\n are accessible to the user running the untrusted applet.\n\n - CVE-2008-1187: A vulnerability in the Java Runtime Environment\n with parsing XML data may allow an untrusted applet or application\n to elevate its privileges. For example, an applet may read certain\n URL resources (such as some files and web pages).\n\n - CVE-2007-5232: A vulnerability in the Java Runtime Environment (JRE)\n with applet caching may allow an untrusted applet that is\n downloaded from a malicious website to make network connections ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm on SUSE SLES 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850026);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-23 16:44:26 +0100 (Fri, 23 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2008-025\");\n script_cve_id(\"CVE-2007-3698\", \"CVE-2007-4381\", \"CVE-2007-5232\", \"CVE-2007-5236\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\", \"CVE-2008-0657\", \"CVE-2008-1187\", \"CVE-2008-1188\", \"CVE-2008-1189\", \"CVE-2008-1190\", \"CVE-2008-1192\", \"CVE-2008-1193\", \"CVE-2008-1194\", \"CVE-2008-1195\", \"CVE-2008-1196\");\n script_name( \"SuSE Update for IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm SUSE-SA:2008:025\");\n\n script_summary(\"Check for the Version of IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLESDK10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-ibm\", rpm:\"java-1_4_2-ibm~1.4.2_sr10~0.2\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-devel\", rpm:\"java-1_4_2-ibm-devel~1.4.2_sr10~0.2\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-jdbc\", rpm:\"java-1_4_2-ibm-jdbc~1.4.2_sr10~0.2\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-plugin\", rpm:\"java-1_4_2-ibm-plugin~1.4.2_sr10~0.2\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLPOS9\")\n{\n\n if ((res = isrpmvuln(pkg:\"IBMJava5-JRE\", rpm:\"IBMJava5-JRE~1.5.0~0.22\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"IBMJava5-SDK\", rpm:\"IBMJava5-SDK~1.5.0~0.22\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"IBMJava2-JRE\", rpm:\"IBMJava2-JRE~1.4.2~0.112\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"IBMJava2-SDK\", rpm:\"IBMJava2-SDK~1.4.2~0.112\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"OES\")\n{\n\n if ((res = isrpmvuln(pkg:\"IBMJava5-JRE\", rpm:\"IBMJava5-JRE~1.5.0~0.22\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"IBMJava5-SDK\", rpm:\"IBMJava5-SDK~1.5.0~0.22\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"IBMJava2-JRE\", rpm:\"IBMJava2-JRE~1.4.2~0.112\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"IBMJava2-SDK\", rpm:\"IBMJava2-SDK~1.4.2~0.112\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES9\")\n{\n\n if ((res = isrpmvuln(pkg:\"IBMJava5-JRE\", rpm:\"IBMJava5-JRE~1.5.0~0.22\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"IBMJava5-SDK\", rpm:\"IBMJava5-SDK~1.5.0~0.22\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"IBMJava2-JRE\", rpm:\"IBMJava2-JRE~1.4.2~0.112\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"IBMJava2-SDK\", rpm:\"IBMJava2-SDK~1.4.2~0.112\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"LES10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm\", rpm:\"java-1_5_0-ibm~1.5.0_sr7~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-32bit\", rpm:\"java-1_5_0-ibm-32bit~1.5.0_sr7~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-alsa-32bit\", rpm:\"java-1_5_0-ibm-alsa-32bit~1.5.0_sr7~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-devel\", rpm:\"java-1_5_0-ibm-devel~1.5.0_sr7~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-devel-32bit\", rpm:\"java-1_5_0-ibm-devel-32bit~1.5.0_sr7~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-fonts\", rpm:\"java-1_5_0-ibm-fonts~1.5.0_sr7~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-alsa\", rpm:\"java-1_5_0-ibm-alsa~1.5.0_sr7~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-jdbc\", rpm:\"java-1_5_0-ibm-jdbc~1.5.0_sr7~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-plugin\", rpm:\"java-1_5_0-ibm-plugin~1.5.0_sr7~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-demo\", rpm:\"java-1_5_0-ibm-demo~1.5.0_sr7~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-src\", rpm:\"java-1_5_0-ibm-src~1.5.0_sr7~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-ibm\", rpm:\"java-1_4_2-ibm~1.4.2_sr10~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-devel\", rpm:\"java-1_4_2-ibm-devel~1.4.2_sr10~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-jdbc\", rpm:\"java-1_4_2-ibm-jdbc~1.4.2_sr10~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-plugin\", rpm:\"java-1_4_2-ibm-plugin~1.4.2_sr10~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm\", rpm:\"java-1_5_0-ibm~1.5.0_sr7~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-32bit\", rpm:\"java-1_5_0-ibm-32bit~1.5.0_sr7~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-alsa-32bit\", rpm:\"java-1_5_0-ibm-alsa-32bit~1.5.0_sr7~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-devel\", rpm:\"java-1_5_0-ibm-devel~1.5.0_sr7~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-devel-32bit\", rpm:\"java-1_5_0-ibm-devel-32bit~1.5.0_sr7~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-fonts\", rpm:\"java-1_5_0-ibm-fonts~1.5.0_sr7~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-alsa\", rpm:\"java-1_5_0-ibm-alsa~1.5.0_sr7~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-jdbc\", rpm:\"java-1_5_0-ibm-jdbc~1.5.0_sr7~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-plugin\", rpm:\"java-1_5_0-ibm-plugin~1.5.0_sr7~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-demo\", rpm:\"java-1_5_0-ibm-demo~1.5.0_sr7~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-src\", rpm:\"java-1_5_0-ibm-src~1.5.0_sr7~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:08", "references": [], "pluginID": "136141256231066000", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-13T00:00:00", "title": "SLES10: Security update for IBM Java 1.5.0", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1195", "CVE-2008-1194", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2008-1189", "CVE-2008-0657", "CVE-2008-1196", "CVE-2007-5236", "CVE-2008-1190", "CVE-2007-5273", "CVE-2008-1187", "CVE-2008-1188", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274", "CVE-2008-1193", "CVE-2008-1192"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066000", "id": "OPENVAS:136141256231066000", "sourceData": "#\n#VID slesp1-java-1_5_0-ibm-5183\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.5.0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66000\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-1196\", \"CVE-2008-1195\", \"CVE-2008-1194\", \"CVE-2008-1193\", \"CVE-2008-1192\", \"CVE-2008-1190\", \"CVE-2008-1189\", \"CVE-2008-1188\", \"CVE-2008-1187\", \"CVE-2008-0657\", \"CVE-2007-5232\", \"CVE-2007-5274\", \"CVE-2007-5273\", \"CVE-2007-5236\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-4381\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for IBM Java 1.5.0\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm\", rpm:\"java-1_5_0-ibm~1.5.0_sr7~0.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-alsa\", rpm:\"java-1_5_0-ibm-alsa~1.5.0_sr7~0.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-devel\", rpm:\"java-1_5_0-ibm-devel~1.5.0_sr7~0.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-fonts\", rpm:\"java-1_5_0-ibm-fonts~1.5.0_sr7~0.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-jdbc\", rpm:\"java-1_5_0-ibm-jdbc~1.5.0_sr7~0.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-plugin\", rpm:\"java-1_5_0-ibm-plugin~1.5.0_sr7~0.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:02", "references": [], "pluginID": "136141256231065053", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava2-SDK\n IBMJava2-JRE\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023603 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for IBM Java 2 JRE and SDK", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3698", "CVE-2008-1195", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2008-1189", "CVE-2008-1196", "CVE-2007-5236", "CVE-2008-1190", "CVE-2007-5273", "CVE-2008-1187", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274", "CVE-2008-1192"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065053", "id": "OPENVAS:136141256231065053", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5023603.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for IBM Java 2 JRE and SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava2-SDK\n IBMJava2-JRE\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023603 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65053\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-1196\", \"CVE-2008-1195\", \"CVE-2008-1192\", \"CVE-2008-1190\", \"CVE-2008-1189\", \"CVE-2008-1187\", \"CVE-2007-5232\", \"CVE-2007-5274\", \"CVE-2007-5273\", \"CVE-2007-5236\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-4381\", \"CVE-2007-3698\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for IBM Java 2 JRE and SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava2-SDK\", rpm:\"IBMJava2-SDK~1.4.2~0.112\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:40:20", "references": ["http://support.novell.com/security/cve/CVE-2007-5239.html", "http://support.novell.com/security/cve/CVE-2007-5237.html", "http://support.novell.com/security/cve/CVE-2007-5232.html", "http://support.novell.com/security/cve/CVE-2007-5240.html", "http://support.novell.com/security/cve/CVE-2007-5238.html", "http://support.novell.com/security/cve/CVE-2007-5236.html", "http://support.novell.com/security/cve/CVE-2007-5274.html", "http://support.novell.com/security/cve/CVE-2007-5273.html"], "pluginID": "29473", "description": "The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs, including the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1\n\n - Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. (CVE-2007-5232)\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1\n\n - Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enfor ce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted applica tion. (CVE-2007-5236)\n\n - Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka 'two vulnerabilities'.\n (CVE-2007-5237)\n\n - Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka 'three vulnerabilities.'. (CVE-2007-5238)\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1\n\n - Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.\n (CVE-2007-5239)\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1\n\n - Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen. (CVE-2007-5240)\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1\n\n - Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. (CVE-2007-5273)\n\n - Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. (CVE-2007-5274)", "edition": 4, "reporter": "Tenable", "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 4533)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "modified": "2012-05-17T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_4_2-SUN-4533.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29473", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29473);\n script_version (\"$Revision: 1.15 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:12:38 $\");\n\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5236\", \"CVE-2007-5237\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\");\n\n script_name(english:\"SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 4533)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs,\nincluding the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1\n\n - Sun Java Runtime Environment (JRE) in JDK and JRE 6\n Update 2 and earlier, JDK and JRE 5.0 Update 12 and\n earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and\n JRE 1.3.1_20 and earlier, when applet caching is\n enabled, allows remote attackers to violate the security\n model for an applet's outbound connections via a DNS\n rebinding attack. (CVE-2007-5232)\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1\n\n - Java Web Start in Sun JDK and JRE 5.0 Update 12 and\n earlier, and SDK and JRE 1.4.2_15 and earlier, on\n Windows does not properly enfor ce access restrictions\n for untrusted applications, which allows user-assisted\n remote attackers to read local files via an untrusted\n applica tion. (CVE-2007-5236)\n\n - Java Web Start in Sun JDK and JRE 6 Update 2 and earlier\n does not properly enforce access restrictions for\n untrusted applications, which allows user-assisted\n remote attackers to read and modify local files via an\n untrusted application, aka 'two vulnerabilities'.\n (CVE-2007-5237)\n\n - Java Web Start in Sun JDK and JRE 6 Update 2 and\n earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK\n and JRE 1.4.2_15 and earlier does not properly enforce\n access restrictions for untrusted applications, which\n allows user-assisted remote attackers to obtain\n sensitive information (the Java Web Start cache\n location) via an untrusted application, aka 'three\n vulnerabilities.'. (CVE-2007-5238)\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1\n\n - Java Web Start in Sun JDK and JRE 6 Update 2 and\n earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\n JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and\n earlier does not properly enforce access restrictions\n for untrusted (1) applications and (2) applets, which\n allows user-assisted remote attackers to copy or rename\n arbitrary files when local users perform drag-and-drop\n operations from the untrusted application or applet\n window onto certain types of desktop applications.\n (CVE-2007-5239)\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1\n\n - Visual truncation vulnerability in the Java Runtime\n Environment in Sun JDK and JRE 6 Update 2 and earlier,\n JDK and JRE 5.0 Update 12 and earlier, SDK and JRE\n 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and\n earlier allows remote attackers to circumvent display of\n the untrusted-code warning banner by creating a window\n larger than the workstation screen. (CVE-2007-5240)\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1\n\n - Sun Java Runtime Environment (JRE) in JDK and JRE 6\n Update 2 and earlier, JDK and JRE 5.0 Update 12 and\n earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and\n JRE 1.3.1_20 and earlier, when an HTTP proxy server is\n used, allows remote attackers to violate the security\n model for an applet's outbound connections via a\n multi-pin DNS rebinding attack in which the applet\n download relies on DNS resolution on the proxy server,\n but the applet's socket operations rely on DNS\n resolution on the local machine, a different issue than\n CVE-2007-5274. (CVE-2007-5273)\n\n - Sun Java Runtime Environment (JRE) in JDK and JRE 6\n Update 2 and earlier, JDK and JRE 5.0 Update 12 and\n earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and\n JRE 1.3.1_20 and earlier, when Firefox or Opera is used,\n allows remote attackers to violate the security model\n for JavaScript outbound connections via a multi-pin DNS\n rebinding attack dependent on the LiveConnect API, in\n which JavaScript download relies on DNS resolution by\n the browser, but JavaScript socket operations rely on\n separate DNS resolution by a Java Virtual Machine (JVM),\n a different issue than CVE-2007-5273. (CVE-2007-5274)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5232.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5236.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5237.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5238.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5239.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5273.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5274.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4533.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"java-1_4_2-sun-1.4.2.16-0.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"java-1_4_2-sun-alsa-1.4.2.16-0.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"java-1_4_2-sun-demo-1.4.2.16-0.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"java-1_4_2-sun-devel-1.4.2.16-0.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"java-1_4_2-sun-jdbc-1.4.2.16-0.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"java-1_4_2-sun-plugin-1.4.2.16-0.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"java-1_4_2-sun-src-1.4.2.16-0.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"java-1_4_2-sun-1.4.2.16-0.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"java-1_4_2-sun-alsa-1.4.2.16-0.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"java-1_4_2-sun-devel-1.4.2.16-0.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"java-1_4_2-sun-jdbc-1.4.2.16-0.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"java-1_4_2-sun-plugin-1.4.2.16-0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-09-01T23:57:11", "references": ["http://conference.hitb.org/hitbsecconf2007kl/?page_id=148", "http://www.nessus.org/u?1cbab94e", "http://www.nessus.org/u?d88f8c90", "http://www.nessus.org/u?811a9446", "http://www.nessus.org/u?3744db68", "http://www.nessus.org/u?6dd067e0"], "pluginID": "64824", "description": "According to its version number, the Sun Java Runtime Environment (JRE) and/or Web Start installed on the remote host is reportedly affected by several issues that could be abused to move / copy local files, read or write local files, circumvent network access restrictions, or elevate privileges.", "edition": 5, "reporter": "Tenable", "published": "2013-02-22T00:00:00", "title": "Sun Java JRE / Web Start Multiple Vulnerabilities (103072, 103073, 103078, 103079, 103112) (Unix)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Misc.", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5689", "CVE-2007-5239", "CVE-2007-5274"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "SUN_JAVA_JRE_103079_UNIX.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64824", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64824);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/30 15:31:32\");\n\n script_cve_id(\n \"CVE-2007-5232\",\n \"CVE-2007-5236\",\n \"CVE-2007-5237\",\n \"CVE-2007-5238\",\n \"CVE-2007-5239\",\n \"CVE-2007-5240\",\n \"CVE-2007-5273\",\n \"CVE-2007-5274\",\n \"CVE-2007-5689\"\n );\n script_bugtraq_id(25918, 25920, 26185);\n\n script_name(english:\"Sun Java JRE / Web Start Multiple Vulnerabilities (103072, 103073, 103078, 103079, 103112) (Unix)\");\n script_summary(english:\"Checks version of Sun JRE\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Unix host has an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the Sun Java Runtime Environment (JRE)\nand/or Web Start installed on the remote host is reportedly affected by\nseveral issues that could be abused to move / copy local files, read or\nwrite local files, circumvent network access restrictions, or elevate\nprivileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://conference.hitb.org/hitbsecconf2007kl/?page_id=148\");\n # http://web.archive.org/web/20080129213300/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d88f8c90\");\n # http://web.archive.org/web/20080129213305/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3744db68\");\n # http://web.archive.org/web/20080622195736/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dd067e0\");\n # http://web.archive.org/web/20080609024942/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1cbab94e\");\n # http://web.archive.org/web/20071027024719/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?811a9446\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Sun JDK and JRE 6 Update 3 / JDK and JRE 5.0 Update 13 / SDK\nand JRE 1.4.2_16 / SDK and JRE 1.3.1_21 or later and remove, if\nnecessary, any other affected versions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/22\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"Host/Java/JRE/Unmanaged/*\");\n\ninfo = \"\";\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = \"\";\ngranular = \"\";\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"Host/Java/JRE/Unmanaged/\";\n if (ver !~ \"^[0-9.]+\") continue;\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ \"^1\\.6\\.0_0[0-2][^0-9]?\" ||\n ver =~ \"^1\\.5\\.0_(0[0-9]|1[0-2])[^0-9]?\" ||\n ver =~ \"^1\\.4\\.([01]_|2_(0[0-9]|1[0-5][^0-9]?))\" ||\n ver =~ \"^1\\.3\\.(0_|1_([01][0-9]|20[^0-9]?))\"\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_03 / 1.5.0_13 / 1.4.2_16 / 1.3.1_21\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += \"The Oracle Java version \"+ver+\" at \"+dir+\" is not granular enough to make a determination.\"+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:46:50", "references": ["http://sunsolve.sun.com/search/document.do?assetkey=1-26-103"], "pluginID": "27512", "description": "The Sun JAVA JDK 1.5.0 was upgraded to release 13 to fix various bugs, including the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enfor ce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka 'two vulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273.", "edition": 4, "reporter": "Tenable", "published": "2007-10-18T00:00:00", "title": "openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-4527)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_JAVA-1_5_0-SUN-4527.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27512", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-4527.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27512);\n script_version (\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:11:35 $\");\n\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5236\", \"CVE-2007-5237\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-4527)\");\n script_summary(english:\"Check for the java-1_5_0-sun-4527 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JAVA JDK 1.5.0 was upgraded to release 13 to fix various bugs,\nincluding the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\napplet caching is enabled, allows remote attackers to violate the\nsecurity model for an applet's outbound connections via a DNS\nrebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and\nearlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not\nproperly enfor ce access restrictions for untrusted applications,\nwhich allows user-assisted remote attackers to read local files via an\nuntrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier does not properly enforce access restrictions for untrusted\napplications, which allows user-assisted remote attackers to read and\nmodify local files via an untrusted application, aka 'two\nvulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE\n1.4.2_15 and earlier does not properly enforce access restrictions for\nuntrusted applications, which allows user-assisted remote attackers to\nobtain sensitive information (the Java Web Start cache location) via\nan untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15\nand earlier, and SDK and JRE 1.3.1_20 and earlier does not properly\nenforce access restrictions for untrusted (1) applications and (2)\napplets, which allows user-assisted remote attackers to copy or rename\narbitrary files when local users perform drag-and-drop operations from\nthe untrusted application or applet window onto certain types of\ndesktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime\nEnvironment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0\nUpdate 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and\nJRE 1.3.1_20 and earlier allows remote attackers to circumvent display\nof the untrusted-code warning banner by creating a window larger than\nthe workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\nan HTTP proxy server is used, allows remote attackers to violate the\nsecurity model for an applet's outbound connections via a multi-pin\nDNS rebinding attack in which the applet download relies on DNS\nresolution on the proxy server, but the applet's socket operations\nrely on DNS resolution on the local machine, a different issue than\nCVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\nFirefox or Opera is used, allows remote attackers to violate the\nsecurity model for JavaScript outbound connections via a multi-pin DNS\nrebinding attack dependent on the LiveConnect API, in which JavaScript\ndownload relies on DNS resolution by the browser, but JavaScript\nsocket operations rely on separate DNS resolution by a Java Virtual\nMachine (JVM), a different issue than CVE-2007-5273.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-103\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_5_0-sun-1.5.0_13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_5_0-sun-alsa-1.5.0_13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_5_0-sun-demo-1.5.0_13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_5_0-sun-devel-1.5.0_13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_5_0-sun-jdbc-1.5.0_13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_5_0-sun-plugin-1.5.0_13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"java-1_5_0-sun-src-1.5.0_13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_5_0-sun-1.5.0_update13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_5_0-sun-alsa-1.5.0_update13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_5_0-sun-demo-1.5.0_update13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_5_0-sun-devel-1.5.0_update13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_5_0-sun-plugin-1.5.0_update13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"java-1_5_0-sun-src-1.5.0_update13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-1.5.0_update13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-alsa-1.5.0_update13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-demo-1.5.0_update13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-devel-1.5.0_update13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-plugin-1.5.0_update13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-src-1.5.0_update13-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-09-01T23:34:52", "references": ["http://sunsolve.sun.com/search/document.do?assetkey=1-26-103"], "pluginID": "27513", "description": "The Sun JAVA JDK 1.6.0 was upgraded to release 3 to fix various bugs, including the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enfor ce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka 'two vulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273.", "edition": 4, "reporter": "Tenable", "published": "2007-10-18T00:00:00", "title": "openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-4525)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc"], "id": "SUSE_JAVA-1_6_0-SUN-4525.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27513", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-4525.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27513);\n script_version (\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:11:35 $\");\n\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5236\", \"CVE-2007-5237\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-4525)\");\n script_summary(english:\"Check for the java-1_6_0-sun-4525 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JAVA JDK 1.6.0 was upgraded to release 3 to fix various bugs,\nincluding the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\napplet caching is enabled, allows remote attackers to violate the\nsecurity model for an applet's outbound connections via a DNS\nrebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and\nearlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not\nproperly enfor ce access restrictions for untrusted applications,\nwhich allows user-assisted remote attackers to read local files via an\nuntrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier does not properly enforce access restrictions for untrusted\napplications, which allows user-assisted remote attackers to read and\nmodify local files via an untrusted application, aka 'two\nvulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE\n1.4.2_15 and earlier does not properly enforce access restrictions for\nuntrusted applications, which allows user-assisted remote attackers to\nobtain sensitive information (the Java Web Start cache location) via\nan untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and\nearlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15\nand earlier, and SDK and JRE 1.3.1_20 and earlier does not properly\nenforce access restrictions for untrusted (1) applications and (2)\napplets, which allows user-assisted remote attackers to copy or rename\narbitrary files when local users perform drag-and-drop operations from\nthe untrusted application or applet window onto certain types of\ndesktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime\nEnvironment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0\nUpdate 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and\nJRE 1.3.1_20 and earlier allows remote attackers to circumvent display\nof the untrusted-code warning banner by creating a window larger than\nthe workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\nan HTTP proxy server is used, allows remote attackers to violate the\nsecurity model for an applet's outbound connections via a multi-pin\nDNS rebinding attack in which the applet download relies on DNS\nresolution on the proxy server, but the applet's socket operations\nrely on DNS resolution on the local machine, a different issue than\nCVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6\nUpdate 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and\nJRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when\nFirefox or Opera is used, allows remote attackers to violate the\nsecurity model for JavaScript outbound connections via a multi-pin DNS\nrebinding attack dependent on the LiveConnect API, in which JavaScript\ndownload relies on DNS resolution by the browser, but JavaScript\nsocket operations rely on separate DNS resolution by a Java Virtual\nMachine (JVM), a different issue than CVE-2007-5273.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-103\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-1.6.0.u3-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-alsa-1.6.0.u3-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-demo-1.6.0.u3-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-devel-1.6.0.u3-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u3-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-plugin-1.6.0.u3-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-09-01T23:43:59", "references": ["http://conference.hitb.org/hitbsecconf2007kl/?page_id=148", "http://www.nessus.org/u?1cbab94e", "http://www.nessus.org/u?d88f8c90", "http://www.nessus.org/u?811a9446", "http://www.nessus.org/u?3744db68", "http://www.nessus.org/u?6dd067e0"], "pluginID": "26923", "description": "According to its version number, the Sun Java Runtime Environment (JRE) and/or Web Start installed on the remote host reportedly is affected by several issues that could be abused to move / copy local files, read or write local files, circumvent network access restrictions, or elevate privileges.", "edition": 8, "reporter": "Tenable", "published": "2007-10-05T00:00:00", "title": "Sun Java JRE / Web Start Multiple Vulnerabilities (103072, 103073, 103078, 103079, 103112)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5689", "CVE-2007-5239", "CVE-2007-5274"], "modified": "2018-08-03T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "SUN_JAVA_JRE_103079.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=26923", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(26923);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/08/03 11:35:09\");\n\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5236\", \"CVE-2007-5237\", \n \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \n \"CVE-2007-5273\", \"CVE-2007-5274\", \"CVE-2007-5689\");\n script_bugtraq_id(25918, 25920, 26185);\n\n script_name(english:\"Sun Java JRE / Web Start Multiple Vulnerabilities (103072, 103073, 103078, 103079, 103112)\");\n script_summary(english:\"Checks version of Sun JRE\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by\nmultiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the Sun Java Runtime Environment\n(JRE) and/or Web Start installed on the remote host reportedly is\naffected by several issues that could be abused to move / copy local\nfiles, read or write local files, circumvent network access\nrestrictions, or elevate privileges.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://conference.hitb.org/hitbsecconf2007kl/?page_id=148\" );\n # http://web.archive.org/web/20080129213300/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d88f8c90\");\n # http://web.archive.org/web/20080129213305/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3744db68\");\n # http://web.archive.org/web/20080622195736/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dd067e0\");\n # http://web.archive.org/web/20080609024942/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1cbab94e\");\n # http://web.archive.org/web/20071027024719/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?811a9446\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Sun JDK and JRE 6 Update 3 / JDK and JRE 5.0 Update 13 / SDK\nand JRE 1.4.2_16 / SDK and JRE 1.3.1_21 or later and remove if\nnecessary any other affected versions.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/10/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/10/03\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\n# Check each installed JRE.\ninstalls = get_kb_list(\"SMB/Java/JRE/*\");\nif (isnull(installs)) exit(1, \"The 'SMB/Java/JRE/' KB item is missing.\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver =~ \"^[0-9.]+\")\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ \"^1\\.6\\.0_0[0-2][^0-9]?\" ||\n ver =~ \"^1\\.5\\.0_(0[0-9]|1[0-2])[^0-9]?\" ||\n ver =~ \"^1\\.4\\.([01]_|2_(0[0-9]|1[0-5][^0-9]?))\" ||\n ver =~ \"^1\\.3\\.(0_|1_([01][0-9]|20[^0-9]?))\"\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_03 / 1.5.0_13 / 1.4.2_16 / 1.3.1_21\\n';\n }\n}\n\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-17T07:09:09", "references": ["https://access.redhat.com/security/cve/cve-2007-5274", "https://access.redhat.com/errata/RHSA-2007:1041", "https://access.redhat.com/security/cve/cve-2007-5239", "https://access.redhat.com/security/cve/cve-2007-5238", "https://access.redhat.com/security/cve/cve-2007-5232", "https://access.redhat.com/security/cve/cve-2007-5240", "https://access.redhat.com/security/cve/cve-2007-5273"], "pluginID": "40710", "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nIBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.\n\nThe applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from.\n(CVE-2007-5232)\n\nMultiple vulnerabilities existed in Java Web Start allowing an untrusted application to determine the location of the Java Web Start cache. (CVE-2007-5238)\n\nUntrusted Java Web Start Applications or Java Applets were able to drag and drop a file to a Desktop Application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files.\n(CVE-2007-5239)\n\nThe Java Runtime Environment allowed untrusted Java Applets or applications to display oversized Windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240)\n\nUnsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached malicious Applet could create network connections to services on other machines.\n(CVE-2007-5273)\n\nUnsigned Applets loaded with Mozilla Firefox or Opera browsers allowed remote attackers to violate the Java security model. A cached malicious Applet could create network connections to services on other machines. (CVE-2007-5274)\n\nAll users of java-ibm-1.5.0 are advised to upgrade to these updated packages, that contain IBM's 1.5.0 SR6 Java release which resolves these issues.", "edition": 8, "reporter": "Tenable", "published": "2009-08-24T00:00:00", "title": "RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2007:1041)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "modified": "2018-11-16T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin", "cpe:/o:redhat:enterprise_linux:4.6"], "id": "REDHAT-RHSA-2007-1041.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40710", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1041. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40710);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/11/16 15:19:26\");\n\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\");\n script_bugtraq_id(25918, 25920);\n script_xref(name:\"RHSA\", value:\"2007:1041\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2007:1041)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nIBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThe applet caching mechanism of the Java Runtime Environment (JRE) did\nnot correctly process the creation of network connections. A remote\nattacker could use this flaw to create connections to services on\nmachines other than the one that the applet was downloaded from.\n(CVE-2007-5232)\n\nMultiple vulnerabilities existed in Java Web Start allowing an\nuntrusted application to determine the location of the Java Web Start\ncache. (CVE-2007-5238)\n\nUntrusted Java Web Start Applications or Java Applets were able to\ndrag and drop a file to a Desktop Application. A user-assisted remote\nattacker could use this flaw to move or copy arbitrary files.\n(CVE-2007-5239)\n\nThe Java Runtime Environment allowed untrusted Java Applets or\napplications to display oversized Windows. This could be used by\nremote attackers to hide security warning banners. (CVE-2007-5240)\n\nUnsigned Java Applets communicating via a HTTP proxy could allow a\nremote attacker to violate the Java security model. A cached malicious\nApplet could create network connections to services on other machines.\n(CVE-2007-5273)\n\nUnsigned Applets loaded with Mozilla Firefox or Opera browsers allowed\nremote attackers to violate the Java security model. A cached\nmalicious Applet could create network connections to services on other\nmachines. (CVE-2007-5274)\n\nAll users of java-ibm-1.5.0 are advised to upgrade to these updated\npackages, that contain IBM's 1.5.0 SR6 Java release which resolves\nthese issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:1041\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:1041\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-1.5.0.6-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-demo-1.5.0.6-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-devel-1.5.0.6-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.6-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.6-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.6-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.6-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.6-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-src-1.5.0.6-1jpp.2.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-1.5.0.6-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.6-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.6-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.6-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-demo-1.5.0.6-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-devel-1.5.0.6-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.6-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.6-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.6-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.6-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.6-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-src-1.5.0.6-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:47:25", "references": ["http://support.novell.com/security/cve/CVE-2007-3698.html", "http://support.novell.com/security/cve/CVE-2007-4381.html", "http://support.novell.com/security/cve/CVE-2007-5239.html", "http://support.novell.com/security/cve/CVE-2007-5232.html", "http://support.novell.com/security/cve/CVE-2007-5240.html", "http://support.novell.com/security/cve/CVE-2007-5238.html", "http://support.novell.com/security/cve/CVE-2007-5236.html", "http://support.novell.com/security/cve/CVE-2007-5274.html", "http://support.novell.com/security/cve/CVE-2007-5273.html"], "pluginID": "29476", "description": "The IBM Java JRE/SDK has been brought to release 1.5.0 SR6, containing several bugfixes, including the following security fixes :\n\n - A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5232)\n\n - A vulnerability in the Java Runtime Environment (JRE) may allow malicious JavaScript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the JavaScript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5274)\n\n - A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.\n (CVE-2007-5273)\n\n - An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application. (CVE-2007-5236)\n\n - Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2007-5238)\n\n - An untrusted Java Web Start application or Java applet may move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window. (CVE-2007-5239)\n\n - An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. CVE-2007-4381: A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-5240)\n\n - The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support. (CVE-2007-3698)\n\nFor more information see:\nhttp://www-128.ibm.com/developerworks/java/jdk/alerts/\n\nAdditionally a concurrency bug has been fixed (Novell Bug 330713).", "edition": 4, "reporter": "Tenable", "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : java-1_5_0-ibm (ZYPP Patch Number 4687)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3698", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274"], "modified": "2014-05-22T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_5_0-IBM-4687.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29476", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29476);\n script_version (\"$Revision: 1.16 $\");\n script_cvs_date(\"$Date: 2014/05/22 11:17:46 $\");\n\n script_cve_id(\"CVE-2007-3698\", \"CVE-2007-4381\", \"CVE-2007-5232\", \"CVE-2007-5236\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\");\n\n script_name(english:\"SuSE 10 Security Update : java-1_5_0-ibm (ZYPP Patch Number 4687)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The IBM Java JRE/SDK has been brought to release 1.5.0 SR6, containing\nseveral bugfixes, including the following security fixes :\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with applet caching may allow an untrusted applet that\n is downloaded from a malicious website to make network\n connections to network services on machines other than\n the one that the applet was downloaded from. This may\n allow network resources (such as web pages) and\n vulnerabilities (that exist on these network services)\n which are not otherwise normally accessible to be\n accessed or exploited. (CVE-2007-5232)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n may allow malicious JavaScript code that is downloaded\n by a browser from a malicious website to make network\n connections, through Java APIs, to network services on\n machines other than the one that the JavaScript code was\n downloaded from. This may allow network resources (such\n as web pages) and vulnerabilities (that exist on these\n network services) which are not otherwise normally\n accessible to be accessed or exploited. (CVE-2007-5274)\n\n - A second vulnerability in the JRE may allow an untrusted\n applet that is downloaded from a malicious website\n through a web proxy to make network connections to\n network services on machines other than the one that the\n applet was downloaded from. This may allow network\n resources (such as web pages) and vulnerabilities (that\n exist on these network services) which are not otherwise\n normally accessible to be accessed or exploited.\n (CVE-2007-5273)\n\n - An untrusted Java Web Start application may write\n arbitrary files with the privileges of the user running\n the application. (CVE-2007-5236)\n\n - Three separate vulnerabilities may allow an untrusted\n Java Web Start application to determine the location of\n the Java Web Start cache. (CVE-2007-5238)\n\n - An untrusted Java Web Start application or Java applet\n may move or copy arbitrary files by requesting the user\n of the application or applet to drag and drop a file\n from the Java Web Start application or Java applet\n window. (CVE-2007-5239)\n\n - An untrusted applet may display an over-sized window so\n that the applet warning banner is not visible to the\n user running the untrusted applet. CVE-2007-4381: A\n vulnerability in the font parsing code in the Java\n Runtime Environment may allow an untrusted applet to\n elevate its privileges. For example, an applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2007-5240)\n\n - The Java Secure Socket Extension (JSSE) that is included\n in various releases of the Java Runtime Environment does\n not correctly process SSL/TLS handshake requests. This\n vulnerability may be exploited to create a Denial of\n Service (DoS) condition to the system as a whole on a\n server that listens for SSL/TLS connections using JSSE\n for SSL/TLS support. (CVE-2007-3698)\n\nFor more information see:\nhttp://www-128.ibm.com/developerworks/java/jdk/alerts/\n\nAdditionally a concurrency bug has been fixed (Novell Bug 330713).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3698.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4381.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5232.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5236.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5238.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5239.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5273.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5274.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4687.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"java-1_5_0-ibm-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"java-1_5_0-ibm-demo-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"java-1_5_0-ibm-devel-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"java-1_5_0-ibm-src-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"java-1_5_0-ibm-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"java-1_5_0-ibm-devel-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr6-0.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr6-0.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-17T06:57:52", "references": ["https://access.redhat.com/security/cve/cve-2007-5274", "https://access.redhat.com/errata/RHSA-2007:0963", "https://access.redhat.com/security/cve/cve-2007-5239", "https://access.redhat.com/security/cve/cve-2007-5238", "https://access.redhat.com/security/cve/cve-2007-5689", "https://access.redhat.com/security/cve/cve-2007-5232", "https://access.redhat.com/security/cve/cve-2007-5240", "https://access.redhat.com/security/cve/cve-2007-5273"], "pluginID": "40709", "description": "Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language.\n\nA flaw in the applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from.\n(CVE-2007-5232)\n\nMultiple vulnerabilities existed in Java Web Start allowing an untrusted application to determine the location of the Java Web Start cache. (CVE-2007-5238)\n\nUntrusted Java Web Start Applications or Java Applets were able to drag and drop a file to a Desktop Application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files.\n(CVE-2007-5239)\n\nThe Java Runtime Environment (JRE) allowed untrusted Java Applets or applications to display oversized Windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240)\n\nUnsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5273)\n\nUnsigned Applets loaded with Mozilla Firefox or Opera browsers allowed remote attackers to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5274)\n\nIn Red Hat Enterprise Linux a Java Web Start application requesting elevated permissions is only started automatically when signed with a trusted code signing certificate and otherwise requires user confirmation to access privileged resources.\n\nAll users of java-sun-1.5.0 should upgrade to these packages, which contain Sun Java 1.5.0 Update 13 that corrects these issues.\n\nPlease note that during our quality testing we discovered that the Java browser plug-in may not function perfectly when visiting some sites that make use of multiple applets on a single HTML page. We have verified that this issue is not due to our packaging and affects Sun Java 1.5.0 Update 13.", "edition": 8, "reporter": "Tenable", "published": "2009-08-24T00:00:00", "title": "RHEL 4 / 5 : java-1.5.0-sun (RHSA-2007:0963)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5273", "CVE-2007-5689", "CVE-2007-5239", "CVE-2007-5274"], "modified": "2018-11-16T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel"], "id": "REDHAT-RHSA-2007-0963.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40709", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0963. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40709);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/11/16 15:19:26\");\n\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\", \"CVE-2007-5689\");\n script_bugtraq_id(25918, 25920);\n script_xref(name:\"RHSA\", value:\"2007:0963\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-sun (RHSA-2007:0963)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Java Runtime Environment (JRE) contains the software and tools\nthat users need to run applets and applications written using the Java\nprogramming language.\n\nA flaw in the applet caching mechanism of the Java Runtime Environment\n(JRE) did not correctly process the creation of network connections. A\nremote attacker could use this flaw to create connections to services\non machines other than the one that the applet was downloaded from.\n(CVE-2007-5232)\n\nMultiple vulnerabilities existed in Java Web Start allowing an\nuntrusted application to determine the location of the Java Web Start\ncache. (CVE-2007-5238)\n\nUntrusted Java Web Start Applications or Java Applets were able to\ndrag and drop a file to a Desktop Application. A user-assisted remote\nattacker could use this flaw to move or copy arbitrary files.\n(CVE-2007-5239)\n\nThe Java Runtime Environment (JRE) allowed untrusted Java Applets or\napplications to display oversized Windows. This could be used by\nremote attackers to hide security warning banners. (CVE-2007-5240)\n\nUnsigned Java Applets communicating via a HTTP proxy could allow a\nremote attacker to violate the Java security model. A cached,\nmalicious Applet could create network connections to services on other\nmachines. (CVE-2007-5273)\n\nUnsigned Applets loaded with Mozilla Firefox or Opera browsers allowed\nremote attackers to violate the Java security model. A cached,\nmalicious Applet could create network connections to services on other\nmachines. (CVE-2007-5274)\n\nIn Red Hat Enterprise Linux a Java Web Start application requesting\nelevated permissions is only started automatically when signed with a\ntrusted code signing certificate and otherwise requires user\nconfirmation to access privileged resources.\n\nAll users of java-sun-1.5.0 should upgrade to these packages, which\ncontain Sun Java 1.5.0 Update 13 that corrects these issues.\n\nPlease note that during our quality testing we discovered that the\nJava browser plug-in may not function perfectly when visiting some\nsites that make use of multiple applets on a single HTML page. We have\nverified that this issue is not due to our packaging and affects Sun\nJava 1.5.0 Update 13.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0963\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0963\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-1.5.0.13-1jpp.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-1.5.0.13-1jpp.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-plugin-1.5.0.13-1jpp.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-src-1.5.0.13-1jpp.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-src-1.5.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-1.5.0.13-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-1.5.0.13-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-plugin-1.5.0.13-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-src-1.5.0.13-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-src-1.5.0.13-1jpp.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-sun / java-1.5.0-sun-demo / java-1.5.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-29T19:29:10", "references": ["https://access.redhat.com/errata/RHSA-2008:0156", "http://www.nessus.org/u?7dd1a2b1", "https://access.redhat.com/security/cve/cve-2007-5239", "https://access.redhat.com/security/cve/cve-2007-5232", "https://access.redhat.com/security/cve/cve-2008-0657", "https://access.redhat.com/security/cve/cve-2007-5240", "https://access.redhat.com/security/cve/cve-2007-5273"], "pluginID": "40716", "description": "Updated java-1.5.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe BEA WebLogic JRockit 1.5.0_14 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.5.0_14 and are certified for the Java 5 Platform, Standard Edition, v1.5.0.\n\nA flaw in the applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from.\n(CVE-2007-5232)\n\nUntrusted Java Applets were able to drag and drop a file to a Desktop Application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files. (CVE-2007-5239)\n\nThe Java Runtime Environment (JRE) allowed untrusted Java Applets or applications to display oversized windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240)\n\nUnsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5273)\n\nTwo vulnerabilities in the Java Runtime Environment allowed an untrusted application or applet to elevate the assigned privileges.\nThis could be misused by a malicious website to read and write local files or execute local applications in the context of the user running the Java process. (CVE-2008-0657)\n\nThose vulnerabilities concerned with applets can only be triggered in java-1.5.0-bea by calling the 'appletviewer' application.\n\nAll users of java-1.5.0-bea should upgrade to these updated packages, which contain the BEA WebLogic JRockit 1.5.0_14 release that resolves these issues.", "edition": 8, "reporter": "Tenable", "published": "2009-08-24T00:00:00", "title": "RHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:0156)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5232", "CVE-2007-5240", "CVE-2008-0657", "CVE-2007-5273", "CVE-2007-5239"], "modified": "2018-11-27T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-src", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-missioncontrol", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea", "cpe:/o:redhat:enterprise_linux:5.1", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-devel", "cpe:/o:redhat:enterprise_linux:4.6"], "id": "REDHAT-RHSA-2008-0156.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40716", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0156. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40716);\n script_version (\"1.21\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2007-5232\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2008-0657\");\n script_bugtraq_id(25918, 27650);\n script_xref(name:\"RHSA\", value:\"2008:0156\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:0156)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-bea packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe BEA WebLogic JRockit 1.5.0_14 JRE and SDK contain BEA WebLogic\nJRockit Virtual Machine 1.5.0_14 and are certified for the Java 5\nPlatform, Standard Edition, v1.5.0.\n\nA flaw in the applet caching mechanism of the Java Runtime Environment\n(JRE) did not correctly process the creation of network connections. A\nremote attacker could use this flaw to create connections to services\non machines other than the one that the applet was downloaded from.\n(CVE-2007-5232)\n\nUntrusted Java Applets were able to drag and drop a file to a Desktop\nApplication. A user-assisted remote attacker could use this flaw to\nmove or copy arbitrary files. (CVE-2007-5239)\n\nThe Java Runtime Environment (JRE) allowed untrusted Java Applets or\napplications to display oversized windows. This could be used by\nremote attackers to hide security warning banners. (CVE-2007-5240)\n\nUnsigned Java Applets communicating via a HTTP proxy could allow a\nremote attacker to violate the Java security model. A cached,\nmalicious Applet could create network connections to services on other\nmachines. (CVE-2007-5273)\n\nTwo vulnerabilities in the Java Runtime Environment allowed an\nuntrusted application or applet to elevate the assigned privileges.\nThis could be misused by a malicious website to read and write local\nfiles or execute local applications in the context of the user running\nthe Java process. (CVE-2008-0657)\n\nThose vulnerabilities concerned with applets can only be triggered in\njava-1.5.0-bea by calling the 'appletviewer' application.\n\nAll users of java-1.5.0-bea should upgrade to these updated packages,\nwhich contain the BEA WebLogic JRockit 1.5.0_14 release that resolves\nthese issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0657\"\n );\n # http://dev2dev.bea.com/pub/advisory/272\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7dd1a2b1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0156\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-missioncontrol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0156\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"java-1.5.0-bea-1.5.0.14-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-bea-1.5.0.14-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"java-1.5.0-bea-demo-1.5.0.14-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-bea-demo-1.5.0.14-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"java-1.5.0-bea-devel-1.5.0.14-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-bea-devel-1.5.0.14-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"java-1.5.0-bea-jdbc-1.5.0.14-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-bea-jdbc-1.5.0.14-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"java-1.5.0-bea-src-1.5.0.14-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-bea-src-1.5.0.14-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"java-1.5.0-bea-1.5.0.14-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-bea-1.5.0.14-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"java-1.5.0-bea-demo-1.5.0.14-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-bea-demo-1.5.0.14-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"java-1.5.0-bea-devel-1.5.0.14-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-bea-devel-1.5.0.14-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"java-1.5.0-bea-jdbc-1.5.0.14-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-bea-jdbc-1.5.0.14-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"java-1.5.0-bea-missioncontrol-1.5.0.14-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-bea-missioncontrol-1.5.0.14-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"java-1.5.0-bea-src-1.5.0.14-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-bea-src-1.5.0.14-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-bea / java-1.5.0-bea-demo / java-1.5.0-bea-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:42:35", "references": ["http://www.nessus.org/u?76b60cd9"], "pluginID": "60344", "description": "NOTE: This combination of rpm's replaces j2sdk-1.4.2 with jdk-1.5.0.\nSo your java will change from version 1.4.2 to 1.5.0. We apologize if this causes any problems, but it needed to be done for security reasons.\n\nA flaw in the applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from.\n(CVE-2007-5232)\n\nMultiple vulnerabilities existed in Java Web Start allowing an untrusted application to determine the location of the Java Web Start cache. (CVE-2007-5238)\n\nUntrusted Java Web Start Applications or Java Applets were able to drag and drop a file to a Desktop Application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files.\n(CVE-2007-5239)\n\nThe Java Runtime Environment (JRE) allowed untrusted Java Applets or applications to display oversized Windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240)\n\nUnsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5273)\n\nUnsigned Applets loaded with Mozilla Firefox or Opera browsers allowed remote attackers to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5274) The Javadoc tool was able to generate HTML documentation pages that contained cross-site scripting (XSS) vulnerabilities. A remote attacker could use this to inject arbitrary web script or HTML. (CVE-2007-3503)\n\nThe Java Web Start URL parsing component contained a buffer overflow vulnerability within the parsing code for JNLP files. A remote attacker could create a malicious JNLP file that could trigger this flaw and execute arbitrary code when opened. (CVE-2007-3655)\n\nThe JSSE component did not correctly process SSL/TLS handshake requests. A remote attacker who is able to connect to a JSSE-based service could trigger this flaw leading to a denial-of-service.\n(CVE-2007-3698)\n\nA flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet.\n(CVE-2007-3922)", "edition": 5, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : jdk (java) on SL3.x, SL4.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3698", "CVE-2007-5238", "CVE-2007-3503", "CVE-2007-5232", "CVE-2007-3655", "CVE-2007-5240", "CVE-2007-3922", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "modified": "2016-12-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080114_JDK__JAVA__ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60344", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60344);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2016/12/14 20:22:13 $\");\n\n script_cve_id(\"CVE-2007-3503\", \"CVE-2007-3655\", \"CVE-2007-3698\", \"CVE-2007-3922\", \"CVE-2007-5232\", \"CVE-2007-5238\", \"CVE-2007-5239\", \"CVE-2007-5240\", \"CVE-2007-5273\", \"CVE-2007-5274\");\n\n script_name(english:\"Scientific Linux Security Update : jdk (java) on SL3.x, SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NOTE: This combination of rpm's replaces j2sdk-1.4.2 with jdk-1.5.0.\nSo your java will change from version 1.4.2 to 1.5.0. We apologize if\nthis causes any problems, but it needed to be done for security\nreasons.\n\nA flaw in the applet caching mechanism of the Java Runtime Environment\n(JRE) did not correctly process the creation of network connections. A\nremote attacker could use this flaw to create connections to services\non machines other than the one that the applet was downloaded from.\n(CVE-2007-5232)\n\nMultiple vulnerabilities existed in Java Web Start allowing an\nuntrusted application to determine the location of the Java Web Start\ncache. (CVE-2007-5238)\n\nUntrusted Java Web Start Applications or Java Applets were able to\ndrag and drop a file to a Desktop Application. A user-assisted remote\nattacker could use this flaw to move or copy arbitrary files.\n(CVE-2007-5239)\n\nThe Java Runtime Environment (JRE) allowed untrusted Java Applets or\napplications to display oversized Windows. This could be used by\nremote attackers to hide security warning banners. (CVE-2007-5240)\n\nUnsigned Java Applets communicating via a HTTP proxy could allow a\nremote attacker to violate the Java security model. A cached,\nmalicious Applet could create network connections to services on other\nmachines. (CVE-2007-5273)\n\nUnsigned Applets loaded with Mozilla Firefox or Opera browsers allowed\nremote attackers to violate the Java security model. A cached,\nmalicious Applet could create network connections to services on other\nmachines. (CVE-2007-5274) The Javadoc tool was able to generate HTML\ndocumentation pages that contained cross-site scripting (XSS)\nvulnerabilities. A remote attacker could use this to inject arbitrary\nweb script or HTML. (CVE-2007-3503)\n\nThe Java Web Start URL parsing component contained a buffer overflow\nvulnerability within the parsing code for JNLP files. A remote\nattacker could create a malicious JNLP file that could trigger this\nflaw and execute arbitrary code when opened. (CVE-2007-3655)\n\nThe JSSE component did not correctly process SSL/TLS handshake\nrequests. A remote attacker who is able to connect to a JSSE-based\nservice could trigger this flaw leading to a denial-of-service.\n(CVE-2007-3698)\n\nA flaw was found in the applet class loader. An untrusted applet could\nuse this flaw to circumvent network access restrictions, possibly\nconnecting to services hosted on the machine that executed the applet.\n(CVE-2007-3922)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0801&L=scientific-linux-errata&T=0&P=852\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76b60cd9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected java-1.4.2-sun-compat, java-1.5.0-sun-compat and /\nor jdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"java-1.4.2-sun-compat-1.4.2.90-1jpp\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"java-1.5.0-sun-compat-1.5.0.14-1.sl.jpp\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"jdk-1.5.0_14-fcs\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"java-1.4.2-sun-compat-1.4.2.90-1jpp\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"java-1.5.0-sun-compat-1.5.0.14-1.sl4.jpp\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"jdk-1.5.0_14-fcs\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:29:37", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.4.2.16-0.2", "packageName": "java-1_4_2-sun", "packageFilename": "java-1_4_2-sun-1.4.2.16-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-devel", "packageFilename": "java-1_5_0-sun-devel-1.5.0_13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2.16-0.2", "packageName": "java-1_4_2-sun-alsa", "packageFilename": "java-1_4_2-sun-alsa-1.4.2.16-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-demo", "packageFilename": "java-1_5_0-sun-demo-1.5.0_13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2.16-0.2", "packageName": "java-1_4_2-sun-plugin", "packageFilename": "java-1_4_2-sun-plugin-1.4.2.16-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-src", "packageFilename": "java-1_5_0-sun-src-1.5.0_update13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.4.2.16-0.2", "packageName": "java-1_4_2-sun-demo", "packageFilename": "java-1_4_2-sun-demo-1.4.2.16-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-devel", "packageFilename": "java-1_5_0-sun-devel-1.5.0_update13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-jdbc", "packageFilename": "java-1_5_0-sun-jdbc-1.5.0_13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.4.2.16-0.2", "packageName": "java-1_4_2-sun-alsa", "packageFilename": "java-1_4_2-sun-alsa-1.4.2.16-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.4.2.16-0.2", "packageName": "java-1_4_2-sun-src", "packageFilename": "java-1_4_2-sun-src-1.4.2.16-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun", "packageFilename": "java-1_5_0-sun-1.5.0_13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2.16-0.2", "packageName": "java-1_4_2-sun-devel", "packageFilename": "java-1_4_2-sun-devel-1.4.2.16-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-alsa", "packageFilename": "java-1_5_0-sun-alsa-1.5.0_update13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.6.0.u3-0.1", "packageName": "java-1_6_0-sun", "packageFilename": "java-1_6_0-sun-1.6.0.u3-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-demo", "packageFilename": "java-1_5_0-sun-demo-1.5.0_update13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-devel", "packageFilename": "java-1_5_0-sun-devel-1.5.0_13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-devel", "packageFilename": "java-1_5_0-sun-devel-1.5.0_update13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-jdbc", "packageFilename": "java-1_5_0-sun-jdbc-1.5.0_update13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.6.0.u3-0.1", "packageName": "java-1_6_0-sun-jdbc", "packageFilename": "java-1_6_0-sun-jdbc-1.6.0.u3-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.6.0.u3-0.1", "packageName": "java-1_6_0-sun", "packageFilename": "java-1_6_0-sun-1.6.0.u3-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.4.2_update16-0.1", "packageName": "java-1_4_2-sun-src", "packageFilename": "java-1_4_2-sun-src-1.4.2_update16-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2.16-0.2", "packageName": "java-1_4_2-sun-jdbc", "packageFilename": "java-1_4_2-sun-jdbc-1.4.2.16-0.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-demo", "packageFilename": "java-1_5_0-sun-demo-1.5.0_13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-jdbc", "packageFilename": "java-1_5_0-sun-jdbc-1.5.0_update13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-plugin", "packageFilename": "java-1_5_0-sun-plugin-1.5.0_13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-devel", "packageFilename": "java-1_5_0-sun-devel-1.5.0_update13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2.16-0.2", "packageName": "java-1_4_2-sun", "packageFilename": "java-1_4_2-sun-1.4.2.16-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.4.2_update16-0.1", "packageName": "java-1_4_2-sun-jdbc", "packageFilename": "java-1_4_2-sun-jdbc-1.4.2_update16-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2.16-0.2", "packageName": "java-1_4_2-sun-devel", "packageFilename": "java-1_4_2-sun-devel-1.4.2.16-0.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-src", "packageFilename": "java-1_5_0-sun-src-1.5.0_update13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.6.0.u3-0.1", "packageName": "java-1_6_0-sun-demo", "packageFilename": "java-1_6_0-sun-demo-1.6.0.u3-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-alsa", "packageFilename": "java-1_5_0-sun-alsa-1.5.0_update13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-src", "packageFilename": "java-1_5_0-sun-src-1.5.0_13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-jdbc", "packageFilename": "java-1_5_0-sun-jdbc-1.5.0_13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-alsa", "packageFilename": "java-1_5_0-sun-alsa-1.5.0_update13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-alsa", "packageFilename": "java-1_5_0-sun-alsa-1.5.0_13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.4.2_update16-0.1", "packageName": "java-1_4_2-sun-plugin", "packageFilename": "java-1_4_2-sun-plugin-1.4.2_update16-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.4.2_update16-0.1", "packageName": "java-1_4_2-sun-demo", "packageFilename": "java-1_4_2-sun-demo-1.4.2_update16-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.6.0.u3-0.1", "packageName": "java-1_6_0-sun-devel", "packageFilename": "java-1_6_0-sun-devel-1.6.0.u3-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun", "packageFilename": "java-1_5_0-sun-1.5.0_update13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-demo", "packageFilename": "java-1_5_0-sun-demo-1.5.0_update13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-devel", "packageFilename": "java-1_5_0-sun-devel-1.5.0_13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.4.2.16-0.1", "packageName": "java-1_4_2-sun-src", "packageFilename": "java-1_4_2-sun-src-1.4.2.16-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-demo", "packageFilename": "java-1_5_0-sun-demo-1.5.0_13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.4.2.16-0.1", "packageName": "java-1_4_2-sun", "packageFilename": "java-1_4_2-sun-1.4.2.16-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-alsa", "packageFilename": "java-1_5_0-sun-alsa-1.5.0_13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-plugin", "packageFilename": "java-1_5_0-sun-plugin-1.5.0_update13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun", "packageFilename": "java-1_5_0-sun-1.5.0_update13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-alsa", "packageFilename": "java-1_5_0-sun-alsa-1.5.0_13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.4.2.16-0.1", "packageName": "java-1_4_2-sun-plugin", "packageFilename": "java-1_4_2-sun-plugin-1.4.2.16-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.6.0.u3-0.1", "packageName": "java-1_6_0-sun-jdbc", "packageFilename": "java-1_6_0-sun-jdbc-1.6.0.u3-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2.16-0.2", "packageName": "java-1_4_2-sun", "packageFilename": "java-1_4_2-sun-1.4.2.16-0.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.4.2.16-0.2", "packageName": "java-1_4_2-sun-plugin", "packageFilename": "java-1_4_2-sun-plugin-1.4.2.16-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun", "packageFilename": "java-1_5_0-sun-1.5.0_13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-plugin", "packageFilename": "java-1_5_0-sun-plugin-1.5.0_13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-alsa", "packageFilename": "java-1_5_0-sun-alsa-1.5.0_update13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.6.0.u3-0.1", "packageName": "java-1_6_0-sun-alsa", "packageFilename": "java-1_6_0-sun-alsa-1.6.0.u3-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.4.2.16-0.1", "packageName": "java-1_4_2-sun-alsa", "packageFilename": "java-1_4_2-sun-alsa-1.4.2.16-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.6.0.u3-0.1", "packageName": "java-1_6_0-sun-alsa", "packageFilename": "java-1_6_0-sun-alsa-1.6.0.u3-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2.16-0.2", "packageName": "java-1_4_2-sun-jdbc", "packageFilename": "java-1_4_2-sun-jdbc-1.4.2.16-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-demo", "packageFilename": "java-1_5_0-sun-demo-1.5.0_update13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-jdbc", "packageFilename": "java-1_5_0-sun-jdbc-1.5.0_update13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun", "packageFilename": "java-1_5_0-sun-1.5.0_13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.4.2.16-0.1", "packageName": "java-1_4_2-sun-demo", "packageFilename": "java-1_4_2-sun-demo-1.4.2.16-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.4.2.16-0.2", "packageName": "java-1_4_2-sun-jdbc", "packageFilename": "java-1_4_2-sun-jdbc-1.4.2.16-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-src", "packageFilename": "java-1_5_0-sun-src-1.5.0_update13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.6.0.u3-0.1", "packageName": "java-1_6_0-sun-demo", "packageFilename": "java-1_6_0-sun-demo-1.6.0.u3-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.4.2_update16-0.1", "packageName": "java-1_4_2-sun-devel", "packageFilename": "java-1_4_2-sun-devel-1.4.2_update16-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun", "packageFilename": "java-1_5_0-sun-1.5.0_update13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.4.2_update16-0.1", "packageName": "java-1_4_2-sun", "packageFilename": "java-1_4_2-sun-1.4.2_update16-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-devel", "packageFilename": "java-1_5_0-sun-devel-1.5.0_13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun", "packageFilename": "java-1_5_0-sun-1.5.0_13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.4.2_update16-0.1", "packageName": "java-1_4_2-sun-alsa", "packageFilename": "java-1_4_2-sun-alsa-1.4.2_update16-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-src", "packageFilename": "java-1_5_0-sun-src-1.5.0_13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.6.0.u3-0.1", "packageName": "java-1_6_0-sun-plugin", "packageFilename": "java-1_6_0-sun-plugin-1.6.0.u3-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-devel", "packageFilename": "java-1_5_0-sun-devel-1.5.0_update13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.4.2.16-0.1", "packageName": "java-1_4_2-sun-jdbc", "packageFilename": "java-1_4_2-sun-jdbc-1.4.2.16-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.4.2.16-0.1", "packageName": "java-1_4_2-sun-devel", "packageFilename": "java-1_4_2-sun-devel-1.4.2.16-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-plugin", "packageFilename": "java-1_5_0-sun-plugin-1.5.0_update13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-jdbc", "packageFilename": "java-1_5_0-sun-jdbc-1.5.0_13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-demo", "packageFilename": "java-1_5_0-sun-demo-1.5.0_13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-alsa", "packageFilename": "java-1_5_0-sun-alsa-1.5.0_13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-jdbc", "packageFilename": "java-1_5_0-sun-jdbc-1.5.0_update13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.6.0.u3-0.1", "packageName": "java-1_6_0-sun-devel", "packageFilename": "java-1_6_0-sun-devel-1.6.0.u3-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun", "packageFilename": "java-1_5_0-sun-1.5.0_update13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-src", "packageFilename": "java-1_5_0-sun-src-1.5.0_update13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "1.4.2.16-0.2", "packageName": "java-1_4_2-sun-devel", "packageFilename": "java-1_4_2-sun-devel-1.4.2.16-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.5.0_update13-0.1", "packageName": "java-1_5_0-sun-demo", "packageFilename": "java-1_5_0-sun-demo-1.5.0_update13-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.5.0_13-0.1", "packageName": "java-1_5_0-sun-jdbc", "packageFilename": "java-1_5_0-sun-jdbc-1.5.0_13-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "The Sun JAVA JDK 1.5.0 was upgraded to release 13, and the Sun JAVA SDK 1.4.2 was upgraded to update 16 to fix various bugs, including the following security bugs:\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2007-10-17T16:49:13", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "remote code execution in Sun Java", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "modified": "2007-10-17T16:49:13", "id": "SUSE-SA:2007:055", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00004.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2016-09-04T11:31:33", "references": [], "affectedPackage": [{"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.5.0-0.22", "packageName": "IBMJava5-SDK", "packageFilename": "IBMJava5-SDK-1.5.0-0.22.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr10-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm", "packageFilename": "java-1_5_0-ibm-1.5.0_sr7-0.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-plugin", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr7-0.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr10-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr10-0.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-64bit", "packageFilename": "java-1_5_0-ibm-64bit-1.5.0_sr7-0.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr10-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr10-0.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.5.0-0.22", "packageName": "IBMJava5-JRE", "packageFilename": "IBMJava5-JRE-1.5.0-0.22.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr10-0.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm", "packageFilename": "java-1_5_0-ibm-1.5.0_sr7-0.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr10-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr10-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-alsa", "packageFilename": "java-1_5_0-ibm-alsa-1.5.0_sr7-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr10-0.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-devel", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr7-0.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr10-0.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr10-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2-0.112", "packageName": "IBMJava2-JRE", "packageFilename": "IBMJava2-JRE-1.4.2-0.112.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr10-0.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr10-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2-0.112", "packageName": "IBMJava2-SDK", "packageFilename": "IBMJava2-SDK-1.4.2-0.112.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr10-0.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-32bit", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr7-0.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.5.0-0.22", "packageName": "IBMJava5-JRE", "packageFilename": "IBMJava5-JRE-1.5.0-0.22.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr10-0.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-jdbc", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr7-0.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-fonts", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr7-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm", "packageFilename": "java-1_5_0-ibm-1.5.0_sr7-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-fonts", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr7-0.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr10-0.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-jdbc", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr7-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.5.0-0.22", "packageName": "IBMJava5-SDK", "packageFilename": "IBMJava5-SDK-1.5.0-0.22.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2-0.112", "packageName": "IBMJava2-SDK", "packageFilename": "IBMJava2-SDK-1.4.2-0.112.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2-0.112", "packageName": "IBMJava2-JRE", "packageFilename": "IBMJava2-JRE-1.4.2-0.112.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr10-0.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr10-0.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-devel", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr7-0.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-devel-32bit", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr7-0.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr10-0.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-32bit", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr7-0.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr10-0.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr10-0.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm", "packageFilename": "java-1_5_0-ibm-1.5.0_sr7-0.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-plugin", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr7-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-devel-32bit", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr7-0.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr10-0.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr10-0.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr10-0.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-devel", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr7-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-devel", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr7-0.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-fonts", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr7-0.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-alsa-32bit", "packageFilename": "java-1_5_0-ibm-alsa-32bit-1.5.0_sr7-0.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr10-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "1.5.0_sr7-0.2", "packageName": "java-1_5_0-ibm-fonts", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr7-0.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.4.2_sr10-0.2", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr10-0.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "IBM Java 1.4.2 was updated to SR10 and IBM Java 1.5.0 was updated to SR7 to fix various security issues:\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2008-04-25T14:46:33", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "remote code execution in IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3698", "CVE-2008-1195", "CVE-2008-1194", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2008-1189", "CVE-2008-0657", "CVE-2008-1196", "CVE-2007-5236", "CVE-2008-1190", "CVE-2007-5273", "CVE-2008-1187", "CVE-2008-1188", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274", "CVE-2008-1193", "CVE-2008-1192"], "modified": "2008-04-25T14:46:33", "id": "SUSE-SA:2008:025", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:27", "references": ["https://vulners.com/securityvulns/securityvulns:doc:18311", "https://vulners.com/securityvulns/securityvulns:doc:18310"], "description": "Multiple sandbox restriction bypass vulnerabilities.", "edition": 1, "reporter": "CVE", "published": "2007-10-30T00:00:00", "title": "Sun Java JRE / JDK multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:27", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "JRE", "version": "1.4", "operator": "eq"}, {"name": "JDK", "version": "1.4", "operator": "eq"}, {"name": "JRE", "version": "5.0", "operator": "eq"}, {"name": "JDK", "version": "5.0", "operator": "eq"}], "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "modified": "2007-10-30T00:00:00", "id": "SECURITYVULNS:VULN:8300", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8300", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "redhat": [{"lastseen": "2018-12-11T17:44:58", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [], "description": "The Java Runtime Environment (JRE) contains the software and tools\r\nthat users need to run applets and applications written using the Java\r\nprogramming language.\r\n\r\nA flaw in the applet caching mechanism of the Java Runtime Environment\r\n(JRE) did not correctly process the creation of network connections. A\r\nremote attacker could use this flaw to create connections to\r\nservices on machines other than the one that the applet was downloaded\r\nfrom. (CVE-2007-5232) \r\n\r\nMultiple vulnerabilities existed in Java Web Start allowing an untrusted\r\napplication to determine the location of the Java Web Start cache.\r\n(CVE-2007-5238)\r\n\r\nUntrusted Java Web Start Applications or Java Applets were able to drag and\r\ndrop a file to a Desktop Application. A user-assisted remote attacker could\r\nuse this flaw to move or copy arbitrary files. (CVE-2007-5239)\r\n\r\nThe Java Runtime Environment (JRE) allowed untrusted Java Applets or\r\napplications to display oversized Windows. This could be used by remote\r\nattackers to hide security warning banners. (CVE-2007-5240)\r\n\r\nUnsigned Java Applets communicating via a HTTP proxy could allow a remote\r\nattacker to violate the Java security model. A cached, malicious Applet \r\ncould create network connections to services on other machines. \r\n(CVE-2007-5273)\r\n\r\nUnsigned Applets loaded with Mozilla Firefox or Opera browsers allowed\r\nremote attackers to violate the Java security model. A cached, malicious \r\nApplet could create network connections to services on other machines. \r\n(CVE-2007-5274)\r\n\r\nIn Red Hat Enterprise Linux a Java Web Start application requesting\r\nelevated permissions is only started automatically when signed with a\r\ntrusted code signing certificate and otherwise requires user confirmation\r\nto access privileged resources. \r\n\r\nAll users of java-sun-1.5.0 should upgrade to these packages, which contain\r\nSun Java 1.5.0 Update 13 that corrects these issues.\r\n\r\nPlease note that during our quality testing we discovered that the Java\r\nbrowser plug-in may not function perfectly when visiting some sites that\r\nmake use of multiple applets on a single HTML page. We have verified that\r\nthis issue is not due to our packaging and affects Sun Java 1.5.0 Update 13.", "reporter": "RedHat", "published": "2007-10-12T04:00:00", "type": "redhat", "title": "(RHSA-2007:0963) Important: java-1.5.0-sun security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-5232", "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5273", "CVE-2007-5274"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-07-27T03:19:45", "id": "RHSA-2007:0963", "href": "https://access.redhat.com/errata/RHSA-2007:0963", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T17:46:04", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.6-1jpp.1.el5", "arch": "i386", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.6-1jpp.1.el5.i386.rpm", "operator": "lt"}], "description": "IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\r\nthe IBM Java 2 Software Development Kit.\r\n\r\nThe applet caching mechanism of the Java Runtime Environment (JRE) did not\r\ncorrectly process the creation of network connections. A remote attacker\r\ncould use this flaw to create connections to services on machines other\r\nthan the one that the applet was downloaded from. (CVE-2007-5232)\r\n\r\nMultiple vulnerabilities existed in Java Web Start allowing an untrusted\r\napplication to determine the location of the Java Web Start cache.\r\n(CVE-2007-5238)\r\n\r\nUntrusted Java Web Start Applications or Java Applets were able to drag and\r\ndrop a file to a Desktop Application. A user-assisted remote attacker could\r\nuse this flaw to move or copy arbitrary files. (CVE-2007-5239)\r\n\r\nThe Java Runtime Environment allowed untrusted Java Applets or applications\r\nto display oversized Windows. This could be used by remote attackers to\r\nhide security warning banners. (CVE-2007-5240)\r\n\r\nUnsigned Java Applets communicating via a HTTP proxy could allow a remote\r\nattacker to violate the Java security model. A cached malicious Applet\r\ncould create network connections to services on other machines.\r\n(CVE-2007-5273)\r\n\r\nUnsigned Applets loaded with Mozilla Firefox or Opera browsers allowed\r\nremote attackers to violate the Java security model. A cached malicious\r\nApplet could create network connections to services on other machines.\r\n(CVE-2007-5274) \r\n\r\nAll users of java-ibm-1.5.0 are advised to upgrade to these updated\r\npackages, that contain IBM's 1.5.0 SR6 Java release which resolves these\r\nissues.", "reporter": "RedHat", "published": "2007-11-26T05:00:00", "type": "redhat", "title": "(RHSA-2007:1041) Important: java-1.5.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-5232", "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5273", "CVE-2007-5274"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:08:58", "id": "RHSA-2007:1041", "href": "https://access.redhat.com/errata/RHSA-2007:1041", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T17:42:21", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.10-1jpp.2.el5", "arch": "i386", "packageName": "java-1.4.2-ibm-plugin", "packageFilename": "java-1.4.2-ibm-plugin-1.4.2.10-1jpp.2.el5.i386.rpm", "operator": "lt"}], "description": "IBM's 1.4.2 SR10 Java release includes the IBM Java 2 Runtime Environment\r\nand the IBM Java 2 Software Development Kit.\r\n\r\nThe Java Secure Socket Extension (JSSE) component did not correctly process\r\nSSL/TLS handshake requests. A remote attacker who is able to connect to a\r\nJSSE-based service could trigger this flaw leading to a denial-of-service.\r\n(CVE-2007-3698) \r\n\r\nA flaw was found in the way the Java Runtime Environment processes font\r\ndata. An untrusted applet could elevate its privileges, allowing the applet\r\nto perform actions with the same permissions as the logged in user. It may\r\nalso be possible to crash a server application which processes untrusted\r\nfont information from a third party. (CVE-2007-4381) \r\n\r\nThe applet caching mechanism of the Java Runtime Environment (JRE) did not\r\ncorrectly process the creation of network connections. A remote attacker\r\ncould use this flaw to create connections to services on machines other\r\nthan the one that the applet was downloaded from. (CVE-2007-5232)\r\n\r\nMultiple vulnerabilities existed in Java Web Start allowing an untrusted\r\napplication to determine the location of the Java Web Start cache.\r\n(CVE-2007-5238)\r\n\r\nUntrusted Java Web Start Applications or Java Applets were able to drag and\r\ndrop a file to a Desktop Application. A user-assisted remote attacker could\r\nuse this flaw to move or copy arbitrary files. (CVE-2007-5239)\r\n\r\nThe Java Runtime Environment allowed untrusted Java Applets or applications\r\nto display oversized Windows. This could be used by remote attackers to\r\nhide security warning banners. (CVE-2007-5240)\r\n\r\nUnsigned Java Applets communicating via a HTTP proxy could allow a remote\r\nattacker to violate the Java security model. A cached malicious Applet\r\ncould create network connections to services on other machines.\r\n(CVE-2007-5273)\r\n\r\nUnsigned Applets loaded with Mozilla Firefox or Opera browsers allowed\r\nremote attackers to violate the Java security model. A cached malicious\r\nApplet could create network connections to services on other machines.\r\n(CVE-2007-5274)\r\n\r\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\r\npackages, that contain IBM's 1.4.2 SR10 Java release which resolves these\r\nissues.", "reporter": "RedHat", "published": "2008-02-14T05:00:00", "type": "redhat", "title": "(RHSA-2008:0132) Critical: java-1.4.2-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-3698", "CVE-2007-4381", "CVE-2007-5232", "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5273", "CVE-2007-5274"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-26T04:26:19", "id": "RHSA-2008:0132", "href": "https://access.redhat.com/errata/RHSA-2008:0132", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:21", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.14-1jpp.1.el5", "arch": "i686", "packageName": "java-1.5.0-bea-src", "packageFilename": "java-1.5.0-bea-src-1.5.0.14-1jpp.1.el5.i686.rpm", "operator": "lt"}], "description": "The BEA WebLogic JRockit 1.5.0_14 JRE and SDK contain BEA WebLogic JRockit\r\nVirtual Machine 1.5.0_14 and are certified for the Java 5 Platform,\r\nStandard Edition, v1.5.0.\r\n\r\nA flaw in the applet caching mechanism of the Java Runtime Environment\r\n(JRE) did not correctly process the creation of network connections. A\r\nremote attacker could use this flaw to create connections to services on\r\nmachines other than the one that the applet was downloaded from.\r\n(CVE-2007-5232)\r\n\r\nUntrusted Java Applets were able to drag and drop a file to a Desktop\r\nApplication. A user-assisted remote attacker could use this flaw to move or\r\ncopy arbitrary files. (CVE-2007-5239)\r\n\r\nThe Java Runtime Environment (JRE) allowed untrusted Java Applets or\r\napplications to display oversized windows. This could be used by remote\r\nattackers to hide security warning banners. (CVE-2007-5240)\r\n\r\nUnsigned Java Applets communicating via a HTTP proxy could allow a remote\r\nattacker to violate the Java security model. A cached, malicious Applet\r\ncould create network connections to services on other machines. (CVE-2007-5273)\r\n\r\nTwo vulnerabilities in the Java Runtime Environment allowed an untrusted\r\napplication or applet to elevate the assigned privileges. This could be\r\nmisused by a malicious website to read and write local files or execute\r\nlocal applications in the context of the user running the Java process.\r\n(CVE-2008-0657)\r\n\r\nThose vulnerabilities concerned with applets can only be triggered in\r\njava-1.5.0-bea by calling the 'appletviewer' application. \r\n\r\nAll users of java-1.5.0-bea should upgrade to these updated packages, which\r\ncontain the BEA WebLogic JRockit 1.5.0_14 release that resolves these issues.", "reporter": "RedHat", "published": "2008-03-05T05:00:00", "type": "redhat", "title": "(RHSA-2008:0156) Moderate: java-1.5.0-bea security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-5232", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5273", "CVE-2008-0657"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:07:09", "id": "RHSA-2008:0156", "href": "https://access.redhat.com/errata/RHSA-2008:0156", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:44", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.16-1jpp.1.el5", "arch": "i686", "packageName": "java-1.4.2-bea-missioncontrol", "packageFilename": "java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.1.el5.i686.rpm", "operator": "lt"}], "description": "The BEA WebLogic JRockit 1.4.2_16 JRE and SDK contains BEA WebLogic JRockit\r\nVirtual Machine 1.4.2_16 and is certified for the Java 2 Platform, Standard\r\nEdition, v1.4.2.\r\n\r\nA buffer overflow in the Java Runtime Environment image handling code was\r\nfound. If an attacker could induce a server application to process a\r\nspecially crafted image file, the attacker could potentially cause a\r\ndenial-of-service or execute arbitrary code as the user running the Java\r\nVirtual Machine. (CVE-2007-2788, CVE-2007-2789)\r\n\r\nA denial of service flaw was found in the way the JSSE component processed\r\nSSL/TLS handshake requests. A remote attacker able to connect to a JSSE\r\nenabled service could send a specially crafted handshake which would cause\r\nthe Java Runtime Environment to stop responding to future requests.\r\n(CVE-2007-3698)\r\n\r\nA flaw was found in the way the Java Runtime Environment processed font\r\ndata. An applet viewed via the \"appletviewer\" application could elevate its\r\nprivileges, allowing the applet to perform actions with the same\r\npermissions as the user running the \"appletviewer\" application. The same\r\nflaw could, potentially, crash a server application which processed\r\nuntrusted font information from a third party. (CVE-2007-4381)\r\n\r\nA flaw in the applet caching mechanism of the Java Runtime Environment\r\n(JRE) did not correctly process the creation of network connections. A\r\nremote attacker could use this flaw to create connections to services on\r\nmachines other than the one that the applet was downloaded from.\r\n(CVE-2007-5232)\r\n\r\nUntrusted Java Applets were able to drag and drop files to a desktop\r\napplication. A user-assisted remote attacker could use this flaw to move or\r\ncopy arbitrary files. (CVE-2007-5239)\r\n\r\nThe Java Runtime Environment (JRE) allowed untrusted Java Applets or\r\napplications to display over-sized windows. This could be used by remote\r\nattackers to hide security warning banners. (CVE-2007-5240)\r\n\r\nUnsigned Java Applets communicating via a HTTP proxy could allow a remote\r\nattacker to violate the Java security model. A cached, malicious Applet\r\ncould create network connections to services on other machines.\r\n(CVE-2007-5273)\r\n\r\nPlease note: the vulnerabilities noted above concerned with applets can\r\nonly be triggered in java-1.4.2-bea by calling the \"appletviewer\"\r\napplication.\r\n\r\nAll users of java-1.4.2-bea should upgrade to these updated packages, which\r\ncontain the BEA WebLogic JRockit 1.4.2_16 release which resolves these\r\nissues.", "reporter": "RedHat", "published": "2008-03-11T04:00:00", "type": "redhat", "title": "(RHSA-2008:0100) Moderate: java-1.4.2-bea security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3698", "CVE-2007-4381", "CVE-2007-5232", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5273"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:48:26", "id": "RHSA-2008:0100", "href": "https://access.redhat.com/errata/RHSA-2008:0100", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2018-11-01T05:11:32", "references": ["http://www.redhat.com/support/errata/RHSA-2008-0100.html", "http://www.redhat.com/support/errata/RHSA-2007-1041.html", "http://www.securitytracker.com/id?1018768", "http://conference.hitb.org/hitbsecconf2007kl/?page_id=148", "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201519-1", "http://docs.info.apple.com/article.html?artnum=307177", "https://exchange.xforce.ibmcloud.com/vulnerabilities/36941", "http://www.kb.cert.org/vuls/id/336105", "http://www.securityfocus.com/archive/1/482926/100/0/threaded", "http://www.securityfocus.com/bid/25918", "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html", "http://www.novell.com/linux/security/advisories/2007_55_java.html", "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html", "http://www.vupen.com/english/advisories/2007/3895", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533", "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml", "http://www.redhat.com/support/errata/RHSA-2008-0156.html", "http://www.vupen.com/english/advisories/2008/0609", "http://www.redhat.com/support/errata/RHSA-2008-0132.html", "http://www.vupen.com/english/advisories/2008/1856/references", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1", "http://www.redhat.com/support/errata/RHSA-2007-0963.html", "http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf", "http://dev2dev.bea.com/pub/advisory/272", "http://security.gentoo.org/glsa/glsa-200804-28.xml", "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml", "http://www.vupen.com/english/advisories/2007/4224", "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"], "description": "Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.", "edition": 5, "reporter": "NVD", "published": "2007-10-05T19:17:00", "title": "CVE-2007-5232", "type": "cve", "enchantments": {"score": {"modified": "2018-11-01T05:11:32", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9331", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9331"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-5232"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9331", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9331"}], "modified": "2018-10-30T12:26:24", "cpe": ["cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:sun:jre:1.3.0:update5", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.3.0", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1:update16", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:sun:jre:1.4.1:update3", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.3.1:update19", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:sun:jre:1.3.1:update18", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.3.1:update1a", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.3.1:update1", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.3.1:update20", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2007-5232", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5232", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-01T05:11:32", "references": ["http://www.redhat.com/support/errata/RHSA-2008-0100.html", "http://www.redhat.com/support/errata/RHSA-2007-1041.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1", "http://www.securityfocus.com/archive/1/482926/100/0/threaded", "http://www.securityfocus.com/bid/25918", "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html", "http://www.securitytracker.com/id?1018769", "http://www.novell.com/linux/security/advisories/2007_55_java.html", "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html", "http://www.vupen.com/english/advisories/2007/3895", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533", "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml", "http://www.redhat.com/support/errata/RHSA-2008-0156.html", "http://download.novell.com/Download?buildid=q5exhSqeBjA~", "http://www.vupen.com/english/advisories/2008/0609", "http://www.redhat.com/support/errata/RHSA-2008-0132.html", "http://www.vupen.com/english/advisories/2008/1856/references", "http://www.redhat.com/support/errata/RHSA-2007-0963.html", "http://dev2dev.bea.com/pub/advisory/272", "http://security.gentoo.org/glsa/glsa-200804-28.xml", "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml", "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/36942"], "description": "Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.", "edition": 5, "reporter": "NVD", "published": "2007-10-05T20:17:00", "title": "CVE-2007-5240", "type": "cve", "enchantments": {"score": {"modified": "2018-11-01T05:11:32", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10783", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10783"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-5240"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10783", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10783"}], "modified": "2018-10-30T12:26:24", "cpe": ["cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:sun:jre:1.3.0:update5", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.3.0", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1:update16", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:sun:jre:1.4.1:update3", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.3.1:update19", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:sun:jre:1.3.1:update18", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.3.1:update1a", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.3.1:update1", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.3.1:update20", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2007-5240", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5240", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-01T05:11:32", "references": ["http://www.redhat.com/support/errata/RHSA-2008-0100.html", "http://www.redhat.com/support/errata/RHSA-2007-1041.html", "http://www.securityfocus.com/archive/1/482926/100/0/threaded", "http://www.securityfocus.com/bid/25918", "http://www.novell.com/linux/security/advisories/2007_55_java.html", "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html", "http://www.vupen.com/english/advisories/2007/3895", "http://crypto.stanford.edu/dns/dns-rebinding.pdf", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533", "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml", "http://www.redhat.com/support/errata/RHSA-2008-0156.html", "http://www.vupen.com/english/advisories/2008/0609", "http://www.redhat.com/support/errata/RHSA-2008-0132.html", "http://www.redhat.com/support/errata/RHSA-2007-0963.html", "http://securitytracker.com/id?1018771", "http://dev2dev.bea.com/pub/advisory/272", "http://seclists.org/fulldisclosure/2007/Jul/0159.html", "http://security.gentoo.org/glsa/glsa-200804-28.xml", "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml", "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1"], "description": "Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.", "edition": 4, "reporter": "NVD", "published": "2007-10-08T19:17:00", "title": "CVE-2007-5273", "type": "cve", "enchantments": {"score": {"modified": "2018-11-01T05:11:32", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10340", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10340"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-5273"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10340", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10340"}], "modified": "2018-10-30T12:26:24", "cpe": ["cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:sun:jre:1.3.0:update5", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.3.0", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1:update16", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:sun:jre:1.4.1:update3", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.3.1:update19", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:sun:jre:1.3.1:update18", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.3.1:update1a", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.3.1:update1", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.3.1:update20", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2007-5273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5273", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-01T05:11:32", "references": ["http://www.redhat.com/support/errata/RHSA-2007-1041.html", "http://www.securitytracker.com/id?1018770", "http://www.securityfocus.com/bid/25920", "http://www.securityfocus.com/archive/1/482926/100/0/threaded", "http://www.novell.com/linux/security/advisories/2007_55_java.html", "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html", "http://www.vupen.com/english/advisories/2007/3895", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533", "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml", "http://www.vupen.com/english/advisories/2008/0609", "http://www.redhat.com/support/errata/RHSA-2008-0132.html", "http://www.vupen.com/english/advisories/2008/1856/references", "http://www.redhat.com/support/errata/RHSA-2007-0963.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/36946", "http://dev2dev.bea.com/pub/advisory/272", "http://security.gentoo.org/glsa/glsa-200804-28.xml", "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml", "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"], "description": "Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka \"three vulnerabilities.\"", "edition": 5, "reporter": "NVD", "published": "2007-10-05T20:17:00", "title": "CVE-2007-5238", "type": "cve", "enchantments": {"score": {"modified": "2018-11-01T05:11:32", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11592", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11592"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-5238"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11592", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11592"}], "modified": "2018-10-30T12:26:24", "cpe": ["cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:sun:jre:1.3.0:update5", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.3.0", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1:update16", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:sun:jre:1.4.1:update3", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.3.1:update19", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:sun:jre:1.3.1:update18", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.3.1:update1a", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.3.1:update1", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.3.1:update20", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2007-5238", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5238", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-01T05:11:32", "references": ["http://www.securityfocus.com/bid/25920", "http://www.novell.com/linux/security/advisories/2007_55_java.html", "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html", "http://www.vupen.com/english/advisories/2007/3895", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533", "http://www.vupen.com/english/advisories/2008/0609", "http://www.vupen.com/english/advisories/2008/1856/references", "https://exchange.xforce.ibmcloud.com/vulnerabilities/36946", "http://dev2dev.bea.com/pub/advisory/272", "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"], "description": "Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application.", "edition": 4, "reporter": "NVD", "published": "2007-10-05T20:17:00", "title": "CVE-2007-5236", "type": "cve", "enchantments": {"score": {"modified": "2018-11-01T05:11:32", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:6115", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6115"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-5236"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:6115", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:6115"}], "modified": "2018-10-30T12:26:24", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2007-5236", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5236", "cvss": {"score": 5.4, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-01T05:11:32", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/36950", "http://www.redhat.com/support/errata/RHSA-2008-0100.html", "http://www.redhat.com/support/errata/RHSA-2007-1041.html", "http://www.securityfocus.com/archive/1/482926/100/0/threaded", "http://www.novell.com/linux/security/advisories/2007_55_java.html", "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html", "http://www.vupen.com/english/advisories/2007/3895", "http://securitytracker.com/id?1018814", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533", "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml", "http://www.redhat.com/support/errata/RHSA-2008-0156.html", "http://www.vupen.com/english/advisories/2008/0609", "http://www.redhat.com/support/errata/RHSA-2008-0132.html", "http://www.vupen.com/english/advisories/2008/1856/references", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1", "http://www.redhat.com/support/errata/RHSA-2007-0963.html", "http://dev2dev.bea.com/pub/advisory/272", "http://security.gentoo.org/glsa/glsa-200804-28.xml", "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml", "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"], "description": "Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.", "edition": 5, "reporter": "NVD", "published": "2007-10-05T20:17:00", "title": "CVE-2007-5239", "type": "cve", "enchantments": {"score": {"modified": "2018-11-01T05:11:32", "vector": "NONE", "value": 7.2}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:8758", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8758"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-5239"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:8758", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8758"}], "modified": "2018-10-30T12:26:24", "cpe": ["cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:sun:jre:1.3.0:update5", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.3.0", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1:update16", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:sun:jre:1.4.1:update3", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.3.1:update19", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:sun:jre:1.3.1:update18", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.3.1:update1a", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.3.1:update1", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.3.1:update20", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2007-5239", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5239", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-29T14:25:32", "references": ["http://www.securitytracker.com/id?1018770", "http://www.securityfocus.com/bid/25920", "http://www.novell.com/linux/security/advisories/2007_55_java.html", "http://www.vupen.com/english/advisories/2007/3895", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533", "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml", "http://www.vupen.com/english/advisories/2008/0609", "http://www.vupen.com/english/advisories/2008/1856/references", "https://exchange.xforce.ibmcloud.com/vulnerabilities/36946", "http://dev2dev.bea.com/pub/advisory/272", "http://security.gentoo.org/glsa/glsa-200804-28.xml", "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"], "description": "Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka \"two vulnerabilities.\"", "edition": 3, "reporter": "NVD", "published": "2007-10-05T20:17:00", "title": "CVE-2007-5237", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:25:32", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:5899", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5899"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-5237"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:5899", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5899"}], "modified": "2017-09-28T21:29:31", "cpe": ["cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:sun:jre:1.6.0:update1", "cpe:/a:sun:jre:1.6.0:update2"], "id": "CVE-2007-5237", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5237", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-11-01T05:11:32", "references": ["http://www.redhat.com/support/errata/RHSA-2007-1041.html", "http://www.securityfocus.com/archive/1/482926/100/0/threaded", "http://www.securityfocus.com/bid/25918", "http://www.novell.com/linux/security/advisories/2007_55_java.html", "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html", "http://www.vupen.com/english/advisories/2007/3895", "http://crypto.stanford.edu/dns/dns-rebinding.pdf", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533", "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml", "http://www.vupen.com/english/advisories/2008/0609", "http://www.redhat.com/support/errata/RHSA-2008-0132.html", "http://www.vupen.com/english/advisories/2008/1856/references", "http://www.redhat.com/support/errata/RHSA-2007-0963.html", "http://securitytracker.com/id?1018771", "http://dev2dev.bea.com/pub/advisory/272", "http://security.gentoo.org/glsa/glsa-200804-28.xml", "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml", "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1"], "description": "Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.", "edition": 4, "reporter": "NVD", "published": "2007-10-08T19:17:00", "title": "CVE-2007-5274", "type": "cve", "enchantments": {"score": {"modified": "2018-11-01T05:11:32", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10908", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10908"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-5274"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10908", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10908"}], "modified": "2018-10-30T12:26:21", "cpe": ["cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:sun:jre:1.3.0:update5", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.3.0", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1:update16", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:sun:jre:1.4.1:update3", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.3.1:update19", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:sun:jre:1.3.1:update18", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.4.2:update15", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.6.0:update2", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.3.1:update1a", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.3.1:update1", "cpe:/a:sun:jdk:6:update_1", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.3.1:update20", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:6", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2007-5274", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5274", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:42", "references": [], "affectedPackage": [{"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX350-200806404-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX-1006360", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "Update 2 build 104263", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Virtual-", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX-1004823", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX303-200808407-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Center", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "Update5 build 104182", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Virtual-", "operator": "lt"}], "description": " \nESX patches and updates for VirtualCenter fix the following \napplication vulnerabilities.\n", "edition": 3, "reporter": "VMware", "published": "2008-06-16T00:00:00", "title": "Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter", "type": "vmware", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-5342", "CVE-2008-1195", "CVE-2008-1194", "CVE-2007-5238", "CVE-2008-1191", "CVE-2007-5333", "CVE-2007-5232", "CVE-2007-5240", "CVE-2008-1189", "CVE-2008-1186", "CVE-2008-0657", "CVE-2008-1185", "CVE-2007-5237", "CVE-2008-1196", "CVE-2007-5461", "CVE-2007-5236", "CVE-2007-6286", "CVE-2008-1190", "CVE-2008-1187", "CVE-2007-5689", "CVE-2008-1188", "CVE-2007-5239", "CVE-2007-5274", "CVE-2008-1193", "CVE-2008-1192"], "modified": "2008-08-29T00:00:00", "id": "VMSA-2008-0010", "href": "https://www.vmware.com/security/advisories/VMSA-2008-0010.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1185", "https://bugs.gentoo.org/show_bug.cgi?id=183580", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5239", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0657", "https://security.gentoo.org/security/en/glsa/glsa-200706-08.xml", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5273", "https://bugs.gentoo.org/show_bug.cgi?id=178962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5232", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5240", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1188", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5689", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5274", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3655", "https://security.gentoo.org/security/en/glsa/glsa-200705-23.xml", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1193", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1190", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1192", "https://bugs.gentoo.org/show_bug.cgi?id=185256", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1189", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0628", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1186", "https://bugs.gentoo.org/show_bug.cgi?id=212425", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1191", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2435", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5237", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788", "https://bugs.gentoo.org/show_bug.cgi?id=194711", "https://bugs.gentoo.org/show_bug.cgi?id=178851", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1196", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1194", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5238"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.6.0.05", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-emulation/emul-linux-x86-java", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.6.0.05", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-java/sun-jdk", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.6.0.05", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-java/sun-jre-bin", "operator": "lt"}], "edition": 1, "description": "### Background\n\nThe Sun Java Development Kit (JDK) and the Sun Java Runtime Environment (JRE) provide the Sun Java platform. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Sun Java: \n\n * Daniel Soeder discovered that a long codebase attribute string in a JNLP file will overflow a stack variable when launched by Java WebStart (CVE-2007-3655).\n * Multiple vulnerabilities (CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) that were previously reported as GLSA 200705-23 and GLSA 200706-08 also affect 1.4 and 1.6 SLOTs, which was not mentioned in the initial revision of said GLSAs.\n * The Zero Day Initiative, TippingPoint and John Heasman reported multiple buffer overflows and unspecified vulnerabilities in Java Web Start (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191).\n * Hisashi Kojima of Fujitsu and JPCERT/CC reported a security issue when performing XSLT transformations (CVE-2008-1187).\n * CERT/CC reported a Stack-based buffer overflow in Java Web Start when using JNLP files (CVE-2008-1196).\n * Azul Systems reported an unspecified vulnerability that allows applets to escalate their privileges (CVE-2007-5689).\n * Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and David Byrne discovered multiple instances where Java applets or JavaScript programs run within browsers do not pin DNS hostnames to a single IP address, allowing for DNS rebinding attacks (CVE-2007-5232, CVE-2007-5273, CVE-2007-5274).\n * Peter Csepely reported that Java Web Start does not properly enforce access restrictions for untrusted applications (CVE-2007-5237, CVE-2007-5238).\n * Java Web Start does not properly enforce access restrictions for untrusted Java applications and applets, when handling drag-and-drop operations (CVE-2007-5239).\n * Giorgio Maone discovered that warnings for untrusted code can be hidden under applications' windows (CVE-2007-5240).\n * Fujitsu reported two security issues where security restrictions of web applets and applications were not properly enforced (CVE-2008-1185, CVE-2008-1186).\n * John Heasman of NGSSoftware discovered that the Java Plug-in does not properly enforce the same origin policy (CVE-2008-1192).\n * Chris Evans of the Google Security Team discovered multiple unspecified vulnerabilities within the Java Runtime Environment Image Parsing Library (CVE-2008-1193, CVE-2008-1194).\n * Gregory Fleischer reported that web content fetched via the \"jar:\" protocol was not subject to network access restrictions (CVE-2008-1195).\n * Chris Evans and Johannes Henkel of the Google Security Team reported that the XML parsing code retrieves external entities even when that feature is disabled (CVE-2008-0628).\n * Multiple unspecified vulnerabilities might allow for escalation of privileges (CVE-2008-0657).\n\n### Impact\n\nA remote attacker could entice a user to run a specially crafted applet on a website or start an application in Java Web Start to execute arbitrary code outside of the Java sandbox and of the Java security restrictions with the privileges of the user running Java. The attacker could also obtain sensitive information, create, modify, rename and read local files, execute local applications, establish connections in the local network, bypass the same origin policy, and cause a Denial of Service via multiple vectors. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Sun JRE 1.6 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jre-bin-1.6.0.05\"\n\nAll Sun JRE 1.5 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jre-bin-1.5.0.15\"\n\nAll Sun JRE 1.4 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jre-bin-1.4.2.17\"\n\nAll Sun JDK 1.6 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jdk-1.6.0.05\"\n\nAll Sun JDK 1.5 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jdk-1.5.0.15\"\n\nAll Sun JDK 1.4 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jdk-1.4.2.17\"\n\nAll emul-linux-x86-java 1.6 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/emul-linux-x86-java-1.6.0.05\"\n\nAll emul-linux-x86-java 1.5 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/emul-linux-x86-java-1.5.0.15\"\n\nAll emul-linux-x86-java 1.4 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/emul-linux-x86-java-1.4.2.17\"", "reporter": "Gentoo Foundation", "published": "2008-04-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "gentoo", "title": "Sun JDK/JRE: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1195", "CVE-2008-1194", "CVE-2007-5238", "CVE-2008-1191", "CVE-2008-0628", "CVE-2007-5232", "CVE-2007-3655", "CVE-2007-5240", "CVE-2008-1189", "CVE-2007-2788", "CVE-2008-1186", "CVE-2008-0657", "CVE-2008-1185", "CVE-2007-5237", "CVE-2008-1196", "CVE-2007-2789", "CVE-2007-2435", "CVE-2008-1190", "CVE-2007-5273", "CVE-2008-1187", "CVE-2007-5689", "CVE-2008-1188", "CVE-2007-5239", "CVE-2007-5274", "CVE-2008-1193", "CVE-2008-1192"], "modified": "2010-03-05T00:00:00", "id": "GLSA-200804-20", "href": "https://security.gentoo.org/glsa/200804-20", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:33", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1)\nSecurity Tracker: 1018768\n[Secunia Advisory ID:27009](https://secuniaresearch.flexerasoftware.com/advisories/27009/)\n[Secunia Advisory ID:28115](https://secuniaresearch.flexerasoftware.com/advisories/28115/)\n[Secunia Advisory ID:27206](https://secuniaresearch.flexerasoftware.com/advisories/27206/)\n[Secunia Advisory ID:27716](https://secuniaresearch.flexerasoftware.com/advisories/27716/)\n[Secunia Advisory ID:27804](https://secuniaresearch.flexerasoftware.com/advisories/27804/)\n[Secunia Advisory ID:27261](https://secuniaresearch.flexerasoftware.com/advisories/27261/)\n[Secunia Advisory ID:27693](https://secuniaresearch.flexerasoftware.com/advisories/27693/)\n[Related OSVDB ID: 37761](https://vulners.com/osvdb/OSVDB:37761)\n[Related OSVDB ID: 37762](https://vulners.com/osvdb/OSVDB:37762)\n[Related OSVDB ID: 37763](https://vulners.com/osvdb/OSVDB:37763)\n[Related OSVDB ID: 37764](https://vulners.com/osvdb/OSVDB:37764)\n[Related OSVDB ID: 37759](https://vulners.com/osvdb/OSVDB:37759)\n[Related OSVDB ID: 37760](https://vulners.com/osvdb/OSVDB:37760)\nRedHat RHSA: RHSA-2007:0963\nRedHat RHSA: RHSA-2007:1041\nOther Advisory URL: http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf\nOther Advisory URL: http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html\nOther Advisory URL: http://conference.hitb.org/hitbsecconf2007kl/?page_id=148\nOther Advisory URL: http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html\nOther Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00004.html\nOther Advisory URL: HPSBUX02284 SSRT071483:\nOther Advisory URL: http://docs.info.apple.com/article.html?artnum=307177\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_55_java.html\nISS X-Force ID: 36941\nFrSIRT Advisory: ADV-2007-4224\nFrSIRT Advisory: ADV-2007-3895\n[CVE-2007-5232](https://vulners.com/cve/CVE-2007-5232)\nCERT VU: 336105\nBugtraq ID: 25918\n", "edition": 1, "reporter": "OSVDB", "published": "2007-10-03T18:28:55", "title": "Sun Java JRE / JDK Applet Outbound DNS Rebinding Issue", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-5232"], "modified": "2007-10-03T18:28:55", "href": "https://vulners.com/osvdb/OSVDB:37765", "id": "OSVDB:37765", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:33", "references": [], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1)\n[Secunia Advisory ID:27009](https://secuniaresearch.flexerasoftware.com/advisories/27009/)\n[Secunia Advisory ID:27206](https://secuniaresearch.flexerasoftware.com/advisories/27206/)\n[Secunia Advisory ID:27716](https://secuniaresearch.flexerasoftware.com/advisories/27716/)\n[Secunia Advisory ID:27261](https://secuniaresearch.flexerasoftware.com/advisories/27261/)\n[Secunia Advisory ID:27693](https://secuniaresearch.flexerasoftware.com/advisories/27693/)\n[Related OSVDB ID: 37761](https://vulners.com/osvdb/OSVDB:37761)\n[Related OSVDB ID: 37762](https://vulners.com/osvdb/OSVDB:37762)\n[Related OSVDB ID: 37763](https://vulners.com/osvdb/OSVDB:37763)\n[Related OSVDB ID: 37765](https://vulners.com/osvdb/OSVDB:37765)\n[Related OSVDB ID: 37759](https://vulners.com/osvdb/OSVDB:37759)\n[Related OSVDB ID: 37760](https://vulners.com/osvdb/OSVDB:37760)\nRedHat RHSA: RHSA-2007:0963\nOther Advisory URL: http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html\nOther Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00004.html\nOther Advisory URL: HPSBUX02284 SSRT071483:\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_55_java.html\nISS X-Force ID: 36946\nFrSIRT Advisory: ADV-2007-3895\n[CVE-2007-5236](https://vulners.com/cve/CVE-2007-5236)\nBugtraq ID: 25920\n", "edition": 1, "reporter": "OSVDB", "published": "2007-10-03T18:28:55", "title": "Sun Java JRE / JDK on Windows Untrusted Application Arbitrary File Access", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-5236"], "modified": "2007-10-03T18:28:55", "href": "https://vulners.com/osvdb/OSVDB:37764", "id": "OSVDB:37764", "cvss": {"score": 5.4, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:33", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor Specific Solution URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1\nSecurity Tracker: 1018770\n[Secunia Advisory ID:27009](https://secuniaresearch.flexerasoftware.com/advisories/27009/)\n[Secunia Advisory ID:27206](https://secuniaresearch.flexerasoftware.com/advisories/27206/)\n[Secunia Advisory ID:27261](https://secuniaresearch.flexerasoftware.com/advisories/27261/)\n[Secunia Advisory ID:27693](https://secuniaresearch.flexerasoftware.com/advisories/27693/)\n[Related OSVDB ID: 37761](https://vulners.com/osvdb/OSVDB:37761)\n[Related OSVDB ID: 37762](https://vulners.com/osvdb/OSVDB:37762)\n[Related OSVDB ID: 37764](https://vulners.com/osvdb/OSVDB:37764)\n[Related OSVDB ID: 37765](https://vulners.com/osvdb/OSVDB:37765)\n[Related OSVDB ID: 37759](https://vulners.com/osvdb/OSVDB:37759)\n[Related OSVDB ID: 37760](https://vulners.com/osvdb/OSVDB:37760)\nRedHat RHSA: RHSA-2007:0963\nOther Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00004.html\nOther Advisory URL: HPSBUX02284 SSRT071483:\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_55_java.html\nISS X-Force ID: 36946\nFrSIRT Advisory: ADV-2007-3895\n[CVE-2007-5237](https://vulners.com/cve/CVE-2007-5237)\nBugtraq ID: 25920\n", "edition": 1, "reporter": "OSVDB", "published": "2007-10-03T18:28:55", "title": "Sun Java JRE / JDK Untrusted Application Arbitrary File Manipulation", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-5237"], "modified": "2007-10-03T18:28:55", "href": "https://vulners.com/osvdb/OSVDB:37763", "id": "OSVDB:37763", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:33", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor Specific Solution URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1\nSecurity Tracker: 1018770\n[Secunia Advisory ID:27009](https://secuniaresearch.flexerasoftware.com/advisories/27009/)\n[Secunia Advisory ID:27206](https://secuniaresearch.flexerasoftware.com/advisories/27206/)\n[Secunia Advisory ID:27716](https://secuniaresearch.flexerasoftware.com/advisories/27716/)\n[Secunia Advisory ID:27804](https://secuniaresearch.flexerasoftware.com/advisories/27804/)\n[Secunia Advisory ID:27261](https://secuniaresearch.flexerasoftware.com/advisories/27261/)\n[Secunia Advisory ID:27693](https://secuniaresearch.flexerasoftware.com/advisories/27693/)\n[Related OSVDB ID: 37761](https://vulners.com/osvdb/OSVDB:37761)\n[Related OSVDB ID: 37763](https://vulners.com/osvdb/OSVDB:37763)\n[Related OSVDB ID: 37764](https://vulners.com/osvdb/OSVDB:37764)\n[Related OSVDB ID: 37765](https://vulners.com/osvdb/OSVDB:37765)\n[Related OSVDB ID: 37759](https://vulners.com/osvdb/OSVDB:37759)\n[Related OSVDB ID: 37760](https://vulners.com/osvdb/OSVDB:37760)\nRedHat RHSA: RHSA-2007:0963\nRedHat RHSA: RHSA-2007:1041\nOther Advisory URL: http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html\nOther Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00004.html\nOther Advisory URL: HPSBUX02284 SSRT071483:\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_55_java.html\nISS X-Force ID: 36946\nFrSIRT Advisory: ADV-2007-3895\n[CVE-2007-5238](https://vulners.com/cve/CVE-2007-5238)\nBugtraq ID: 25920\n", "edition": 1, "reporter": "OSVDB", "published": "2007-10-03T18:28:55", "title": "Sun Java JRE / JDK Multiple Unspecified Information Disclosure", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-5238"], "modified": "2007-10-03T18:28:55", "href": "https://vulners.com/osvdb/OSVDB:37762", "id": "OSVDB:37762", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:33", "references": [], "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1018771\n[Secunia Advisory ID:27009](https://secuniaresearch.flexerasoftware.com/advisories/27009/)\n[Secunia Advisory ID:27206](https://secuniaresearch.flexerasoftware.com/advisories/27206/)\n[Secunia Advisory ID:27716](https://secuniaresearch.flexerasoftware.com/advisories/27716/)\n[Secunia Advisory ID:27804](https://secuniaresearch.flexerasoftware.com/advisories/27804/)\n[Secunia Advisory ID:27261](https://secuniaresearch.flexerasoftware.com/advisories/27261/)\n[Secunia Advisory ID:27693](https://secuniaresearch.flexerasoftware.com/advisories/27693/)\n[Related OSVDB ID: 37761](https://vulners.com/osvdb/OSVDB:37761)\n[Related OSVDB ID: 37762](https://vulners.com/osvdb/OSVDB:37762)\n[Related OSVDB ID: 37763](https://vulners.com/osvdb/OSVDB:37763)\n[Related OSVDB ID: 37764](https://vulners.com/osvdb/OSVDB:37764)\n[Related OSVDB ID: 37765](https://vulners.com/osvdb/OSVDB:37765)\n[Related OSVDB ID: 37760](https://vulners.com/osvdb/OSVDB:37760)\nRedHat RHSA: RHSA-2007:0963\nRedHat RHSA: RHSA-2007:1041\nOther Advisory URL: http://crypto.stanford.edu/dns/dns-rebinding.pdf\nOther Advisory URL: http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00004.html\nOther Advisory URL: HPSBUX02284 SSRT071483:\n[CVE-2007-5274](https://vulners.com/cve/CVE-2007-5274)\nBugtraq ID: 25918\n", "edition": 1, "reporter": "OSVDB", "published": "2007-10-03T18:28:55", "title": "Sun Java JRE / JDK LiveConnect API DNS Rebinding Security Bypass", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-5274"], "modified": "2007-10-03T18:28:55", "href": "https://vulners.com/osvdb/OSVDB:37759", "id": "OSVDB:37759", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:33", "references": [], "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1018769\n[Secunia Advisory ID:27009](https://secuniaresearch.flexerasoftware.com/advisories/27009/)\n[Secunia Advisory ID:27206](https://secuniaresearch.flexerasoftware.com/advisories/27206/)\n[Secunia Advisory ID:27716](https://secuniaresearch.flexerasoftware.com/advisories/27716/)\n[Secunia Advisory ID:27804](https://secuniaresearch.flexerasoftware.com/advisories/27804/)\n[Secunia Advisory ID:27261](https://secuniaresearch.flexerasoftware.com/advisories/27261/)\n[Secunia Advisory ID:27693](https://secuniaresearch.flexerasoftware.com/advisories/27693/)\n[Related OSVDB ID: 37761](https://vulners.com/osvdb/OSVDB:37761)\n[Related OSVDB ID: 37762](https://vulners.com/osvdb/OSVDB:37762)\n[Related OSVDB ID: 37763](https://vulners.com/osvdb/OSVDB:37763)\n[Related OSVDB ID: 37764](https://vulners.com/osvdb/OSVDB:37764)\n[Related OSVDB ID: 37765](https://vulners.com/osvdb/OSVDB:37765)\n[Related OSVDB ID: 37759](https://vulners.com/osvdb/OSVDB:37759)\nRedHat RHSA: RHSA-2007:0963\nRedHat RHSA: RHSA-2007:1041\nOther Advisory URL: http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00004.html\nOther Advisory URL: HPSBUX02284 SSRT071483:\nISS X-Force ID: 36942\n[CVE-2007-5240](https://vulners.com/cve/CVE-2007-5240)\nBugtraq ID: 25918\n", "edition": 1, "reporter": "OSVDB", "published": "2007-10-03T18:28:55", "title": "Sun Java JRE / JDK Untrusted-code Warning Banner Display Bypass", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-5240"], "modified": "2007-10-03T18:28:55", "href": "https://vulners.com/osvdb/OSVDB:37760", "id": "OSVDB:37760", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:33", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor Specific Solution URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1\n[Secunia Advisory ID:27009](https://secuniaresearch.flexerasoftware.com/advisories/27009/)\n[Secunia Advisory ID:27206](https://secuniaresearch.flexerasoftware.com/advisories/27206/)\n[Secunia Advisory ID:27716](https://secuniaresearch.flexerasoftware.com/advisories/27716/)\n[Secunia Advisory ID:27804](https://secuniaresearch.flexerasoftware.com/advisories/27804/)\n[Secunia Advisory ID:27261](https://secuniaresearch.flexerasoftware.com/advisories/27261/)\n[Secunia Advisory ID:27693](https://secuniaresearch.flexerasoftware.com/advisories/27693/)\n[Related OSVDB ID: 37762](https://vulners.com/osvdb/OSVDB:37762)\n[Related OSVDB ID: 37763](https://vulners.com/osvdb/OSVDB:37763)\n[Related OSVDB ID: 37764](https://vulners.com/osvdb/OSVDB:37764)\n[Related OSVDB ID: 37765](https://vulners.com/osvdb/OSVDB:37765)\n[Related OSVDB ID: 37759](https://vulners.com/osvdb/OSVDB:37759)\n[Related OSVDB ID: 37760](https://vulners.com/osvdb/OSVDB:37760)\nRedHat RHSA: RHSA-2007:0963\nRedHat RHSA: RHSA-2007:1041\nOther Advisory URL: http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html\nOther Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00004.html\nOther Advisory URL: HPSBUX02284 SSRT071483:\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_55_java.html\nISS X-Force ID: 36950\nFrSIRT Advisory: ADV-2007-3895\n[CVE-2007-5239](https://vulners.com/cve/CVE-2007-5239)\n", "edition": 1, "reporter": "OSVDB", "published": "2007-10-03T18:28:55", "title": "Sun Java JRE / JDK Local Drag-and-drop Operation Access Restriction Bypass", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-5239"], "modified": "2007-10-03T18:28:55", "href": "https://vulners.com/osvdb/OSVDB:37761", "id": "OSVDB:37761", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:39", "references": ["http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.3.1.20", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-sun-jdk", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.6.0.3p3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "jdk", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-blackdown-jdk", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "jdk", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-sun-jdk", "operator": "eq"}], "description": "\nSUN reports:\n\nA vulnerability in the Java Runtime Environment (JRE) with applet\n\t caching may allow an untrusted applet that is downloaded from a\n\t malicious website to make network connections to network services\n\t on machines other than the one that the applet was downloaded from.\n\t This may allow network resources (such as web pages) and\n\t vulnerabilities (that exist on these network services) which are not\n\t otherwise normally accessible to be accessed or exploited.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2007-10-03T00:00:00", "title": "jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-5232"], "modified": "2007-11-16T00:00:00", "id": "C93E4D41-75C5-11DC-B903-0016179B2DD5", "href": "https://vuxml.freebsd.org/freebsd/c93e4d41-75c5-11dc-b903-0016179b2dd5.html", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "f5": [{"lastseen": "2017-06-08T00:16:33", "references": [], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nLineRate| None| 2.2.0 - 2.5.0 \n1.6.0 - 1.6.4| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the **Severity** value. Security Advisory articles published before this date do not list a **Severity** value.\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "reporter": "f5", "published": "2015-04-21T21:01:00", "title": "Multiple Sun Java vulnerabilities", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-3105", "CVE-2008-1195", "CVE-2007-3715", "CVE-2008-1191", "CVE-2007-3655", "CVE-2008-1189", "CVE-2008-1186", "CVE-2008-1185", "CVE-2008-3110", "CVE-2008-3109", "CVE-2007-3922", "CVE-2008-1190", "CVE-2008-1187", "CVE-2007-5689", "CVE-2008-1188", "CVE-2007-3716", "CVE-2007-5239"], "modified": "2017-03-14T00:49:00", "href": "https://support.f5.com/csp/article/K16475", "id": "F5:K16475", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:31", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "reporter": "f5", "published": "2015-04-21T00:00:00", "title": "SOL16475 - Multiple Sun Java vulnerabilities", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-3105", "CVE-2008-1195", "CVE-2007-3715", "CVE-2008-1191", "CVE-2007-3655", "CVE-2008-1189", "CVE-2008-1186", "CVE-2008-1185", "CVE-2008-3110", "CVE-2008-3109", "CVE-2007-3922", "CVE-2008-1190", "CVE-2008-1187", "CVE-2007-5689", "CVE-2008-1188", "CVE-2007-3716", "CVE-2007-5239"], "modified": "2016-07-25T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/400/sol16475.html", "id": "SOL16475", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}