The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries :
- Java Runtime Environment (JRE)
- Network File Copy (NFC) Protocol
- OpenSSL
{"nessus": [{"lastseen": "2023-12-03T14:44:03", "description": "java-openjdk was upgraded to version 1.11.5 to fix various security and non-security issues.", "cvss3": {}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.2 Security Update : OpenJDK (SAT Patch Number 6987)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-4681", "CVE-2012-5067", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5078", "CVE-2012-5079", "CVE-2012-5080", "CVE-2012-5081", "CVE-2012-5082", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2022-03-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_6_0-OPENJDK-121023.NASL", "href": "https://www.tenable.com/plugins/nessus/64169", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64169);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2012-1531\",\n \"CVE-2012-1532\",\n \"CVE-2012-1533\",\n \"CVE-2012-3143\",\n \"CVE-2012-3159\",\n \"CVE-2012-3216\",\n \"CVE-2012-4416\",\n \"CVE-2012-4681\",\n \"CVE-2012-5067\",\n \"CVE-2012-5068\",\n \"CVE-2012-5069\",\n \"CVE-2012-5070\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5074\",\n \"CVE-2012-5075\",\n \"CVE-2012-5076\",\n \"CVE-2012-5077\",\n \"CVE-2012-5078\",\n \"CVE-2012-5079\",\n \"CVE-2012-5080\",\n \"CVE-2012-5081\",\n \"CVE-2012-5082\",\n \"CVE-2012-5083\",\n \"CVE-2012-5084\",\n \"CVE-2012-5085\",\n \"CVE-2012-5086\",\n \"CVE-2012-5087\",\n \"CVE-2012-5088\",\n \"CVE-2012-5089\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"SuSE 11.2 Security Update : OpenJDK (SAT Patch Number 6987)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SuSE 11 host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"java-openjdk was upgraded to version 1.11.5 to fix various security\nand non-security issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=785433\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-1531.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-1532.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-1533.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-3143.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-3159.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-3216.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-4416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-4681.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5067.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5068.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5069.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5070.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5071.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5072.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5073.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5074.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5075.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5076.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5077.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5078.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5079.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5080.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5081.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5082.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5083.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5084.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5085.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5086.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5087.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5088.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5089.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply SAT patch number 6987.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-1.6.0.0_b24.1.11.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-1.6.0.0_b24.1.11.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.5-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:10:41", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 9 / 6 Update 37 / 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by security issues in the following components :\n\n - 2D\n - Beans\n - Concurrency\n - Deployment\n - Hotspot\n - JAX-WS\n - JMX\n - JSSE\n - Libraries\n - Networking\n - Security\n - Swing", "cvss3": {}, "published": "2012-10-17T00:00:00", "type": "nessus", "title": "Oracle Java SE Multiple Vulnerabilities (October 2012 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5067", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5078", "CVE-2012-5079", "CVE-2012-5080", "CVE-2012-5081", "CVE-2012-5082", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "ORACLE_JAVA_CPU_OCT_2012.NASL", "href": "https://www.tenable.com/plugins/nessus/62593", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62593);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2012-1531\",\n \"CVE-2012-1532\",\n \"CVE-2012-1533\",\n \"CVE-2012-3143\",\n \"CVE-2012-3159\",\n \"CVE-2012-3216\",\n \"CVE-2012-4416\",\n \"CVE-2012-5067\",\n \"CVE-2012-5068\",\n \"CVE-2012-5069\",\n \"CVE-2012-5070\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5074\",\n \"CVE-2012-5075\",\n \"CVE-2012-5076\",\n \"CVE-2012-5077\",\n \"CVE-2012-5078\",\n \"CVE-2012-5079\",\n \"CVE-2012-5080\",\n \"CVE-2012-5081\",\n \"CVE-2012-5082\",\n \"CVE-2012-5083\",\n \"CVE-2012-5084\",\n \"CVE-2012-5085\",\n \"CVE-2012-5086\",\n \"CVE-2012-5087\",\n \"CVE-2012-5088\",\n \"CVE-2012-5089\"\n );\n script_bugtraq_id(\n 55501,\n 56025,\n 56033,\n 56039,\n 56043,\n 56046,\n 56051,\n 56054,\n 56055,\n 56056,\n 56057,\n 56058,\n 56059,\n 56061,\n 56063,\n 56065,\n 56066,\n 56067,\n 56068,\n 56070,\n 56071,\n 56072,\n 56075,\n 56076,\n 56078,\n 56079,\n 56080,\n 56081,\n 56082,\n 56083\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"Oracle Java SE Multiple Vulnerabilities (October 2012 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a programming platform that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is earlier than 7 Update 9 / 6 Update 37\n/ 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by\nsecurity issues in the following components :\n\n - 2D\n - Beans\n - Concurrency\n - Deployment\n - Hotspot\n - JAX-WS\n - JMX\n - JSSE\n - Libraries\n - Networking\n - Security\n - Swing\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/524506/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/524507/30/0/threaded\");\n # http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b0eb44d4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/6u37-relnotes-1863283.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.oracle.com/technetwork/java/eol-135779.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to JDK / JRE 7 Update 9 / 6 Update 37, JDK 5.0 Update 38, SDK\n1.4.2_40 or later, and remove, if necessary, any affected versions.\n\nNote that an Extended Support contract with Oracle is needed to obtain\nJDK 5.0 Update 38 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"SMB/Java/JRE/*\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n if (\n ver =~ '^1\\\\.7\\\\.0_0[0-8]([^0-9]|$)' ||\n ver =~ '^1\\\\.6\\\\.0_([0-9]|[0-2][0-9]|3[0-6])([^0-9]|$)' ||\n ver =~ '^1\\\\.5\\\\.0_([0-9]|[0-2][0-9]|3[0-7])([^0-9]|$)' ||\n ver =~ '^1\\\\.4\\\\.([01]_|2_([0-9]|[0-3][0-9])([^0-9]|$))'\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.7.0_09 / 1.6.0_37 / 1.5.0_38 / 1.4.2_40\\n';\n }\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T14:47:19", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 9 / 6 Update 37 / 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by security issues in the following components :\n\n - 2D\n - Beans\n - Concurrency\n - Deployment\n - Hotspot\n - JAX-WS\n - JMX\n - JSSE\n - Libraries\n - Networking\n - Security\n - Swing", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "nessus", "title": "Oracle Java SE Multiple Vulnerabilities (October 2012 CPU) (Unix)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5067", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5078", "CVE-2012-5079", "CVE-2012-5080", "CVE-2012-5081", "CVE-2012-5082", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "ORACLE_JAVA_CPU_OCT_2012_UNIX.NASL", "href": "https://www.tenable.com/plugins/nessus/64849", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64849);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2012-1531\",\n \"CVE-2012-1532\",\n \"CVE-2012-1533\",\n \"CVE-2012-3143\",\n \"CVE-2012-3159\",\n \"CVE-2012-3216\",\n \"CVE-2012-4416\",\n \"CVE-2012-5067\",\n \"CVE-2012-5068\",\n \"CVE-2012-5069\",\n \"CVE-2012-5070\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5074\",\n \"CVE-2012-5075\",\n \"CVE-2012-5076\",\n \"CVE-2012-5077\",\n \"CVE-2012-5078\",\n \"CVE-2012-5079\",\n \"CVE-2012-5080\",\n \"CVE-2012-5081\",\n \"CVE-2012-5082\",\n \"CVE-2012-5083\",\n \"CVE-2012-5084\",\n \"CVE-2012-5085\",\n \"CVE-2012-5086\",\n \"CVE-2012-5087\",\n \"CVE-2012-5088\",\n \"CVE-2012-5089\"\n );\n script_bugtraq_id(\n 55501,\n 56025,\n 56033,\n 56039,\n 56043,\n 56046,\n 56051,\n 56054,\n 56055,\n 56056,\n 56057,\n 56058,\n 56059,\n 56061,\n 56063,\n 56065,\n 56066,\n 56067,\n 56068,\n 56070,\n 56071,\n 56072,\n 56075,\n 56076,\n 56078,\n 56079,\n 56080,\n 56081,\n 56082,\n 56083\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"Oracle Java SE Multiple Vulnerabilities (October 2012 CPU) (Unix)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Unix host contains a programming platform that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is earlier than 7 Update 9 / 6 Update 37\n/ 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by\nsecurity issues in the following components :\n\n - 2D\n - Beans\n - Concurrency\n - Deployment\n - Hotspot\n - JAX-WS\n - JMX\n - JSSE\n - Libraries\n - Networking\n - Security\n - Swing\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/524506/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/524507/30/0/threaded\");\n # http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b0eb44d4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/6u37-relnotes-1863283.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.oracle.com/technetwork/java/eol-135779.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to JDK / JRE 7 Update 9 / 6 Update 37, JDK 5.0 Update 38, SDK\n1.4.2_40 or later and remove, if necessary, any affected versions.\n\nNote that an Extended Support contract with Oracle is needed to obtain\nJDK 5 .0 Update 38 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"Host/Java/JRE/Unmanaged/*\");\n\ninfo = \"\";\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = \"\";\ngranular = \"\";\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"Host/Java/JRE/Unmanaged/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n if (\n ver =~ '^1\\\\.7\\\\.0_0[0-8]([^0-9]|$)' ||\n ver =~ '^1\\\\.6\\\\.0_([0-9]|[0-2][0-9]|3[0-6])([^0-9]|$)' ||\n ver =~ '^1\\\\.5\\\\.0_([0-9]|[0-2][0-9]|3[0-7])([^0-9]|$)' ||\n ver =~ '^1\\\\.4\\\\.([01]_|2_([0-9]|[0-3][0-9])([^0-9]|$))'\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.7.0_09 / 1.6.0_37 / 1.5.0_38 / 1.4.2_40\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += \"The Oracle Java version \"+ver+\" at \"+dir+\" is not granular enough to make a determination.\"+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T14:44:29", "description": "IBM Java 1.7.0 has been updated to SR3 which fixes bugs and security issues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nCVEs fixed: CVE-2012-3159 / CVE-2012-3216 / CVE-2012-5070 / CVE-2012-5067 / CVE-2012-3143 / CVE-2012-5076 / CVE-2012-5077 / CVE-2012-5073 / CVE-2012-5074 / CVE-2012-5075 / CVE-2012-5083 / CVE-2012-5083 / CVE-2012-5072 / CVE-2012-1531 / CVE-2012-5081 / CVE-2012-1532 / CVE-2012-1533 / CVE-2012-5069 / CVE-2012-5071 / CVE-2012-5084 / CVE-2012-5087 / CVE-2012-5086 / CVE-2012-5079 / CVE-2012-5088 / CVE-2012-5089", "cvss3": {}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.2 Security Update : IBM Java 1.7.0 (SAT Patch Number 7046)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-5067", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2022-03-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_7_0-IBM-121113.NASL", "href": "https://www.tenable.com/plugins/nessus/64171", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64171);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2012-1531\",\n \"CVE-2012-1532\",\n \"CVE-2012-1533\",\n \"CVE-2012-3143\",\n \"CVE-2012-3159\",\n \"CVE-2012-3216\",\n \"CVE-2012-5067\",\n \"CVE-2012-5069\",\n \"CVE-2012-5070\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5074\",\n \"CVE-2012-5075\",\n \"CVE-2012-5076\",\n \"CVE-2012-5077\",\n \"CVE-2012-5079\",\n \"CVE-2012-5081\",\n \"CVE-2012-5083\",\n \"CVE-2012-5084\",\n \"CVE-2012-5086\",\n \"CVE-2012-5087\",\n \"CVE-2012-5088\",\n \"CVE-2012-5089\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"SuSE 11.2 Security Update : IBM Java 1.7.0 (SAT Patch Number 7046)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SuSE 11 host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"IBM Java 1.7.0 has been updated to SR3 which fixes bugs and security\nissues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nCVEs fixed: CVE-2012-3159 / CVE-2012-3216 / CVE-2012-5070 /\nCVE-2012-5067 / CVE-2012-3143 / CVE-2012-5076 / CVE-2012-5077 /\nCVE-2012-5073 / CVE-2012-5074 / CVE-2012-5075 / CVE-2012-5083 /\nCVE-2012-5083 / CVE-2012-5072 / CVE-2012-1531 / CVE-2012-5081 /\nCVE-2012-1532 / CVE-2012-1533 / CVE-2012-5069 / CVE-2012-5071 /\nCVE-2012-5084 / CVE-2012-5087 / CVE-2012-5086 / CVE-2012-5079 /\nCVE-2012-5088 / CVE-2012-5089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=788750\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-1531.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-1532.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-1533.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-3143.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-3159.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-3216.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5067.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5069.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5070.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5071.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5072.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5073.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5074.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5075.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5076.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5077.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5079.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5081.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5083.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5084.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5086.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5087.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5088.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-5089.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply SAT patch number 7046.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"java-1_7_0-ibm-1.7.0_sr3.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"java-1_7_0-ibm-jdbc-1.7.0_sr3.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr3.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr3.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr3.0-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T14:57:30", "description": "From Red Hat Security Advisory 2012:1386 :\n\nUpdated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\n[Update 13 November 2012] The file list of this advisory was updated to move java-1.7.0-openjdk-devel from the optional repositories to the base repositories. Additionally, java-1.7.0-openjdk for the HPC Node variant was also moved (this package was already in the base repositories for other product variants). No changes have been made to the packages themselves.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084, CVE-2012-5089)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.org.glassfish packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This update lists those packages as restricted.\n(CVE-2012-5076, CVE-2012-5074)\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use these flaws to disclose sensitive information. (CVE-2012-5070, CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.3.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2012-1386) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2022-03-29T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.7.0-openjdk", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-1386.NASL", "href": "https://www.tenable.com/plugins/nessus/68646", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1386 and \n# Oracle Linux Security Advisory ELSA-2012-1386 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68646);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2012-3216\",\n \"CVE-2012-4416\",\n \"CVE-2012-5068\",\n \"CVE-2012-5069\",\n \"CVE-2012-5070\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5074\",\n \"CVE-2012-5075\",\n \"CVE-2012-5076\",\n \"CVE-2012-5077\",\n \"CVE-2012-5079\",\n \"CVE-2012-5081\",\n \"CVE-2012-5084\",\n \"CVE-2012-5085\",\n \"CVE-2012-5086\",\n \"CVE-2012-5087\",\n \"CVE-2012-5088\",\n \"CVE-2012-5089\"\n );\n script_bugtraq_id(\n 55501,\n 56039,\n 56043,\n 56054,\n 56056,\n 56057,\n 56058,\n 56063,\n 56065,\n 56071,\n 56075,\n 56076,\n 56079,\n 56080,\n 56081,\n 56082,\n 56083\n );\n script_xref(name:\"RHSA\", value:\"2012:1386\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2012-1386) (ROBOT)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2012:1386 :\n\nUpdated java-1.7.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\n[Update 13 November 2012] The file list of this advisory was updated\nto move java-1.7.0-openjdk-devel from the optional repositories to the\nbase repositories. Additionally, java-1.7.0-openjdk for the HPC Node\nvariant was also moved (this package was already in the base\nrepositories for other product variants). No changes have been made to\nthe packages themselves.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the\nBeans, Libraries, Swing, and JMX components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088,\nCVE-2012-5084, CVE-2012-5089)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.org.glassfish packages. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. This update lists those packages as restricted.\n(CVE-2012-5076, CVE-2012-5074)\n\nMultiple improper permission check issues were discovered in the\nScripting, JMX, Concurrency, Libraries, and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2012-5068,\nCVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an\ninstance of an incompatible class while performing provider lookup. An\nuntrusted Java application or applet could use this flaw to bypass\ncertain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker\ncould possibly use this flaw to cause an SSL/TLS server to terminate\nwith an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform\ncertain actions in an insecure manner. An untrusted Java application\nor applet could possibly use these flaws to disclose sensitive\ninformation. (CVE-2012-5070, CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could\ncause it to not perform array initialization in certain cases. An\nuntrusted Java application or applet could use this flaw to disclose\nportions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java\napplication or applet could possibly use this flaw to disclose\nsensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the\nhash code of the canonicalized path name. An untrusted Java\napplication or applet could possibly use this flaw to determine\ncertain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package\nby default. Gopher support can be enabled by setting the newly\nintroduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.3.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2012-October/003088.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.7.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-1.7.0.9-2.3.3.0.1.el6_3.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.0.1.el6_3.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.0.1.el6_3.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.3.0.1.el6_3.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-src-1.7.0.9-2.3.3.0.1.el6_3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:50:45", "description": "Multiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084, CVE-2012-5089)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.org.glassfish packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This update lists those packages as restricted.\n(CVE-2012-5076, CVE-2012-5074)\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use these flaws to disclose sensitive information. (CVE-2012-5070, CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.3.\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-10-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20121017) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2022-03-29T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel"], "id": "SL_20121017_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/62653", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62653);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2012-3216\",\n \"CVE-2012-4416\",\n \"CVE-2012-5068\",\n \"CVE-2012-5069\",\n \"CVE-2012-5070\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5074\",\n \"CVE-2012-5075\",\n \"CVE-2012-5076\",\n \"CVE-2012-5077\",\n \"CVE-2012-5079\",\n \"CVE-2012-5081\",\n \"CVE-2012-5084\",\n \"CVE-2012-5085\",\n \"CVE-2012-5086\",\n \"CVE-2012-5087\",\n \"CVE-2012-5088\",\n \"CVE-2012-5089\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20121017) (ROBOT)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple improper permission check issues were discovered in the\nBeans, Libraries, Swing, and JMX components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088,\nCVE-2012-5084, CVE-2012-5089)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.org.glassfish packages. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. This update lists those packages as restricted.\n(CVE-2012-5076, CVE-2012-5074)\n\nMultiple improper permission check issues were discovered in the\nScripting, JMX, Concurrency, Libraries, and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2012-5068,\nCVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an\ninstance of an incompatible class while performing provider lookup. An\nuntrusted Java application or applet could use this flaw to bypass\ncertain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker\ncould possibly use this flaw to cause an SSL/TLS server to terminate\nwith an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform\ncertain actions in an insecure manner. An untrusted Java application\nor applet could possibly use these flaws to disclose sensitive\ninformation. (CVE-2012-5070, CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could\ncause it to not perform array initialization in certain cases. An\nuntrusted Java application or applet could use this flaw to disclose\nportions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java\napplication or applet could possibly use this flaw to disclose\nsensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the\nhash code of the canonicalized path name. An untrusted Java\napplication or applet could possibly use this flaw to determine\ncertain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package\nby default. Gopher support can be enabled by setting the newly\nintroduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.3.\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\");\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1210&L=scientific-linux-errata&T=0&P=2671\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?459326fe\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.3.el6_3.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T16:18:47", "description": "Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\n[Update 13 November 2012] The file list of this advisory was updated to move java-1.7.0-openjdk-devel from the optional repositories to the base repositories. Additionally, java-1.7.0-openjdk for the HPC Node variant was also moved (this package was already in the base repositories for other product variants). No changes have been made to the packages themselves.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084, CVE-2012-5089)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.org.glassfish packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This update lists those packages as restricted.\n(CVE-2012-5076, CVE-2012-5074)\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use these flaws to disclose sensitive information. (CVE-2012-5070, CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.3.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-10-18T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.7.0-openjdk (RHSA-2012:1386) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2022-03-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.3"], "id": "REDHAT-RHSA-2012-1386.NASL", "href": "https://www.tenable.com/plugins/nessus/62615", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1386. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62615);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2012-3216\",\n \"CVE-2012-4416\",\n \"CVE-2012-5068\",\n \"CVE-2012-5069\",\n \"CVE-2012-5070\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5074\",\n \"CVE-2012-5075\",\n \"CVE-2012-5076\",\n \"CVE-2012-5077\",\n \"CVE-2012-5079\",\n \"CVE-2012-5081\",\n \"CVE-2012-5084\",\n \"CVE-2012-5085\",\n \"CVE-2012-5086\",\n \"CVE-2012-5087\",\n \"CVE-2012-5088\",\n \"CVE-2012-5089\"\n );\n script_bugtraq_id(\n 56043,\n 56054,\n 56056,\n 56057,\n 56079\n );\n script_xref(name:\"RHSA\", value:\"2012:1386\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"RHEL 6 : java-1.7.0-openjdk (RHSA-2012:1386) (ROBOT)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated java-1.7.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\n[Update 13 November 2012] The file list of this advisory was updated\nto move java-1.7.0-openjdk-devel from the optional repositories to the\nbase repositories. Additionally, java-1.7.0-openjdk for the HPC Node\nvariant was also moved (this package was already in the base\nrepositories for other product variants). No changes have been made to\nthe packages themselves.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the\nBeans, Libraries, Swing, and JMX components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088,\nCVE-2012-5084, CVE-2012-5089)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.org.glassfish packages. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. This update lists those packages as restricted.\n(CVE-2012-5076, CVE-2012-5074)\n\nMultiple improper permission check issues were discovered in the\nScripting, JMX, Concurrency, Libraries, and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2012-5068,\nCVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an\ninstance of an incompatible class while performing provider lookup. An\nuntrusted Java application or applet could use this flaw to bypass\ncertain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker\ncould possibly use this flaw to cause an SSL/TLS server to terminate\nwith an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform\ncertain actions in an insecure manner. An untrusted Java application\nor applet could possibly use these flaws to disclose sensitive\ninformation. (CVE-2012-5070, CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could\ncause it to not perform array initialization in certain cases. An\nuntrusted Java application or applet could use this flaw to disclose\nportions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java\napplication or applet could possibly use this flaw to disclose\nsensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the\nhash code of the canonicalized path name. An untrusted Java\napplication or applet could possibly use this flaw to determine\ncertain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package\nby default. Gopher support can be enabled by setting the newly\nintroduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.3.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\");\n # http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.3/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f67718bf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/topics/security/whatsnew/index.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2012:1386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5084\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-4416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5085\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5081\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-3216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5088\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5076\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1386\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.3.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:11:04", "description": "Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\n[Update 13 November 2012] The file list of this advisory was updated to move java-1.7.0-openjdk-devel from the optional repositories to the base repositories. Additionally, java-1.7.0-openjdk for the HPC Node variant was also moved (this package was already in the base repositories for other product variants). No changes have been made to the packages themselves.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084, CVE-2012-5089)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.org.glassfish packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This update lists those packages as restricted.\n(CVE-2012-5076, CVE-2012-5074)\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use these flaws to disclose sensitive information. (CVE-2012-5070, CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.3.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-10-18T00:00:00", "type": "nessus", "title": "CentOS 6 : java-1.7.0-openjdk (CESA-2012:1386) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2022-03-29T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.7.0-openjdk", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-src", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-1386.NASL", "href": "https://www.tenable.com/plugins/nessus/62598", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1386 and \n# CentOS Errata and Security Advisory 2012:1386 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62598);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2012-3216\",\n \"CVE-2012-4416\",\n \"CVE-2012-5068\",\n \"CVE-2012-5069\",\n \"CVE-2012-5070\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5074\",\n \"CVE-2012-5075\",\n \"CVE-2012-5076\",\n \"CVE-2012-5077\",\n \"CVE-2012-5079\",\n \"CVE-2012-5081\",\n \"CVE-2012-5084\",\n \"CVE-2012-5085\",\n \"CVE-2012-5086\",\n \"CVE-2012-5087\",\n \"CVE-2012-5088\",\n \"CVE-2012-5089\"\n );\n script_bugtraq_id(\n 56039,\n 56043,\n 56054,\n 56056,\n 56057,\n 56058,\n 56059,\n 56063,\n 56065,\n 56067,\n 56075,\n 56076,\n 56079\n );\n script_xref(name:\"RHSA\", value:\"2012:1386\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"CentOS 6 : java-1.7.0-openjdk (CESA-2012:1386) (ROBOT)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated java-1.7.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\n[Update 13 November 2012] The file list of this advisory was updated\nto move java-1.7.0-openjdk-devel from the optional repositories to the\nbase repositories. Additionally, java-1.7.0-openjdk for the HPC Node\nvariant was also moved (this package was already in the base\nrepositories for other product variants). No changes have been made to\nthe packages themselves.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the\nBeans, Libraries, Swing, and JMX components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088,\nCVE-2012-5084, CVE-2012-5089)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.org.glassfish packages. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. This update lists those packages as restricted.\n(CVE-2012-5076, CVE-2012-5074)\n\nMultiple improper permission check issues were discovered in the\nScripting, JMX, Concurrency, Libraries, and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2012-5068,\nCVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an\ninstance of an incompatible class while performing provider lookup. An\nuntrusted Java application or applet could use this flaw to bypass\ncertain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker\ncould possibly use this flaw to cause an SSL/TLS server to terminate\nwith an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform\ncertain actions in an insecure manner. An untrusted Java application\nor applet could possibly use these flaws to disclose sensitive\ninformation. (CVE-2012-5070, CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could\ncause it to not perform array initialization in certain cases. An\nuntrusted Java application or applet could use this flaw to disclose\nportions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java\napplication or applet could possibly use this flaw to disclose\nsensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the\nhash code of the canonicalized path name. An untrusted Java\napplication or applet could possibly use this flaw to determine\ncertain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package\nby default. Gopher support can be enabled by setting the newly\nintroduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.3.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\");\n # https://lists.centos.org/pipermail/centos-announce/2012-October/018947.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9aa1fda0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.7.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.3.el6_3.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:11:04", "description": "Several information disclosure vulnerabilities were discovered in the OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075, CVE-2012-5077, CVE-2012-5085)\n\nVulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5089)\n\nInformation disclosure vulnerabilities were discovered in the OpenJDK JRE. These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070)\n\nVulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2012-5073, CVE-2012-5079)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. This issue only affected Ubuntu 12.10. (CVE-2012-5074)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. These issues only affected Ubuntu 12.10. (CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)\n\nA denial of service vulnerability was found in OpenJDK.\n(CVE-2012-5081)\n\nPlease see the following for more information:\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2012-15159 24.html.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-10-26T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1619-1) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5067", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2022-03-29T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao", "p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-cacao", "p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10"], "id": "UBUNTU_USN-1619-1.NASL", "href": "https://www.tenable.com/plugins/nessus/62709", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1619-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62709);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2012-1531\",\n \"CVE-2012-1532\",\n \"CVE-2012-1533\",\n \"CVE-2012-3143\",\n \"CVE-2012-3159\",\n \"CVE-2012-3216\",\n \"CVE-2012-4416\",\n \"CVE-2012-5067\",\n \"CVE-2012-5068\",\n \"CVE-2012-5069\",\n \"CVE-2012-5070\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5074\",\n \"CVE-2012-5075\",\n \"CVE-2012-5076\",\n \"CVE-2012-5077\",\n \"CVE-2012-5079\",\n \"CVE-2012-5081\",\n \"CVE-2012-5083\",\n \"CVE-2012-5084\",\n \"CVE-2012-5085\",\n \"CVE-2012-5086\",\n \"CVE-2012-5087\",\n \"CVE-2012-5088\",\n \"CVE-2012-5089\"\n );\n script_bugtraq_id(\n 55501,\n 56025,\n 56033,\n 56039,\n 56046,\n 56051,\n 56055,\n 56056,\n 56058,\n 56059,\n 56061,\n 56065,\n 56067,\n 56070,\n 56072,\n 56075,\n 56076,\n 56079,\n 56080,\n 56081,\n 56082,\n 56083\n );\n script_xref(name:\"USN\", value:\"1619-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1619-1) (ROBOT)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"Several information disclosure vulnerabilities were discovered in the\nOpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072,\nCVE-2012-5075, CVE-2012-5077, CVE-2012-5085)\n\nVulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. (CVE-2012-4416,\nCVE-2012-5071)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit\nthese to cause a denial of service. (CVE-2012-1531, CVE-2012-1532,\nCVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-5068,\nCVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5089)\n\nInformation disclosure vulnerabilities were discovered in the OpenJDK\nJRE. These issues only affected Ubuntu 12.10. (CVE-2012-5067,\nCVE-2012-5070)\n\nVulnerabilities were discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2012-5073, CVE-2012-5079)\n\nA vulnerability was discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. This issue only affected\nUbuntu 12.10. (CVE-2012-5074)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit\nthese to cause a denial of service. These issues only affected Ubuntu\n12.10. (CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)\n\nA denial of service vulnerability was found in OpenJDK.\n(CVE-2012-5081)\n\nPlease see the following for more information:\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2012-15159\n24.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://usn.ubuntu.com/1619-1/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2022 Canonical, Inc. / NASL script (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b24-1.11.5-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b24-1.11.5-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b24-1.11.5-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b24-1.11.5-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b24-1.11.5-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b24-1.11.5-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b24-1.11.5-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b24-1.11.5-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b24-1.11.5-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b24-1.11.5-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b24-1.11.5-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b24-1.11.5-0ubuntu1~11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b24-1.11.5-0ubuntu1~11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b24-1.11.5-0ubuntu1~11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b24-1.11.5-0ubuntu1~11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b24-1.11.5-0ubuntu1~11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b24-1.11.5-0ubuntu1~11.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b24-1.11.5-0ubuntu1~12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b24-1.11.5-0ubuntu1~12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b24-1.11.5-0ubuntu1~12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b24-1.11.5-0ubuntu1~12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b24-1.11.5-0ubuntu1~12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b24-1.11.5-0ubuntu1~12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"icedtea-7-jre-cacao\", pkgver:\"7u9-2.3.3-0ubuntu1~12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"icedtea-7-jre-jamvm\", pkgver:\"7u9-2.3.3-0ubuntu1~12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre\", pkgver:\"7u9-2.3.3-0ubuntu1~12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre-headless\", pkgver:\"7u9-2.3.3-0ubuntu1~12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre-lib\", pkgver:\"7u9-2.3.3-0ubuntu1~12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre-zero\", pkgver:\"7u9-2.3.3-0ubuntu1~12.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-6-jre-cacao / icedtea-6-jre-jamvm / icedtea-7-jre-cacao / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:10:45", "description": "Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.\n(CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5067, CVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 9. All running instances of Oracle Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-10-19T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.7.0-oracle (RHSA-2012:1391)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5067", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2022-03-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-1391.NASL", "href": "https://www.tenable.com/plugins/nessus/62635", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1391. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62635);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2012-1531\",\n \"CVE-2012-1532\",\n \"CVE-2012-1533\",\n \"CVE-2012-3143\",\n \"CVE-2012-3159\",\n \"CVE-2012-3216\",\n \"CVE-2012-4416\",\n \"CVE-2012-5067\",\n \"CVE-2012-5068\",\n \"CVE-2012-5069\",\n \"CVE-2012-5070\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5074\",\n \"CVE-2012-5075\",\n \"CVE-2012-5076\",\n \"CVE-2012-5077\",\n \"CVE-2012-5079\",\n \"CVE-2012-5081\",\n \"CVE-2012-5083\",\n \"CVE-2012-5084\",\n \"CVE-2012-5085\",\n \"CVE-2012-5086\",\n \"CVE-2012-5087\",\n \"CVE-2012-5088\",\n \"CVE-2012-5089\"\n );\n script_xref(name:\"RHSA\", value:\"2012:1391\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"RHEL 6 : java-1.7.0-oracle (RHSA-2012:1391)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated java-1.7.0-oracle packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143,\nCVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5067,\nCVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071,\nCVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075,\nCVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081,\nCVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086,\nCVE-2012-5087, CVE-2012-5088, CVE-2012-5089)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 9. All running instances\nof Oracle Java must be restarted for the update to take effect.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-1531.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-1532.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-1533.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-3143.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-3159.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-3216.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-4416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5067.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5068.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5069.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5070.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5071.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5072.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5073.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5074.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5075.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5076.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5077.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5079.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5081.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5083.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5084.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5085.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5086.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5087.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5088.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2012-5089.html\");\n # http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b0eb44d4\");\n script_set_attribute(attribute:\"see_also\", value:\"http://rhn.redhat.com/errata/RHSA-2012-1391.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-devel-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-javafx-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-plugin-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-src-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.9-1jpp.3.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:10:20", "description": "As a reminder, the openjdk Java environment is available in Scientific Linux 5. Updates for openjdk are released in a similar manner to other security updates. Scientific Linux 6 does not bundle the closed source Java environment.\n\nAll running instances of Sun/Oracle Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-10-31T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (20121018) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0547", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-sun-compat", "p-cpe:/a:fermilab:scientific_linux:jdk"], "id": "SL_20121018_JAVA_1_6_0_SUN_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/62773", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62773);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1531\", \"CVE-2012-1532\", \"CVE-2012-1533\", \"CVE-2012-3143\", \"CVE-2012-3159\", \"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5083\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (20121018) (ROBOT)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"As a reminder, the openjdk Java environment is available in Scientific\nLinux 5. Updates for openjdk are released in a similar manner to other\nsecurity updates. Scientific Linux 6 does not bundle the closed source\nJava environment.\n\nAll running instances of Sun/Oracle Java must be restarted for the\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1210&L=scientific-linux-errata&T=0&P=3435\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a783361\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-sun-compat and / or jdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Double Quote Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-sun-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/31\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-sun-compat-1.6.0.37-3.sl5.jpp\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"jdk-1.6.0_37-fcs\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-sun-compat / jdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:11:04", "description": "Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory and Oracle Security Alert pages, listed in the References section. (CVE-2012-0547, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5089)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 37. All running instances of Oracle Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-10-19T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : java-1.6.0-sun (RHSA-2012:1392)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0547", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.3"], "id": "REDHAT-RHSA-2012-1392.NASL", "href": "https://www.tenable.com/plugins/nessus/62636", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1392. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62636);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1531\", \"CVE-2012-1532\", \"CVE-2012-1533\", \"CVE-2012-3143\", \"CVE-2012-3159\", \"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5083\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n script_xref(name:\"RHSA\", value:\"2012:1392\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.6.0-sun (RHSA-2012:1392)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-sun packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOracle Java SE version 6 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE\nCritical Patch Update Advisory and Oracle Security Alert pages, listed\nin the References section. (CVE-2012-0547, CVE-2012-1531,\nCVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159,\nCVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069,\nCVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075,\nCVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083,\nCVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5089)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide Oracle Java 6 Update 37. All running instances\nof Oracle Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-0547.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-1531.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-1532.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-1533.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-3143.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-3159.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-3216.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-4416.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5068.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5071.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5079.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5084.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5089.html\"\n );\n # http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0eb44d4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.oracle.com/technetwork/topics/security/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2012-1392.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Double Quote Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8\")) flag++;\n\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3\")) flag++;\n\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-sun / java-1.6.0-sun-demo / java-1.6.0-sun-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T14:42:26", "description": "IBM Java 1.6.0 has been updated to SR12 which fixes bugs and security issues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nCVEs fixed: CVE-2012-3159 / CVE-2012-3216 / CVE-2012-5068 / CVE-2012-3143 / CVE-2012-5073 / CVE-2012-5075 / CVE-2012-5083 / CVE-2012-5083 / CVE-2012-5072 / CVE-2012-1531 / CVE-2012-5081 / CVE-2012-1532 / CVE-2012-1533 / CVE-2012-5069 / CVE-2012-5071 / CVE-2012-5084 / CVE-2012-5079 / CVE-2012-5089", "cvss3": {}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.2 Security Update : IBM Java 1.6.0 (SAT Patch Number 7095)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5089"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_6_0-IBM-121126.NASL", "href": "https://www.tenable.com/plugins/nessus/64166", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64166);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1531\", \"CVE-2012-1532\", \"CVE-2012-1533\", \"CVE-2012-3143\", \"CVE-2012-3159\", \"CVE-2012-3216\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5083\", \"CVE-2012-5084\", \"CVE-2012-5089\");\n\n script_name(english:\"SuSE 11.2 Security Update : IBM Java 1.6.0 (SAT Patch Number 7095)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.6.0 has been updated to SR12 which fixes bugs and security\nissues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nCVEs fixed: CVE-2012-3159 / CVE-2012-3216 / CVE-2012-5068 /\nCVE-2012-3143 / CVE-2012-5073 / CVE-2012-5075 / CVE-2012-5083 /\nCVE-2012-5083 / CVE-2012-5072 / CVE-2012-1531 / CVE-2012-5081 /\nCVE-2012-1532 / CVE-2012-1533 / CVE-2012-5069 / CVE-2012-5071 /\nCVE-2012-5084 / CVE-2012-5079 / CVE-2012-5089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=785631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=788750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1531.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1532.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1533.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3143.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3159.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3216.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5068.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5071.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5079.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5084.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5089.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7095.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Double Quote Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"java-1_6_0-ibm-1.6.0_sr12.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"java-1_6_0-ibm-fonts-1.6.0_sr12.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"java-1_6_0-ibm-jdbc-1.6.0_sr12.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0_sr12.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr12.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr12.0-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:11:42", "description": "IBM Java 1.6.0 has been updated to SR12 which fixes bugs and security issues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nCVEs fixed: CVE-2012-3159 / CVE-2012-3216 / CVE-2012-5068 / CVE-2012-3143 / CVE-2012-5073 / CVE-2012-5075 / CVE-2012-5083 / CVE-2012-5083 / CVE-2012-5072 / CVE-2012-1531 / CVE-2012-5081 / CVE-2012-1532 / CVE-2012-1533 / CVE-2012-5069 / CVE-2012-5071 / CVE-2012-5084 / CVE-2012-5079 / CVE-2012-5089", "cvss3": {}, "published": "2012-11-29T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : IBM Java 1.6.0 (ZYPP Patch Number 8383) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5089"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_6_0-IBM-8383.NASL", "href": "https://www.tenable.com/plugins/nessus/63092", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63092);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1531\", \"CVE-2012-1532\", \"CVE-2012-1533\", \"CVE-2012-3143\", \"CVE-2012-3159\", \"CVE-2012-3216\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5083\", \"CVE-2012-5084\", \"CVE-2012-5089\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 1.6.0 (ZYPP Patch Number 8383) (ROBOT)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.6.0 has been updated to SR12 which fixes bugs and security\nissues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nCVEs fixed: CVE-2012-3159 / CVE-2012-3216 / CVE-2012-5068 /\nCVE-2012-3143 / CVE-2012-5073 / CVE-2012-5075 / CVE-2012-5083 /\nCVE-2012-5083 / CVE-2012-5072 / CVE-2012-1531 / CVE-2012-5081 /\nCVE-2012-1532 / CVE-2012-1533 / CVE-2012-5069 / CVE-2012-5071 /\nCVE-2012-5084 / CVE-2012-5079 / CVE-2012-5089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1531.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1532.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1533.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3143.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3159.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3216.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5068.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5071.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5079.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5084.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5089.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8383.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Double Quote Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_6_0-ibm-1.6.0_sr12.0-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_6_0-ibm-devel-1.6.0_sr12.0-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_6_0-ibm-fonts-1.6.0_sr12.0-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_6_0-ibm-jdbc-1.6.0_sr12.0-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_6_0-ibm-plugin-1.6.0_sr12.0-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0_sr12.0-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-32bit-1.6.0_sr12.0-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-alsa-32bit-1.6.0_sr12.0-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-devel-32bit-1.6.0_sr12.0-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-plugin-32bit-1.6.0_sr12.0-0.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:56:27", "description": "IBM Java 1.7.0 has been updated to SR3 which fixes bugs and security issues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nCVEs fixed: CVE-2012-3159, CVE-2012-3216, CVE-2012-5070, CVE-2012-5067, CVE-2012-3143, CVE-2012-5076, CVE-2012-5077, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5083, CVE-2012-5083, CVE-2012-5072, CVE-2012-1531, CVE-2012-5081, CVE-2012-1532, CVE-2012-1533, CVE-2012-5069, CVE-2012-5071, CVE-2012-5084, CVE-2012-5087, CVE-2012-5086, CVE-2012-5079, CVE-2012-5088, CVE-2012-5089\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : IBM Java 1.7.0 (SUSE-SU-2012:1489-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-5067", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2022-03-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2012-1489-2.NASL", "href": "https://www.tenable.com/plugins/nessus/83567", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2012:1489-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83567);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2012-1531\",\n \"CVE-2012-1532\",\n \"CVE-2012-1533\",\n \"CVE-2012-3159\",\n \"CVE-2012-3216\",\n \"CVE-2012-5067\",\n \"CVE-2012-5070\",\n \"CVE-2012-5071\",\n \"CVE-2012-5073\",\n \"CVE-2012-5075\",\n \"CVE-2012-5076\",\n \"CVE-2012-5077\",\n \"CVE-2012-5079\",\n \"CVE-2012-5081\",\n \"CVE-2012-5083\",\n \"CVE-2012-5084\",\n \"CVE-2012-5087\",\n \"CVE-2012-5088\",\n \"CVE-2012-5089\"\n );\n script_bugtraq_id(\n 56025,\n 56033,\n 56039,\n 56043,\n 56046,\n 56051,\n 56054,\n 56055,\n 56056,\n 56057,\n 56058,\n 56059,\n 56061,\n 56063,\n 56065,\n 56070,\n 56071,\n 56072,\n 56075,\n 56079,\n 56080,\n 56081,\n 56082,\n 56083\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"SUSE SLES11 Security Update : IBM Java 1.7.0 (SUSE-SU-2012:1489-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"IBM Java 1.7.0 has been updated to SR3 which fixes bugs and security\nissues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nCVEs fixed: CVE-2012-3159, CVE-2012-3216, CVE-2012-5070,\nCVE-2012-5067, CVE-2012-3143, CVE-2012-5076, CVE-2012-5077,\nCVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5083,\nCVE-2012-5083, CVE-2012-5072, CVE-2012-1531, CVE-2012-5081,\nCVE-2012-1532, CVE-2012-1533, CVE-2012-5069, CVE-2012-5071,\nCVE-2012-5084, CVE-2012-5087, CVE-2012-5086, CVE-2012-5079,\nCVE-2012-5088, CVE-2012-5089\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://download.suse.com/patch/finder/?keywords=6af80338101f9a022afdf21e00326b65\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4e90a121\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/788750\");\n # https://www.suse.com/support/update/announcement/2012/suse-su-20121489-2.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3a7b9d6\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11 SP2 :\n\nzypper in -t patch sdksp2-java-1_7_0-ibm-7046\n\nSUSE Linux Enterprise Server 11 SP2 for VMware :\n\nzypper in -t patch slessp2-java-1_7_0-ibm-7046\n\nSUSE Linux Enterprise Server 11 SP2 :\n\nzypper in -t patch slessp2-java-1_7_0-ibm-7046\n\nSUSE Linux Enterprise Java 11 SP2 :\n\nzypper in -t patch slejsp2-java-1_7_0-ibm-7046\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^2$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr3.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr3.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"java-1_7_0-ibm-1.7.0_sr3.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"java-1_7_0-ibm-jdbc-1.7.0_sr3.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr3.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr3.0-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"IBM Java 1.7.0\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:24:31", "description": "This version upgrade to 1.11.5 fixed various security and non-security issues.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:1423-1) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-754.NASL", "href": "https://www.tenable.com/plugins/nessus/74799", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-754.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74799);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:1423-1) (ROBOT)\");\n script_summary(english:\"Check for the openSUSE-2012-754 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This version upgrade to 1.11.5 fixed various security and non-security\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=785433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-10/msg00099.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-1.6.0.0_b24.1.11.5-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-debuginfo-1.6.0.0_b24.1.11.5-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-debugsource-1.6.0.0_b24.1.11.5-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.5-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b24.1.11.5-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.5-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b24.1.11.5-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b24.1.11.5-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b24.1.11.5-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:51:10", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.5.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-10-18T00:00:00", "type": "nessus", "title": "CentOS 6 : java-1.6.0-openjdk (CESA-2012:1384) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-1384.NASL", "href": "https://www.tenable.com/plugins/nessus/62597", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1384 and \n# CentOS Errata and Security Advisory 2012:1384 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62597);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n script_bugtraq_id(55501, 56039, 56058, 56059, 56063, 56065, 56067, 56071, 56075, 56076, 56080, 56081, 56082, 56083);\n script_xref(name:\"RHSA\", value:\"2012:1384\");\n\n script_name(english:\"CentOS 6 : java-1.6.0-openjdk (CESA-2012:1384) (ROBOT)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the\nBeans, Swing, and JMX components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the\nScripting, JMX, Concurrency, Libraries, and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2012-5068,\nCVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an\ninstance of an incompatible class while performing provider lookup. An\nuntrusted Java application or applet could use this flaw to bypass\ncertain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker\ncould possibly use this flaw to cause an SSL/TLS server to terminate\nwith an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform\ncertain actions in an insecure manner. An untrusted Java application\nor applet could possibly use this flaw to disclose sensitive\ninformation. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could\ncause it to not perform array initialization in certain cases. An\nuntrusted Java application or applet could use this flaw to disclose\nportions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java\napplication or applet could possibly use this flaw to disclose\nsensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the\nhash code of the canonicalized path name. An untrusted Java\napplication or applet could possibly use this flaw to determine\ncertain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package\nby default. Gopher support can be enabled by setting the newly\nintroduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.5.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-October/018946.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb752692\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5086\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:11:04", "description": "Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.10. .\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-10-18T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 (20121017) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-src", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20121017_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/62617", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62617);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 (20121017) (ROBOT)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple improper permission check issues were discovered in the\nBeans, Swing, and JMX components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the\nScripting, JMX, Concurrency, Libraries, and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2012-5068,\nCVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an\ninstance of an incompatible class while performing provider lookup. An\nuntrusted Java application or applet could use this flaw to bypass\ncertain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker\ncould possibly use this flaw to cause an SSL/TLS server to terminate\nwith an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform\ncertain actions in an insecure manner. An untrusted Java application\nor applet could possibly use this flaw to disclose sensitive\ninformation. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could\ncause it to not perform array initialization in certain cases. An\nuntrusted Java application or applet could use this flaw to disclose\nportions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java\napplication or applet could possibly use this flaw to disclose\nsensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the\nhash code of the canonicalized path name. An untrusted Java\napplication or applet could possibly use this flaw to determine\ncertain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package\nby default. Gopher support can be enabled by setting the newly\nintroduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.10. .\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1210&L=scientific-linux-errata&T=0&P=2536\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b81758b6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:50:52", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.10.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-10-19T00:00:00", "type": "nessus", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2012:1385) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2012-1385.NASL", "href": "https://www.tenable.com/plugins/nessus/62630", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1385 and \n# CentOS Errata and Security Advisory 2012:1385 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62630);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n script_bugtraq_id(55501, 56039, 56058, 56059, 56063, 56065, 56067, 56071, 56075, 56076, 56080, 56081, 56082, 56083);\n script_xref(name:\"RHSA\", value:\"2012:1385\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2012:1385) (ROBOT)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the\nBeans, Swing, and JMX components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the\nScripting, JMX, Concurrency, Libraries, and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2012-5068,\nCVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an\ninstance of an incompatible class while performing provider lookup. An\nuntrusted Java application or applet could use this flaw to bypass\ncertain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker\ncould possibly use this flaw to cause an SSL/TLS server to terminate\nwith an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform\ncertain actions in an insecure manner. An untrusted Java application\nor applet could possibly use this flaw to disclose sensitive\ninformation. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could\ncause it to not perform array initialization in certain cases. An\nuntrusted Java application or applet could use this flaw to disclose\nportions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java\napplication or applet could possibly use this flaw to disclose\nsensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the\nhash code of the canonicalized path name. An untrusted Java\napplication or applet could possibly use this flaw to determine\ncertain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package\nby default. Gopher support can be enabled by setting the newly\nintroduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.10.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-October/018948.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfce256e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5086\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T15:50:25", "description": "java 1.6.0 openjdk / icedtea was updated to 1.11.5 (bnc#785433)\n\n - Security fixes\n\n - S6631398, CVE-2012-3216: FilePermission improved path checking\n\n - S7093490: adjust package access in rmiregistry\n\n - S7143535, CVE-2012-5068: ScriptEngine corrected permissions\n\n - S7167656, CVE-2012-5077: Multiple Seeders are being created\n\n - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types\n\n - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector\n\n - S7172522, CVE-2012-5072: Improve DomainCombiner checking\n\n - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC\n\n - S7189103, CVE-2012-5069: Executors needs to maintain state\n\n - S7189490: More improvements to DomainCombiner checking\n\n - S7189567, CVE-2012-5085: java net obselete protocol\n\n - S7192975, CVE-2012-5071: Conditional usage check is wrong\n\n - S7195194, CVE-2012-5084: Better data validation for Swing\n\n - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved\n\n - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance\n\n - S7198296, CVE-2012-5089: Refactor classloader usage\n\n - S7158800: Improve storage of symbol tables\n\n - S7158801: Improve VM CompileOnly option\n\n - S7158804: Improve config file parsing\n\n - S7176337: Additional changes needed for 7158801 fix\n\n - S7198606, CVE-2012-4416: Improve VM optimization\n\n - Backports\n\n - S7175845: 'jar uf' changes file permissions unexpectedly\n\n - S7177216: native2ascii changes file permissions of input file\n\n - S7199153: TEST_BUG: try-with-resources syntax pushed to 6-open repo\n\n - Bug fixes\n\n - PR1194: IcedTea tries to build with /usr/lib/jvm/java-openjdk (now a 1.7 VM) by default", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:1424-1) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src", "cpe:/o:novell:opensuse:11.4"], "id": "OPENSUSE-2012-755.NASL", "href": "https://www.tenable.com/plugins/nessus/74800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-755.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74800);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:1424-1) (ROBOT)\");\n script_summary(english:\"Check for the openSUSE-2012-755 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"java 1.6.0 openjdk / icedtea was updated to 1.11.5 (bnc#785433)\n\n - Security fixes\n\n - S6631398, CVE-2012-3216: FilePermission improved path\n checking\n\n - S7093490: adjust package access in rmiregistry\n\n - S7143535, CVE-2012-5068: ScriptEngine corrected\n permissions\n\n - S7167656, CVE-2012-5077: Multiple Seeders are being\n created\n\n - S7169884, CVE-2012-5073: LogManager checks do not work\n correctly for sub-types\n\n - S7169888, CVE-2012-5075: Narrowing resource definitions\n in JMX RMI connector\n\n - S7172522, CVE-2012-5072: Improve DomainCombiner checking\n\n - S7186286, CVE-2012-5081: TLS implementation to better\n adhere to RFC\n\n - S7189103, CVE-2012-5069: Executors needs to maintain\n state\n\n - S7189490: More improvements to DomainCombiner checking\n\n - S7189567, CVE-2012-5085: java net obselete protocol\n\n - S7192975, CVE-2012-5071: Conditional usage check is\n wrong\n\n - S7195194, CVE-2012-5084: Better data validation for\n Swing\n\n - S7195917, CVE-2012-5086: XMLDecoder parsing at\n close-time should be improved\n\n - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw\n CCE without needing to create instance\n\n - S7198296, CVE-2012-5089: Refactor classloader usage\n\n - S7158800: Improve storage of symbol tables\n\n - S7158801: Improve VM CompileOnly option\n\n - S7158804: Improve config file parsing\n\n - S7176337: Additional changes needed for 7158801 fix\n\n - S7198606, CVE-2012-4416: Improve VM optimization\n\n - Backports\n\n - S7175845: 'jar uf' changes file permissions unexpectedly\n\n - S7177216: native2ascii changes file permissions of input\n file\n\n - S7199153: TEST_BUG: try-with-resources syntax pushed to\n 6-open repo\n\n - Bug fixes\n\n - PR1194: IcedTea tries to build with\n /usr/lib/jvm/java-openjdk (now a 1.7 VM) by default\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=785433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-10/msg00100.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"java-1_6_0-openjdk-1.6.0.0_b24.1.11.5-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"java-1_6_0-openjdk-debuginfo-1.6.0.0_b24.1.11.5-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"java-1_6_0-openjdk-debugsource-1.6.0.0_b24.1.11.5-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.5-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b24.1.11.5-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.5-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b24.1.11.5-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b24.1.11.5-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b24.1.11.5-21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:51:11", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.10.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-10-18T00:00:00", "type": "nessus", "title": "RHEL 5 : java-1.6.0-openjdk (RHSA-2012:1385) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2012-1385.NASL", "href": "https://www.tenable.com/plugins/nessus/62614", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1385. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62614);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n script_xref(name:\"RHSA\", value:\"2012:1385\");\n\n script_name(english:\"RHEL 5 : java-1.6.0-openjdk (RHSA-2012:1385) (ROBOT)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the\nBeans, Swing, and JMX components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the\nScripting, JMX, Concurrency, Libraries, and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2012-5068,\nCVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an\ninstance of an incompatible class while performing provider lookup. An\nuntrusted Java application or applet could use this flaw to bypass\ncertain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker\ncould possibly use this flaw to cause an SSL/TLS server to terminate\nwith an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform\ncertain actions in an insecure manner. An untrusted Java application\nor applet could possibly use this flaw to disclose sensitive\ninformation. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could\ncause it to not perform array initialization in certain cases. An\nuntrusted Java application or applet could use this flaw to disclose\nportions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java\napplication or applet could possibly use this flaw to disclose\nsensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the\nhash code of the canonicalized path name. An untrusted Java\napplication or applet could possibly use this flaw to determine\ncertain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package\nby default. Gopher support can be enabled by setting the newly\nintroduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.10.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.10\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d63b729c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.oracle.com/technetwork/topics/security/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5077\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1385\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.10.el5_8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:51:13", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.5.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-10-18T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.6.0-openjdk (RHSA-2012:1384) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.3"], "id": "REDHAT-RHSA-2012-1384.NASL", "href": "https://www.tenable.com/plugins/nessus/62613", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1384. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62613);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n script_xref(name:\"RHSA\", value:\"2012:1384\");\n\n script_name(english:\"RHEL 6 : java-1.6.0-openjdk (RHSA-2012:1384) (ROBOT)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the\nBeans, Swing, and JMX components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the\nScripting, JMX, Concurrency, Libraries, and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2012-5068,\nCVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an\ninstance of an incompatible class while performing provider lookup. An\nuntrusted Java application or applet could use this flaw to bypass\ncertain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker\ncould possibly use this flaw to cause an SSL/TLS server to terminate\nwith an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform\ncertain actions in an insecure manner. An untrusted Java application\nor applet could possibly use this flaw to disclose sensitive\ninformation. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could\ncause it to not perform array initialization in certain cases. An\nuntrusted Java application or applet could use this flaw to disclose\nportions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java\napplication or applet could possibly use this flaw to disclose\nsensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the\nhash code of the canonicalized path name. An untrusted Java\napplication or applet could possibly use this flaw to determine\ncertain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package\nby default. Gopher support can be enabled by setting the newly\nintroduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.5.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.5/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?416d29b8\"\n );\n # http://www.oracle.com/technetwork/topics/security/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/technetwork/topics/security/whatsnew/index.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5077\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1384\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:10:45", "description": "Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.5.\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-10-18T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64 (20121017) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-src", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20121017_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/62618", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62618);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64 (20121017) (ROBOT)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple improper permission check issues were discovered in the\nBeans, Swing, and JMX components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the\nScripting, JMX, Concurrency, Libraries, and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2012-5068,\nCVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an\ninstance of an incompatible class while performing provider lookup. An\nuntrusted Java application or applet could use this flaw to bypass\ncertain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker\ncould possibly use this flaw to cause an SSL/TLS server to terminate\nwith an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform\ncertain actions in an insecure manner. An untrusted Java application\nor applet could possibly use this flaw to disclose sensitive\ninformation. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could\ncause it to not perform array initialization in certain cases. An\nuntrusted Java application or applet could use this flaw to disclose\nportions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java\napplication or applet could possibly use this flaw to disclose\nsensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the\nhash code of the canonicalized path name. An untrusted Java\napplication or applet could possibly use this flaw to determine\ncertain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package\nby default. Gopher support can be enabled by setting the newly\nintroduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.5.\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1210&L=scientific-linux-errata&T=0&P=2278\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a0dd832\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T14:55:30", "description": "From Red Hat Security Advisory 2012:1385 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.10.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2012-1385) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2012-1385.NASL", "href": "https://www.tenable.com/plugins/nessus/68645", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1385 and \n# Oracle Linux Security Advisory ELSA-2012-1385 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68645);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n script_bugtraq_id(55501, 56039, 56058, 56059, 56063, 56065, 56071, 56075, 56076, 56080, 56081, 56082, 56083);\n script_xref(name:\"RHSA\", value:\"2012:1385\");\n\n script_name(english:\"Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2012-1385) (ROBOT)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1385 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the\nBeans, Swing, and JMX components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the\nScripting, JMX, Concurrency, Libraries, and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2012-5068,\nCVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an\ninstance of an incompatible class while performing provider lookup. An\nuntrusted Java application or applet could use this flaw to bypass\ncertain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker\ncould possibly use this flaw to cause an SSL/TLS server to terminate\nwith an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform\ncertain actions in an insecure manner. An untrusted Java application\nor applet could possibly use this flaw to disclose sensitive\ninformation. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could\ncause it to not perform array initialization in certain cases. An\nuntrusted Java application or applet could use this flaw to disclose\nportions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java\napplication or applet could possibly use this flaw to disclose\nsensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the\nhash code of the canonicalized path name. An untrusted Java\napplication or applet could possibly use this flaw to determine\ncertain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package\nby default. Gopher support can be enabled by setting the newly\nintroduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.10.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-October/003089.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.10.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.10.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.10.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.10.0.1.el5_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T15:50:25", "description": "java-1_7_0-opendjk was updated to icedtea-2.3.3 (bnc#785814)\n\n - Security fixes\n\n - S6631398, CVE-2012-3216: FilePermission improved path checking\n\n - S7093490: adjust package access in rmiregistry\n\n - S7143535, CVE-2012-5068: ScriptEngine corrected permissions\n\n - S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp\n\n - S7158807: Revise stack management with volatile call sites\n\n - S7163198, CVE-2012-5076: Tightened package accessibility\n\n - S7167656, CVE-2012-5077: Multiple Seeders are being created\n\n - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types\n\n - S7169887, CVE-2012-5074: Tightened package accessibility\n\n - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector\n\n - S7172522, CVE-2012-5072: Improve DomainCombiner checking\n\n - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC\n\n - S7189103, CVE-2012-5069: Executors needs to maintain state\n\n - S7189490: More improvements to DomainCombiner checking\n\n - S7189567, CVE-2012-5085: java net obselete protocol\n\n - S7192975, CVE-2012-5071: Issue with JMX reflection\n\n - S7195194, CVE-2012-5084: Better data validation for Swing\n\n - S7195549, CVE-2012-5087: Better bean object persistence\n\n - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved\n\n - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance\n\n - S7196190, CVE-2012-5088: Improve method of handling MethodHandles\n\n - S7198296, CVE-2012-5089: Refactor classloader usage\n\n - S7158800: Improve storage of symbol tables\n\n - S7158801: Improve VM CompileOnly option\n\n - S7158804: Improve config file parsing\n\n - S7198606, CVE-2012-4416: Improve VM optimization\n\n - Bug fixes\n\n - Remove merge artefact.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2012:1419-1) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2022-03-29T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_7_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2012-749.NASL", "href": "https://www.tenable.com/plugins/nessus/74793", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-749.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74793);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2012-3216\",\n \"CVE-2012-4416\",\n \"CVE-2012-5068\",\n \"CVE-2012-5069\",\n \"CVE-2012-5070\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5074\",\n \"CVE-2012-5075\",\n \"CVE-2012-5076\",\n \"CVE-2012-5077\",\n \"CVE-2012-5079\",\n \"CVE-2012-5081\",\n \"CVE-2012-5084\",\n \"CVE-2012-5085\",\n \"CVE-2012-5086\",\n \"CVE-2012-5087\",\n \"CVE-2012-5088\",\n \"CVE-2012-5089\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2012:1419-1) (ROBOT)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"java-1_7_0-opendjk was updated to icedtea-2.3.3 (bnc#785814)\n\n - Security fixes\n\n - S6631398, CVE-2012-3216: FilePermission improved path\n checking\n\n - S7093490: adjust package access in rmiregistry\n\n - S7143535, CVE-2012-5068: ScriptEngine corrected\n permissions\n\n - S7158796, CVE-2012-5070: Tighten properties checking in\n EnvHelp\n\n - S7158807: Revise stack management with volatile call\n sites\n\n - S7163198, CVE-2012-5076: Tightened package accessibility\n\n - S7167656, CVE-2012-5077: Multiple Seeders are being\n created\n\n - S7169884, CVE-2012-5073: LogManager checks do not work\n correctly for sub-types\n\n - S7169887, CVE-2012-5074: Tightened package accessibility\n\n - S7169888, CVE-2012-5075: Narrowing resource definitions\n in JMX RMI connector\n\n - S7172522, CVE-2012-5072: Improve DomainCombiner checking\n\n - S7186286, CVE-2012-5081: TLS implementation to better\n adhere to RFC\n\n - S7189103, CVE-2012-5069: Executors needs to maintain\n state\n\n - S7189490: More improvements to DomainCombiner checking\n\n - S7189567, CVE-2012-5085: java net obselete protocol\n\n - S7192975, CVE-2012-5071: Issue with JMX reflection\n\n - S7195194, CVE-2012-5084: Better data validation for\n Swing\n\n - S7195549, CVE-2012-5087: Better bean object persistence\n\n - S7195917, CVE-2012-5086: XMLDecoder parsing at\n close-time should be improved\n\n - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw\n CCE without needing to create instance\n\n - S7196190, CVE-2012-5088: Improve method of handling\n MethodHandles\n\n - S7198296, CVE-2012-5089: Refactor classloader usage\n\n - S7158800: Improve storage of symbol tables\n\n - S7158801: Improve VM CompileOnly option\n\n - S7158804: Improve config file parsing\n\n - S7198606, CVE-2012-4416: Improve VM optimization\n\n - Bug fixes\n\n - Remove merge artefact.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=785814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.opensuse.org/opensuse-updates/2012-10/msg00095.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1_7_0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-1.7.0.6-3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.6-3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.6-3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-demo-1.7.0.6-3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-devel-1.7.0.6-3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-javadoc-1.7.0.6-3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-src-1.7.0.6-3.16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:10:32", "description": "The remote Mac OS X host has a version of Java for Mac OS X 10.6 that is missing Update 11, which updates the Java version to 1.6.0_37. It is, therefore, affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.", "cvss3": {}, "published": "2012-10-17T00:00:00", "type": "nessus", "title": "Mac OS X : Java for Mac OS X 10.6 Update 11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2023-11-27T00:00:00", "cpe": ["cpe:/a:apple:java_1.6"], "id": "MACOSX_JAVA_10_6_UPDATE11.NASL", "href": "https://www.tenable.com/plugins/nessus/62594", "sourceData": "#TRUSTED 75f14c2f8a243615b871cfff5ef1e0d4990532b511f5a45005cdc65a3dcb83b48127a198cb3d298c5081825bf24c931083c983a6094c21f6411df7854b6a3f7d1696f889e388ac458a450e0fbc856f1b2f150beff15e0a8f1cc950f55224d37dafbda2feeb0b43ef7db896beb142200b81014e224278fdde772c5997bafbf4551b0d20d8101c0e5bb0c9085415d8bc5f1c443d3d1f2ec65c9826781ec2ea75aa855c2943c323cf776d7e8b02593f68730035080ecd12c76958513de6894cc1e1b7bdbb1ead05307c9f207530ccd78c0bed2cc54496221f4829f91bb31c9c6ab765149a49bc68473bd32fe0d8b7acc711b282fb988fb5ca737011a8fd86c89ee6a8db7ea3138a29e18076610cc19029654307a2b856909b5a8eafab6da68c52099233639bcd3475f58637f870ebf10793a27be28893cadca775fa295d9eb003b8aa02ad498f9ec206ca350a756a2dd88d8bd74fc01846142deb80abd70ba09b166f386daa618d3dc7511db656d7e638f8adb7fbcb7269b6d1a00145ed96967876ced52d2ce9fd0185f9b50d13374e7bfea84d85d4718bb1385e64084dca9f4b3c735f383376eb92b727f91174e9466a53a6358d8f5a59a722c4117a65aa0c435db0b97c6f3b3001151c8e4177b1b2e1b68dad78fe81c7b9fb1459b4bf7318cfcdcc33d62f5f086c7d77e7293985b25a58141bef6adceee6b9d72d8781855c62f0\n#TRUST-RSA-SHA256 850a57795faee819cf9b4b4c46b2b33cd9e6fba714b323ada0a430460e59d64668f15c50fb0c901580e432cd0e9641422c1a7a7b0469596f7bbbba6f1d562028fb496ea5f7c93bc08b51328a5fc9cea9f5853684ecd242155b31d997913cfca980aa6a011409b255bff01427d20e8693a90fa32bdeabcf209c384283c0bc15a40c8850fd2552a8b52e87823517dd924cdc3897e032506edee8a82a6f0cdd0826efca94c27f7aa16fd3ab5129dd84227a2b3e176f4201a94373cac43620c20966c6a6950cedb12f39b0264c3f04760ec4b574476ed20f753e0d7a7c176850d596720ba42f11e9122ebdabe332059e01a2f7eeb327557e2e118ba6d369145f89d864e264f9f63bfc1566b1ec4d4864af074584e67a0201b06459c4fb9b5e155d4136c784be0f91ed887dc1f8e4d5dceb108e09d505c472ddc5512b54f7eb430d19d7533cb09e0b3628a85a5f263efcca82241c5eb4eb29597da9ca0106f807b9c0834e4b1e3a350170322a507f1b52ed106af3f2dc6f60cdb55a08e97ccfef0bb91528e484001de3e22514b43765fb16800a50123f8fc2a27b9bef3f80f198912244b70487e2635584c830d9edf54c0dde12d390bf393d4c9449f452075a6229e4c134c92a10abc4b24c48a378adc8c1a9045798791a6961cbe9284a463cbf58f8e008bce6bba5173c51aec14df56a90fc6caf13966bb775ed0dcb5ae98ad40fef\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(62594);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\n \"CVE-2012-1531\",\n \"CVE-2012-1532\",\n \"CVE-2012-1533\",\n \"CVE-2012-3143\",\n \"CVE-2012-3159\",\n \"CVE-2012-3216\",\n \"CVE-2012-4416\",\n \"CVE-2012-5068\",\n \"CVE-2012-5069\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5075\",\n \"CVE-2012-5077\",\n \"CVE-2012-5079\",\n \"CVE-2012-5081\",\n \"CVE-2012-5083\",\n \"CVE-2012-5084\",\n \"CVE-2012-5086\",\n \"CVE-2012-5089\"\n );\n script_bugtraq_id(\n 55501,\n 56025,\n 56033,\n 56039,\n 56046,\n 56051,\n 56055,\n 56058,\n 56059,\n 56061,\n 56063,\n 56065,\n 56071,\n 56072,\n 56075,\n 56076,\n 56080,\n 56081,\n 56083\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2012-10-16-1\");\n\n script_name(english:\"Mac OS X : Java for Mac OS X 10.6 Update 11\");\n script_summary(english:\"Checks version of the JavaVM framework\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Mac OS X host has a version of Java for Mac OS X 10.6 that\nis missing Update 11, which updates the Java version to 1.6.0_37. It\nis, therefore, affected by several security vulnerabilities, the most\nserious of which may allow an untrusted Java applet to execute arbitrary\ncode with the privileges of the current user outside the Java sandbox.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5549\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Oct/msg00001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2012/Oct/88\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to Java for Mac OS X 10.6 Update 11, which includes version\n13.8.5 of the JavaVM Framework.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Double Quote Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:java_1.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2023 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nenable_ssh_wrappers();\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.6([^0-9]|$)\", string:os)) \n audit(AUDIT_OS_NOT, \"Mac OS X 10.6\");\n\n\nplist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\ncmd = \n 'plutil -convert xml1 -o - \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleVersion | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec_cmd(cmd:cmd);\nif (!strlen(version)) exit(1, \"Failed to get the version of the JavaVM Framework.\");\n\nversion = chomp(version);\nif (!ereg(pattern:\"^[0-9]+\\.\", string:version)) exit(1, \"The JavaVM Framework version does not appear to be numeric (\"+version+\").\");\n\nfixed_version = \"13.8.5\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n Framework : JavaVM' +\n '\\n Installed version : ' + version + \n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"JavaVM Framework\", version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:50:51", "description": "The remote Mac OS X 10.7 or 10.8 host has a Java runtime that is missing the Java for OS X 2012-006 update, which updates the Java version to 1.6.0_37. It is, therefore, affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.", "cvss3": {}, "published": "2012-10-17T00:00:00", "type": "nessus", "title": "Mac OS X : Java for OS X 2012-006", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2023-11-27T00:00:00", "cpe": ["cpe:/a:apple:java_1.6"], "id": "MACOSX_JAVA_2012-006.NASL", "href": "https://www.tenable.com/plugins/nessus/62595", "sourceData": "#TRUSTED 039dba87dd6d2143b49d614ba46219f61684b460c2d77aa20f3ce4f94cac8ef32def5288ee9349e795cf46b4d738ccc2f2c8cde75bb7fc74ab1d0a48eb37d2754c2a2b317616204e4211f757909b3405cf2145722a5009e2908133f8d5495da8c3f4af93b46811c901f758995ceee7c44349a99142772578354c23178e1f511d6d159817e9b54caeda3999acfb32896719319500dd052c923be8d44aa74a4dfa4bc9f882615aeb9aab72ceb6c204f7457c36e0b69247f12f7572b4c2ee43fe40e5d794622a52f3312152211c6aa1ff5e1c8d52bfd35866f2b5b8c44764cff16303f4de74514cad59f183cbc85a6720110287d3b3a5051cadaedf3ca5eb6e98bfd43e13962e79a68b33b1c7d561c2cd1edc9aec219332be7f5ac6ee04b57338ff0242886b2c6bbb6a2120c2b0766e3a61930709b8e05230dfe0d1fa240a56700a1e4c7be3d9c24bb08134b6c87ae914fc88a920fa9b3610ebef9c9e331a2d30fdf8c620dd1fbc4be1725697e88f3db6d6dd89cb4155e8b60ea4811968e08480560817b5de4e7b4dc0771ac4eefae642ce107b15ba353e93ef6f7b997479e0f8638507dd81fa32baed94d47cee8ed731885f8668e20b6d06a6ca99833b49fb2c9b9db26b23970605d5311ce7ed91173674705cd3bad6b9ef8bf4b6fe55a9da03543b30646c0cd056e47bfd36864289f57d70a8563519045b10e2f95d3255840ebc\n#TRUST-RSA-SHA256 934fb5e4291c3deb785ac48d8b820eadcd66b625ac554010f98218e2e2f0e532fa62a7402fb7dfe8a5293afd8b0558ca1c0f19186e81592d0f3bd9f8923f46626853630cd21846a3a86d18bdeddeb7bf61a93625870c1ad9616c4860a226e9be5ea15ac7f612abe4eb22bff8a7ac3c0fda0e6ece75941516f2831d59f1513cf1786dd113bdbf6c4e7a5a0e87c9b29ebea56dfd0c1e94ab3497c4b5adfe974ff32630f2288baa0c0095fe5294759a2c7fd9aaad52f74018b352a349a5b62ae6564b6c2182e2f019a9018452358a643a0f8b7a30a5ba8bf969afdd7f53d2984d389b8e96fd9f6074c864601f7d14d3cb4442b7e1ceb50a38d4275553bf41f36a430dabcefab52b26c559666d6f8a5bfd2838d7a76c135be2caab441c1b8dc785da03455e620f6ac2a4a6793f0e2cef5de02b090bf0355c773c03a11d0cd5aeab60186938f7989e35e418c3bc30785bd0d4edea669589569357738d2bd9b69b61d427251eb7c42bae0e1b895d6f4a2064f055236a25479eb0c630bb351e81987a9289a90776892d9bf9db73e96270fe9cb4123d941791d770ed8e75850350a12a2e3b64c921758225ed7ed2d71a7e113b42559a823335bbc10b77198244e6e521b340ae52f76a245ddf881e975170c664d245fc546cf0b782a31c11b756f9bd5d78b747723933b5cd7793d049743a1dce1c07d05d40189e40a1e5a7c3a88a32c790\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(62595);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\n \"CVE-2012-1531\",\n \"CVE-2012-1532\",\n \"CVE-2012-1533\",\n \"CVE-2012-3143\",\n \"CVE-2012-3159\",\n \"CVE-2012-3216\",\n \"CVE-2012-4416\",\n \"CVE-2012-5068\",\n \"CVE-2012-5069\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5075\",\n \"CVE-2012-5077\",\n \"CVE-2012-5079\",\n \"CVE-2012-5081\",\n \"CVE-2012-5083\",\n \"CVE-2012-5084\",\n \"CVE-2012-5086\",\n \"CVE-2012-5089\"\n );\n script_bugtraq_id(\n 55501,\n 56025,\n 56033,\n 56039,\n 56046,\n 56051,\n 56055,\n 56058,\n 56059,\n 56061,\n 56063,\n 56065,\n 56071,\n 56072,\n 56075,\n 56076,\n 56080,\n 56081,\n 56083\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2012-10-16-1\");\n\n script_name(english:\"Mac OS X : Java for OS X 2012-006\");\n script_summary(english:\"Checks version of the JavaVM framework\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Mac OS X 10.7 or 10.8 host has a Java runtime that is\nmissing the Java for OS X 2012-006 update, which updates the Java\nversion to 1.6.0_37. It is, therefore, affected by several security\nvulnerabilities, the most serious of which may allow an untrusted Java\napplet to execute arbitrary code with the privileges of the current user\noutside the Java sandbox.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5549\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Oct/msg00001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2012/Oct/88\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Apply the Java for OS X 2012-006 update, which includes version\n14.5.0 of the JavaVM Framework.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Double Quote Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:java_1.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2023 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nenable_ssh_wrappers();\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.[78]([^0-9]|$)\", string:os)) \n audit(AUDIT_OS_NOT, \"Mac OS X 10.7 / 10.8\");\n\ncmd = 'ls /System/Library/Java';\nresults = exec_cmd(cmd:cmd);\nif (isnull(results)) exit(1, \"Unable to determine if the Java runtime is installed.\");\n\nif ('JavaVirtualMachines' >!< results) audit(AUDIT_NOT_INST, \"Java for OS X\");\n\n\nplist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\ncmd = \n 'plutil -convert xml1 -o - \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleVersion | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec_cmd(cmd:cmd);\nif (!strlen(version)) exit(1, \"Failed to get the version of the JavaVM Framework.\");\n\nversion = chomp(version);\nif (!ereg(pattern:\"^[0-9]+\\.\", string:version)) exit(1, \"The JavaVM Framework version does not appear to be numeric (\"+version+\").\");\n\nfixed_version = \"14.5.0\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n Framework : JavaVM' +\n '\\n Installed version : ' + version + \n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"JavaVM Framework\", version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:16:08", "description": "Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068 , CVE-2012-5071 , CVE-2012-5069 , CVE-2012-5073 , CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)", "cvss3": {}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-136) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2019-10-16T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.6.0-openjdk", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-136.NASL", "href": "https://www.tenable.com/plugins/nessus/69626", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-136.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69626);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/16 10:34:21\");\n\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5085\", \"CVE-2012-5086\");\n script_xref(name:\"ALAS\", value:\"2012-136\");\n script_xref(name:\"RHSA\", value:\"2012:1384\");\n\n script_name(english:\"Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-136) (ROBOT)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple improper permission check issues were discovered in the\nBeans, Swing, and JMX components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the\nScripting, JMX, Concurrency, Libraries, and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2012-5068 ,\nCVE-2012-5071 , CVE-2012-5069 , CVE-2012-5073 , CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an\ninstance of an incompatible class while performing provider lookup. An\nuntrusted Java application or applet could use this flaw to bypass\ncertain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker\ncould possibly use this flaw to cause an SSL/TLS server to terminate\nwith an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform\ncertain actions in an insecure manner. An untrusted Java application\nor applet could possibly use this flaw to disclose sensitive\ninformation. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could\ncause it to not perform array initialization in certain cases. An\nuntrusted Java application or applet could use this flaw to disclose\nportions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java\napplication or applet could possibly use this flaw to disclose\nsensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the\nhash code of the canonicalized path name. An untrusted Java\napplication or applet could possibly use this flaw to determine\ncertain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package\nby default. Gopher support can be enabled by setting the newly\nintroduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-136.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.6.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-1.6.0.0-53.1.11.5.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-53.1.11.5.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-53.1.11.5.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-53.1.11.5.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-53.1.11.5.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-53.1.11.5.47.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T14:56:35", "description": "From Red Hat Security Advisory 2012:1384 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.5.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2012-1384) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-1384.NASL", "href": "https://www.tenable.com/plugins/nessus/68644", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1384 and \n# Oracle Linux Security Advisory ELSA-2012-1384 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68644);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n script_bugtraq_id(55501, 56039, 56058, 56059, 56063, 56065, 56071, 56075, 56076, 56080, 56081, 56082, 56083);\n script_xref(name:\"RHSA\", value:\"2012:1384\");\n\n script_name(english:\"Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2012-1384) (ROBOT)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1384 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the\nBeans, Swing, and JMX components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the\nScripting, JMX, Concurrency, Libraries, and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2012-5068,\nCVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an\ninstance of an incompatible class while performing provider lookup. An\nuntrusted Java application or applet could use this flaw to bypass\ncertain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker\ncould possibly use this flaw to cause an SSL/TLS server to terminate\nwith an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform\ncertain actions in an insecure manner. An untrusted Java application\nor applet could possibly use this flaw to disclose sensitive\ninformation. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could\ncause it to not perform array initialization in certain cases. An\nuntrusted Java application or applet could use this flaw to disclose\nportions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java\napplication or applet could possibly use this flaw to disclose\nsensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the\nhash code of the canonicalized path name. An untrusted Java\napplication or applet could possibly use this flaw to determine\ncertain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package\nby default. Gopher support can be enabled by setting the newly\nintroduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.5.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-October/003087.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.50.1.11.5.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T15:02:17", "description": "Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068 , CVE-2012-5071 , CVE-2012-5069 , CVE-2012-5073 , CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)", "cvss3": {}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2012-137) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2019-10-16T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.7.0-openjdk", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-137.NASL", "href": "https://www.tenable.com/plugins/nessus/69627", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-137.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69627);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/16 10:34:21\");\n\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5085\", \"CVE-2012-5086\");\n script_xref(name:\"ALAS\", value:\"2012-137\");\n script_xref(name:\"RHSA\", value:\"2012:1384\");\n\n script_name(english:\"Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2012-137) (ROBOT)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple improper permission check issues were discovered in the\nBeans, Swing, and JMX components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the\nScripting, JMX, Concurrency, Libraries, and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2012-5068 ,\nCVE-2012-5071 , CVE-2012-5069 , CVE-2012-5073 , CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an\ninstance of an incompatible class while performing provider lookup. An\nuntrusted Java application or applet could use this flaw to bypass\ncertain Java sandbox restrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker\ncould possibly use this flaw to cause an SSL/TLS server to terminate\nwith an exception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform\ncertain actions in an insecure manner. An untrusted Java application\nor applet could possibly use this flaw to disclose sensitive\ninformation. (CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could\ncause it to not perform array initialization in certain cases. An\nuntrusted Java application or applet could use this flaw to disclose\nportions of the virtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java\napplication or applet could possibly use this flaw to disclose\nsensitive information. (CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the\nhash code of the canonicalized path name. An untrusted Java\napplication or applet could possibly use this flaw to determine\ncertain system paths, such as the current working directory.\n(CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package\nby default. Gopher support can be enabled by setting the newly\nintroduced property, 'jdk.net.registerGopherProtocol', to true.\n(CVE-2012-5085)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-137.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.7.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-1.7.0.9-2.3.3.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.3.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-src-1.7.0.9-2.3.3.13.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:56:32", "description": "IBM Java 1.5.0 has been updated to SR15 which fixes bugs and security issues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nCVEs fixed: CVE-2012-3216, CVE-2012-3143, CVE-2012-5073, CVE-2012-5075, CVE-2012-5083, CVE-2012-5083, CVE-2012-1531, CVE-2012-5081, CVE-2012-5069, CVE-2012-5071, CVE-2012-5084, CVE-2012-5079, CVE-2012-5089\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLED10 / SLES10 Security Update : IBM Java 1.5.0 (SUSE-SU-2012:1489-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-3143", "CVE-2012-3216", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5089"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_5_0-ibm", "p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-demo", "p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-fonts", "p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-plugin", "p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-src", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2012-1489-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83566", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2012:1489-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83566);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1531\", \"CVE-2012-3143\", \"CVE-2012-3216\", \"CVE-2012-5071\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5083\", \"CVE-2012-5084\");\n script_bugtraq_id(56025, 56033, 56055, 56059, 56061, 56063, 56065, 56071, 56075, 56080, 56081, 56082);\n\n script_name(english:\"SUSE SLED10 / SLES10 Security Update : IBM Java 1.5.0 (SUSE-SU-2012:1489-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.5.0 has been updated to SR15 which fixes bugs and security\nissues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nCVEs fixed: CVE-2012-3216, CVE-2012-3143, CVE-2012-5073,\nCVE-2012-5075, CVE-2012-5083, CVE-2012-5083, CVE-2012-1531,\nCVE-2012-5081, CVE-2012-5069, CVE-2012-5071, CVE-2012-5084,\nCVE-2012-5079, CVE-2012-5089\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=bb56b08850390b907db4d458f187e204\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be03c147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/788750\"\n );\n # https://www.suse.com/support/update/announcement/2012/suse-su-20121489-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?212bcc4f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected IBM Java 1.5.0 packages\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_5_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED10|SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED10 / SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED10\" && (! ereg(pattern:\"^4$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED10 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES10\" && (! ereg(pattern:\"^4$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-demo-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-fonts-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-src-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"java-1_5_0-ibm-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"java-1_5_0-ibm-demo-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"java-1_5_0-ibm-devel-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"java-1_5_0-ibm-fonts-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"java-1_5_0-ibm-src-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"java-1_5_0-ibm-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"java-1_5_0-ibm-devel-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"java-1_5_0-ibm-fonts-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr15.0-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"IBM Java 1.5.0\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:51:46", "description": "Multiple security issues were identified and fixed in OpenJDK (icedtea6) :\n\n - S6631398, CVE-2012-3216: FilePermission improved path checking\n\n - S7093490: adjust package access in rmiregistry\n\n - S7143535, CVE-2012-5068: ScriptEngine corrected permissions\n\n - S7167656, CVE-2012-5077: Multiple Seeders are being created\n\n - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types\n\n - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector\n\n - S7172522, CVE-2012-5072: Improve DomainCombiner checking\n\n - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC\n\n - S7189103, CVE-2012-5069: Executors needs to maintain state\n\n - S7189490: More improvements to DomainCombiner checking\n\n - S7189567, CVE-2012-5085: java net obselete protocol\n\n - S7192975, CVE-2012-5071: Conditional usage check is wrong\n\n - S7195194, CVE-2012-5084: Better data validation for Swing\n\n - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved\n\n - S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance\n\n - S7198296, CVE-2012-5089: Refactor classloader usage\n\n - S7158800: Improve storage of symbol tables\n\n - S7158801: Improve VM CompileOnly option\n\n - S7158804: Improve config file parsing\n\n - S7176337: Additional changes needed for 7158801 fix\n\n - S7198606, CVE-2012-4416: Improve VM optimization\n\nThe updated packages provides icedtea6-1.11.5 which is not vulnerable to these issues.", "cvss3": {}, "published": "2012-11-02T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:169)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089", "CVE-2012-5979"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:java-1.6.0-openjdk", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2012-169.NASL", "href": "https://www.tenable.com/plugins/nessus/62794", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:169. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62794);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n script_bugtraq_id(55501, 56039, 56058, 56059, 56061, 56063, 56065, 56067, 56071, 56075, 56076, 56080, 56081, 56083);\n script_xref(name:\"MDVSA\", value:\"2012:169\");\n\n script_name(english:\"Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:169)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were identified and fixed in OpenJDK\n(icedtea6) :\n\n - S6631398, CVE-2012-3216: FilePermission improved path\n checking\n\n - S7093490: adjust package access in rmiregistry\n\n - S7143535, CVE-2012-5068: ScriptEngine corrected\n permissions\n\n - S7167656, CVE-2012-5077: Multiple Seeders are being\n created\n\n - S7169884, CVE-2012-5073: LogManager checks do not work\n correctly for sub-types\n\n - S7169888, CVE-2012-5075: Narrowing resource definitions\n in JMX RMI connector\n\n - S7172522, CVE-2012-5072: Improve DomainCombiner checking\n\n - S7186286, CVE-2012-5081: TLS implementation to better\n adhere to RFC\n\n - S7189103, CVE-2012-5069: Executors needs to maintain\n state\n\n - S7189490: More improvements to DomainCombiner checking\n\n - S7189567, CVE-2012-5085: java net obselete protocol\n\n - S7192975, CVE-2012-5071: Conditional usage check is\n wrong\n\n - S7195194, CVE-2012-5084: Better data validation for\n Swing\n\n - S7195917, CVE-2012-5086: XMLDecoder parsing at\n close-time should be improved\n\n - S7195919, CVE-2012-5979: (sl) ServiceLoader can throw\n CCE without needing to create instance\n\n - S7198296, CVE-2012-5089: Refactor classloader usage\n\n - S7158800: Improve storage of symbol tables\n\n - S7158801: Improve VM CompileOnly option\n\n - S7158804: Improve config file parsing\n\n - S7176337: Additional changes needed for 7158801 fix\n\n - S7198606, CVE-2012-4416: Improve VM optimization\n\nThe updated packages provides icedtea6-1.11.5 which is not vulnerable\nto these issues.\"\n );\n # http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-October/020556.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8ee15afe\"\n );\n # http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0eb44d4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", reference:\"java-1.6.0-openjdk-1.6.0.0-35.b24.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-35.b24.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-35.b24.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-35.b24.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:11:21", "description": "IBM Java 1.5.0 has been updated to SR15 which fixes bugs and security issues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nCVE-2012-3216 / CVE-2012-3143 / CVE-2012-5073 / CVE-2012-5075 / CVE-2012-5083 / CVE-2012-5083 / CVE-2012-1531 / CVE-2012-5081 / CVE-2012-5069 / CVE-2012-5071 / CVE-2012-5084 / CVE-2012-5079 / CVE-2012-5089", "cvss3": {}, "published": "2012-11-19T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 8362) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-3143", "CVE-2012-3216", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5089"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_5_0-IBM-8362.NASL", "href": "https://www.tenable.com/plugins/nessus/62962", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62962);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1531\", \"CVE-2012-3143\", \"CVE-2012-3216\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5083\", \"CVE-2012-5084\", \"CVE-2012-5089\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 8362) (ROBOT)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.5.0 has been updated to SR15 which fixes bugs and security\nissues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nCVE-2012-3216 / CVE-2012-3143 / CVE-2012-5073 / CVE-2012-5075 /\nCVE-2012-5083 / CVE-2012-5083 / CVE-2012-1531 / CVE-2012-5081 /\nCVE-2012-5069 / CVE-2012-5071 / CVE-2012-5084 / CVE-2012-5079 /\nCVE-2012-5089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1531.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3143.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3216.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5071.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5079.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5084.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5089.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8362.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-demo-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-devel-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-src-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_5_0-ibm-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_5_0-ibm-devel-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr15.0-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:51:17", "description": "Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1718, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823, CVE-2012-5067, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089)\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR3 release. All running instances of IBM Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-11-16T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.7.0-ibm (RHSA-2012:1467) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3544", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-1718", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4820", "CVE-2012-4821", "CVE-2012-4822", "CVE-2012-4823", "CVE-2012-5067", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089", "CVE-2013-1475"], "modified": "2022-03-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-src", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.3"], "id": "REDHAT-RHSA-2012-1467.NASL", "href": "https://www.tenable.com/plugins/nessus/62932", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1467. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62932);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2011-3544\",\n \"CVE-2012-1531\",\n \"CVE-2012-1532\",\n \"CVE-2012-1533\",\n \"CVE-2012-1718\",\n \"CVE-2012-3143\",\n \"CVE-2012-3159\",\n \"CVE-2012-3216\",\n \"CVE-2012-4820\",\n \"CVE-2012-4821\",\n \"CVE-2012-4822\",\n \"CVE-2012-4823\",\n \"CVE-2012-5067\",\n \"CVE-2012-5069\",\n \"CVE-2012-5070\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5074\",\n \"CVE-2012-5075\",\n \"CVE-2012-5076\",\n \"CVE-2012-5077\",\n \"CVE-2012-5079\",\n \"CVE-2012-5081\",\n \"CVE-2012-5083\",\n \"CVE-2012-5084\",\n \"CVE-2012-5086\",\n \"CVE-2012-5087\",\n \"CVE-2012-5088\",\n \"CVE-2012-5089\",\n \"CVE-2013-1475\"\n );\n script_bugtraq_id(\n 53951,\n 55336,\n 55339,\n 55495,\n 56025,\n 56033,\n 56039,\n 56043,\n 56046,\n 56051,\n 56054,\n 56055,\n 56056,\n 56057,\n 56058,\n 56059,\n 56061,\n 56063,\n 56065,\n 56070,\n 56071,\n 56072,\n 56075,\n 56079,\n 56080,\n 56081,\n 56082,\n 56083\n );\n script_xref(name:\"RHSA\", value:\"2012:1467\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"RHEL 6 : java-1.7.0-ibm (RHSA-2012:1467) (ROBOT)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated java-1.7.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM Java SE version 7 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2012-1531, CVE-2012-1532,\nCVE-2012-1533, CVE-2012-1718, CVE-2012-3143, CVE-2012-3159,\nCVE-2012-3216, CVE-2012-4820, CVE-2012-4821, CVE-2012-4822,\nCVE-2012-4823, CVE-2012-5067, CVE-2012-5069, CVE-2012-5070,\nCVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074,\nCVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079,\nCVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086,\nCVE-2012-5087, CVE-2012-5088, CVE-2012-5089)\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR3 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2012:1467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2011-3544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-1718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5084\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5081\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-3216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-3159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-3143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-1531\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-1533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-1532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5088\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-5076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-4820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-4822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-4823\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-4821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2013-1475\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1475\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1467\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-ibm-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.0-ibm-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-ibm-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-ibm-demo-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.0-ibm-demo-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-ibm-demo-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-ibm-devel-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.0-ibm-devel-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-ibm-devel-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-ibm-jdbc-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.0-ibm-jdbc-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-ibm-jdbc-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-ibm-plugin-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-ibm-plugin-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-ibm-src-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.0-ibm-src-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-ibm-src-1.7.0.3.0-1jpp.2.el6_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-ibm / java-1.7.0-ibm-demo / java-1.7.0-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:51:59", "description": "IBM Java 1.4.2 has been updated to SR13-FP14 which fixes bugs and security issues.\n\nMore information can be found on :\n\n[http://www.ibm.com/developerworks/java/jdk/alerts/)(http://www.ibm.co m/developerworks/java/jdk/alerts/)\n\nCVEs fixed: CVE-2012-3216 / CVE-2012-5073 / CVE-2012-5083 / CVE-2012-5083 / CVE-2012-1531 / CVE-2012-5081 / CVE-2012-5084 / CVE-2012-5079", "cvss3": {}, "published": "2012-11-19T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 8366) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-3216", "CVE-2012-5073", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_4_2-IBM-8366.NASL", "href": "https://www.tenable.com/plugins/nessus/62961", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62961);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1531\", \"CVE-2012-3216\", \"CVE-2012-5073\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5083\", \"CVE-2012-5084\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 8366) (ROBOT)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.4.2 has been updated to SR13-FP14 which fixes bugs and\nsecurity issues.\n\nMore information can be found on :\n\n[http://www.ibm.com/developerworks/java/jdk/alerts/)(http://www.ibm.co\nm/developerworks/java/jdk/alerts/)\n\nCVEs fixed: CVE-2012-3216 / CVE-2012-5073 / CVE-2012-5083 /\nCVE-2012-5083 / CVE-2012-1531 / CVE-2012-5081 / CVE-2012-5084 /\nCVE-2012-5079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1531.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3216.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5079.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5084.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8366.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_4_2-ibm-1.4.2_sr13.14-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_4_2-ibm-devel-1.4.2_sr13.14-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.14-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13.14-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T14:43:02", "description": "IBM Java 1.4.2 has been updated to SR13-FP14 which fixes bugs and security issues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nCVEs fixed: CVE-2012-3216 / CVE-2012-5073 / CVE-2012-5083 / CVE-2012-5083 / CVE-2012-1531 / CVE-2012-5081 / CVE-2012-5084 / CVE-2012-5079", "cvss3": {}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.2 Security Update : IBM Java 1.4.2 (SAT Patch Number 7043)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-3216", "CVE-2012-5073", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_4_2-IBM-121113.NASL", "href": "https://www.tenable.com/plugins/nessus/64163", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64163);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1531\", \"CVE-2012-3216\", \"CVE-2012-5073\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5083\", \"CVE-2012-5084\");\n\n script_name(english:\"SuSE 11.2 Security Update : IBM Java 1.4.2 (SAT Patch Number 7043)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.4.2 has been updated to SR13-FP14 which fixes bugs and\nsecurity issues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nCVEs fixed: CVE-2012-3216 / CVE-2012-5073 / CVE-2012-5083 /\nCVE-2012-5083 / CVE-2012-1531 / CVE-2012-5081 / CVE-2012-5084 /\nCVE-2012-5079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=758651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=788750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1531.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3216.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5079.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5084.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7043.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"java-1_4_2-ibm-1.4.2_sr13.14-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.14-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13.14-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:51:20", "description": "Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-0547, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1682, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR12 release. All running instances of IBM Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-11-16T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:1466) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0547", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-1682", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4820", "CVE-2012-4822", "CVE-2012-4823", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5089", "CVE-2013-1475"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.3"], "id": "REDHAT-RHSA-2012-1466.NASL", "href": "https://www.tenable.com/plugins/nessus/62931", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1466. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62931);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1531\", \"CVE-2012-1532\", \"CVE-2012-1533\", \"CVE-2012-1682\", \"CVE-2012-3143\", \"CVE-2012-3159\", \"CVE-2012-3216\", \"CVE-2012-4820\", \"CVE-2012-4822\", \"CVE-2012-4823\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5083\", \"CVE-2012-5084\", \"CVE-2012-5089\", \"CVE-2013-1475\");\n script_bugtraq_id(53951, 55336, 55339, 55495, 56025, 56033, 56039, 56043, 56046, 56051, 56054, 56055, 56056, 56057, 56058, 56059, 56061, 56063, 56065, 56070, 56071, 56072, 56075, 56079, 56080, 56081, 56082, 56083);\n script_xref(name:\"RHSA\", value:\"2012:1466\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:1466) (ROBOT)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM Java SE version 6 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2012-0547, CVE-2012-1531,\nCVE-2012-1532, CVE-2012-1533, CVE-2012-1682, CVE-2012-3143,\nCVE-2012-3159, CVE-2012-3216, CVE-2012-4820, CVE-2012-4822,\nCVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071,\nCVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,\nCVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 6 SR12 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\"\n );\n # https://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1475\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Double Quote Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1466\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.12.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.12.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.12.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:01:20", "description": "IBM Java 1.4.2 has been updated to SR13-FP14 which fixes bugs and security issues.\n\nMore information can be found on :\n\n[http://www.ibm.com/developerworks/java/jdk/alerts/)(http:// www.ibm.com/developerworks/java/jdk/alerts/)\n\nCVEs fixed:\nCVE-2012-3216,CVE-2012-5073,CVE-2012-5083,CVE-2012-5083,CVE- 2012-1531,CVE-2012-5081,CVE-2012-5084,CVE-2012-5079\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLES10 / SLES11 Security Update : IBM Java 1.4.2 (SUSE-SU-2012:1490-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3216", "CVE-2012-5073", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_4_2-ibm", "p-cpe:/a:novell:suse_linux:java-1_4_2-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_4_2-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_4_2-ibm-plugin", "cpe:/o:novell:suse_linux:10", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2012-1490-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83568", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2012:1490-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83568);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-5073\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5083\", \"CVE-2012-5084\");\n script_bugtraq_id(56025, 56033, 56063, 56071, 56075, 56080, 56082);\n\n script_name(english:\"SUSE SLES10 / SLES11 Security Update : IBM Java 1.4.2 (SUSE-SU-2012:1490-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.4.2 has been updated to SR13-FP14 which fixes bugs and\nsecurity issues.\n\nMore information can be found on :\n\n[http://www.ibm.com/developerworks/java/jdk/alerts/)(http://\nwww.ibm.com/developerworks/java/jdk/alerts/)\n\nCVEs fixed:\nCVE-2012-3216,CVE-2012-5073,CVE-2012-5083,CVE-2012-5083,CVE-\n2012-1531,CVE-2012-5081,CVE-2012-5084,CVE-2012-5079\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=a01a06d8f691fbd19a4c84cccb9cd2f1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dbbe2f07\"\n );\n # http://download.suse.com/patch/finder/?keywords=cc64f4b8f8231d78d335786a3fa84851\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?baa6ad07\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/758651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/788750\"\n );\n # https://www.suse.com/support/update/announcement/2012/suse-su-20121490-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2ea7cc6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11 SP2 :\n\nzypper in -t patch sdksp2-java-1_4_2-ibm-7043\n\nSUSE Linux Enterprise Server 11 SP2 for VMware :\n\nzypper in -t patch slessp2-java-1_4_2-ibm-7043\n\nSUSE Linux Enterprise Server 11 SP2 :\n\nzypper in -t patch slessp2-java-1_4_2-ibm-7043\n\nSUSE Linux Enterprise Java 11 SP2 :\n\nzypper in -t patch slejsp2-java-1_4_2-ibm-7043\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_4_2-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_4_2-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_4_2-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_4_2-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES10|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^2$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES10\" && (! ereg(pattern:\"^4$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.14-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13.14-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"java-1_4_2-ibm-1.4.2_sr13.14-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.14-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13.14-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.14-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13.14-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"java-1_4_2-ibm-1.4.2_sr13.14-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"java-1_4_2-ibm-devel-1.4.2_sr13.14-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.14-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"i586\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13.14-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"IBM Java 1.4.2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:11:46", "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-1531, CVE-2012-3143, CVE-2012-3216, CVE-2012-4820, CVE-2012-4822, CVE-2012-5069, CVE-2012-5071, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR15 release. All running instances of IBM Java must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-11-16T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2012:1465) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-3143", "CVE-2012-3216", "CVE-2012-4820", "CVE-2012-4822", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5089", "CVE-2013-1475"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.3"], "id": "REDHAT-RHSA-2012-1465.NASL", "href": "https://www.tenable.com/plugins/nessus/62930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1465. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62930);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1531\", \"CVE-2012-3143\", \"CVE-2012-3216\", \"CVE-2012-4820\", \"CVE-2012-4822\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5083\", \"CVE-2012-5084\", \"CVE-2012-5089\", \"CVE-2013-1475\");\n script_bugtraq_id(53951, 55336, 55339, 55495, 56025, 56033, 56039, 56043, 56046, 56051, 56054, 56055, 56056, 56057, 56058, 56059, 56061, 56063, 56065, 56070, 56071, 56072, 56075, 56079, 56080, 56081, 56082, 56083);\n script_xref(name:\"RHSA\", value:\"2012:1465\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2012:1465) (ROBOT)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2012-1531, CVE-2012-3143,\nCVE-2012-3216, CVE-2012-4820, CVE-2012-4822, CVE-2012-5069,\nCVE-2012-5071, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,\nCVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR15 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n # https://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1475\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1465\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-1.5.0.15.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.15.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.15.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.15.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-demo-1.5.0.15.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-devel-1.5.0.15.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.15.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.15.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.15.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.15.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.15.0-1jpp.1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-src-1.5.0.15.0-1jpp.1.el5_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.15.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.15.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.15.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.15.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.15.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.15.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.15.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.15.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.15.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.15.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.15.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.15.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.15.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.15.0-1jpp.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.15.0-1jpp.1.el6_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T14:42:54", "description": "Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. This is the last update of these packages for Red Hat Enterprise Linux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-1531, CVE-2012-3216, CVE-2012-4820, CVE-2012-4822, CVE-2012-5073, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084)\n\nThis is the last update of the java-1.4.2-ibm packages in Red Hat Enterprise Linux 5 Supplementary. Customers are advised to migrate to later versions of Java at this time. More current versions of IBM Java SE continue to be available via the Red Hat Enterprise Linux 5 Supplementary channel. Customers should also consider OpenJDK which is the default Java development and runtime environment in Red Hat Enterprise Linux. In cases where it is not feasible to move to a later version of supported Java, customers are advised to contact IBM to evaluate other options.\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM J2SE 1.4.2 SR13-FP14 release. All running instances of IBM Java must be restarted for this update to take effect", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : java-1.4.2-ibm (RHSA-2012:1485) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-3216", "CVE-2012-4820", "CVE-2012-4822", "CVE-2012-5073", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2013-1475"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-src", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2012-1485.NASL", "href": "https://www.tenable.com/plugins/nessus/64063", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1485. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64063);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1531\", \"CVE-2012-3216\", \"CVE-2012-4820\", \"CVE-2012-4822\", \"CVE-2012-5073\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5083\", \"CVE-2012-5084\", \"CVE-2013-1475\");\n script_bugtraq_id(55495, 56025, 56033, 56063, 56071, 56075, 56080, 56082);\n script_xref(name:\"RHSA\", value:\"2012:1485\");\n\n script_name(english:\"RHEL 5 : java-1.4.2-ibm (RHSA-2012:1485) (ROBOT)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.4.2-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 Supplementary. This is\nthe last update of these packages for Red Hat Enterprise Linux 5\nSupplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2012-1531, CVE-2012-3216,\nCVE-2012-4820, CVE-2012-4822, CVE-2012-5073, CVE-2012-5079,\nCVE-2012-5081, CVE-2012-5083, CVE-2012-5084)\n\nThis is the last update of the java-1.4.2-ibm packages in Red Hat\nEnterprise Linux 5 Supplementary. Customers are advised to migrate to\nlater versions of Java at this time. More current versions of IBM Java\nSE continue to be available via the Red Hat Enterprise Linux 5\nSupplementary channel. Customers should also consider OpenJDK which is\nthe default Java development and runtime environment in Red Hat\nEnterprise Linux. In cases where it is not feasible to move to a later\nversion of supported Java, customers are advised to contact IBM to\nevaluate other options.\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM J2SE 1.4.2 SR13-FP14 release. All\nrunning instances of IBM Java must be restarted for this update to\ntake effect\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1475\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1485\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-1.4.2.13.14-1jpp.1.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-demo-1.4.2.13.14-1jpp.1.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-devel-1.4.2.13.14-1jpp.1.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.14-1jpp.1.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.14-1jpp.1.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.14-1jpp.1.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.14-1jpp.1.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-plugin-1.4.2.13.14-1jpp.1.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-src-1.4.2.13.14-1jpp.1.el5_8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.4.2-ibm / java-1.4.2-ibm-demo / java-1.4.2-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T15:51:10", "description": "The remote host has a version of Oracle JRockit that is affected by multiple vulnerabilities that could allow a remote attacker to execute arbitrary code via unspecified vectors.", "cvss3": {}, "published": "2014-07-18T00:00:00", "type": "nessus", "title": "Oracle JRockit R27 < R27.7.4.5 / R28 < R28.2.5.20 Multiple Vulnerabilities (October 2012 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1531", "CVE-2012-3202", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5085"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:oracle:jrockit"], "id": "ORACLE_JROCKIT_CPU_OCT_2012.NASL", "href": "https://www.tenable.com/plugins/nessus/76590", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76590);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2012-1531\",\n \"CVE-2012-3202\",\n \"CVE-2012-5081\",\n \"CVE-2012-5083\",\n \"CVE-2012-5085\"\n );\n script_bugtraq_id(56025, 56033, 56050, 56067, 56071);\n\n script_name(english:\"Oracle JRockit R27 < R27.7.4.5 / R28 < R28.2.5.20 Multiple Vulnerabilities (October 2012 CPU)\");\n script_summary(english:\"Checks version of jvm.dll\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a programming platform that is\npotentially affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of Oracle JRockit that is affected by\nmultiple vulnerabilities that could allow a remote attacker to execute\narbitrary code via unspecified vectors.\");\n # https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87547c81\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to version R27.7.4.5 / R28.2.5.20 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jrockit\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"oracle_jrockit_installed.nasl\");\n script_require_keys(\"installed_sw/Oracle JRockit\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Oracle JRockit\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\ninstall = get_single_install(app_name:app);\nver = install['version'];\ntype = install['type'];\npath = install['path'];\n\n# 26 and below may not be supported, may not be affected --\n# it's not listed as affected so we do not check it.\nif (ver_compare(ver:ver, fix:\"27\", strict:FALSE) < 0) audit(AUDIT_INST_VER_NOT_VULN, app);\n\nif (ver_compare(ver:ver, fix:\"28\", strict:FALSE) < 0)\n{\n compare = \"27.7.4\";\n fix = \"27.7.4.5\";\n}\nelse\n{\n compare = \"28.2.5\";\n fix = \"28.2.5.20\";\n}\n\nif (ver_compare(ver:ver, fix:compare, strict:FALSE) >= 0) audit(AUDIT_INST_VER_NOT_VULN, app);\n\n# The DLL we're looking at is a level deeper in the JDK, since it\n# keeps a subset of the JRE in a subdirectory.\nif (type == \"JDK\") path += \"\\jre\";\n\npath += \"\\bin\\jrockit\\jvm.dll\";\n\nreport =\n '\\n Type : ' + type +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\nif (report_verbosity > 0) security_hole(port:port, extra:report);\nelse security_hole(port);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T14:47:38", "description": "a. VMware vCenter, ESXi and ESX NFC protocol memory corruption vulnerability\n\n VMware vCenter Server, ESXi and ESX contain a vulnerability in the handling of the Network File Copy (NFC) protocol. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between vCenter Server and the client or ESXi/ESX and the client. Exploitation of the issue may lead to code execution.\n\n To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network\n\n VMware would like to thank Alex Chapman of Context Information Security for reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-1659 to this issue.\n\nb. VirtualCenter, ESX and ESXi Oracle (Sun) JRE update 1.5.0_38\n\n Oracle (Sun) JRE is updated to version 1.5.0_38, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. \n\n Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_38 in the Oracle Java SE Critical Patch Update Advisory of October 2012. \n\nc. Update to ESX service console OpenSSL RPM \n\n The service console OpenSSL RPM is updated to version openssl-0.9.7a.33.28.i686 to resolve multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue.", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "nessus", "title": "VMSA-2013-0003 : VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third-party library security issues.", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2013-1659"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.1", "cpe:/o:vmware:esxi:3.5", "cpe:/o:vmware:esxi:4.0", "cpe:/o:vmware:esxi:4.1", "cpe:/o:vmware:esxi:5.0", "cpe:/o:vmware:esxi:5.1", "cpe:/o:vmware:esx:3.5", "cpe:/o:vmware:esx:4.0"], "id": "VMWARE_VMSA-2013-0003.NASL", "href": "https://www.tenable.com/plugins/nessus/64812", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2013-0003. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64812);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2110\", \"CVE-2013-1659\");\n script_bugtraq_id(53158, 55501, 56025, 56033, 56039, 56043, 56046, 56051, 56054, 56055, 56056, 56057, 56058, 56059, 56061, 56063, 56065, 56066, 56067, 56068, 56070, 56071, 56072, 56075, 56076, 56078, 56079, 56080, 56081, 56082, 56083, 58115);\n script_xref(name:\"VMSA\", value:\"2013-0003\");\n\n script_name(english:\"VMSA-2013-0003 : VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third-party library security issues.\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. VMware vCenter, ESXi and ESX NFC protocol memory corruption\n vulnerability\n\n VMware vCenter Server, ESXi and ESX contain a vulnerability in the\n handling of the Network File Copy (NFC) protocol. To exploit this\n vulnerability, an attacker must intercept and modify the NFC \n traffic between vCenter Server and the client or ESXi/ESX and the\n client. Exploitation of the issue may lead to code execution.\n\n To reduce the likelihood of exploitation, vSphere components should\n be deployed on an isolated management network\n\n VMware would like to thank Alex Chapman of Context Information\n Security for reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2013-1659 to this issue.\n\nb. VirtualCenter, ESX and ESXi Oracle (Sun) JRE update 1.5.0_38\n\n Oracle (Sun) JRE is updated to version 1.5.0_38, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE. \n\n Oracle has documented the CVE identifiers that are addressed\n in JRE 1.5.0_38 in the Oracle Java SE Critical Patch Update\n Advisory of October 2012. \n\nc. Update to ESX service console OpenSSL RPM \n\n The service console OpenSSL RPM is updated to version \n openssl-0.9.7a.33.28.i686 to resolve multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2012-2110 to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2013/000205.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2013-02-21\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 3.5.0\", patch:\"ESX350-201302401-SG\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201302401-SG\",\n patch_updates : make_list(\"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201301401-SG\",\n patch_updates : make_list(\"ESX410-201304401-SG\", \"ESX410-201307401-SG\", \"ESX410-201312401-SG\", \"ESX410-201404401-SG\")\n )\n) flag++;\n\nif (esx_check(ver:\"ESXi 3.5.0\", patch:\"ESXe350-201302401-I-SG\")) flag++;\nif (esx_check(ver:\"ESXi 3.5.0\", patch:\"ESXe350-201302403-C-SG\")) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.0\",\n patch : \"ESXi400-201302401-SG\",\n patch_updates : make_list(\"ESXi400-201305401-SG\", \"ESXi400-201310401-SG\", \"ESXi400-201404401-SG\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.1\",\n patch : \"ESXi410-201301401-SG\",\n patch_updates : make_list(\"ESXi410-201304401-SG\", \"ESXi410-201307401-SG\", \"ESXi410-201312401-SG\", \"ESXi410-201404401-SG\")\n )\n) flag++;\n\nif (esx_check(ver:\"ESXi 5.0\", vib:\"VMware:tools-light:5.0.0-1.25.912577\")) flag++;\n\nif (esx_check(ver:\"ESXi 5.1\", vib:\"VMware:esx-base:5.1.0-0.8.911593\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2021-10-19T20:35:37", "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159,\nCVE-2012-3216, CVE-2012-4416, CVE-2012-5067, CVE-2012-5068, CVE-2012-5069,\nCVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074,\nCVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081,\nCVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087,\nCVE-2012-5088, CVE-2012-5089)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 9. All running instances of\nOracle Java must be restarted for the update to take effect.\n", "cvss3": {}, "published": "2012-10-18T00:00:00", "type": "redhat", "title": "(RHSA-2012:1391) Critical: java-1.7.0-oracle security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5067", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2018-06-07T05:04:20", "id": "RHSA-2012:1391", "href": "https://access.redhat.com/errata/RHSA-2012:1391", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T18:39:40", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans,\nSwing, and JMX components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the Scripting,\nJMX, Concurrency, Libraries, and Security components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\nCVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of\nan incompatible class while performing provider lookup. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker could\npossibly use this flaw to cause an SSL/TLS server to terminate with an\nexception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain\nactions in an insecure manner. An untrusted Java application or applet\ncould possibly use this flaw to disclose sensitive information.\n(CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it\nto not perform array initialization in certain cases. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nvirtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java application or\napplet could possibly use this flaw to disclose sensitive information.\n(CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash\ncode of the canonicalized path name. An untrusted Java application or\napplet could possibly use this flaw to determine certain system paths, such\nas the current working directory. (CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by\ndefault. Gopher support can be enabled by setting the newly introduced\nproperty, \"jdk.net.registerGopherProtocol\", to true. (CVE-2012-5085)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.5. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "cvss3": {}, "published": "2012-10-17T00:00:00", "type": "redhat", "title": "(RHSA-2012:1384) Critical: java-1.6.0-openjdk security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2018-06-06T16:24:27", "id": "RHSA-2012:1384", "href": "https://access.redhat.com/errata/RHSA-2012:1384", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T18:40:19", "description": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans,\nLibraries, Swing, and JMX components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084,\nCVE-2012-5089)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.org.glassfish packages. An untrusted Java application\nor applet could use these flaws to bypass Java sandbox restrictions. This\nupdate lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074)\n\nMultiple improper permission check issues were discovered in the Scripting,\nJMX, Concurrency, Libraries, and Security components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\nCVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of\nan incompatible class while performing provider lookup. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker could\npossibly use this flaw to cause an SSL/TLS server to terminate with an\nexception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain\nactions in an insecure manner. An untrusted Java application or applet\ncould possibly use these flaws to disclose sensitive information.\n(CVE-2012-5070, CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it\nto not perform array initialization in certain cases. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nvirtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java application or\napplet could possibly use this flaw to disclose sensitive information.\n(CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash\ncode of the canonicalized path name. An untrusted Java application or\napplet could possibly use this flaw to determine certain system paths, such\nas the current working directory. (CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by\ndefault. Gopher support can be enabled by setting the newly introduced\nproperty, \"jdk.net.registerGopherProtocol\", to true. (CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.3. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "cvss3": {}, "published": "2012-10-17T00:00:00", "type": "redhat", "title": "(RHSA-2012:1386) Important: java-1.7.0-openjdk security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2018-06-06T16:24:12", "id": "RHSA-2012:1386", "href": "https://access.redhat.com/errata/RHSA-2012:1386", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:38:01", "description": "Oracle Java SE version 6 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory and Oracle Security Alert pages, listed in the\nReferences section. (CVE-2012-0547, CVE-2012-1531, CVE-2012-1532,\nCVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416,\nCVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073,\nCVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083,\nCVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5089)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide Oracle Java 6 Update 37. All running instances of\nOracle Java must be restarted for the update to take effect.\n", "cvss3": {}, "published": "2012-10-18T00:00:00", "type": "redhat", "title": "(RHSA-2012:1392) Critical: java-1.6.0-sun security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0547", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2018-06-07T05:04:37", "id": "RHSA-2012:1392", "href": "https://access.redhat.com/errata/RHSA-2012:1392", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:43:12", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans,\nSwing, and JMX components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the Scripting,\nJMX, Concurrency, Libraries, and Security components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\nCVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of\nan incompatible class while performing provider lookup. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker could\npossibly use this flaw to cause an SSL/TLS server to terminate with an\nexception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain\nactions in an insecure manner. An untrusted Java application or applet\ncould possibly use this flaw to disclose sensitive information.\n(CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it\nto not perform array initialization in certain cases. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nvirtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java application or\napplet could possibly use this flaw to disclose sensitive information.\n(CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash\ncode of the canonicalized path name. An untrusted Java application or\napplet could possibly use this flaw to determine certain system paths, such\nas the current working directory. (CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by\ndefault. Gopher support can be enabled by setting the newly introduced\nproperty, \"jdk.net.registerGopherProtocol\", to true. (CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.10. Refer\nto the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "cvss3": {}, "published": "2012-10-17T00:00:00", "type": "redhat", "title": "(RHSA-2012:1385) Important: java-1.6.0-openjdk security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "modified": "2017-09-08T07:52:09", "id": "RHSA-2012:1385", "href": "https://access.redhat.com/errata/RHSA-2012:1385", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:36:36", "description": "IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2012-1531, CVE-2012-1532,\nCVE-2012-1533, CVE-2012-1718, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216,\nCVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823, CVE-2012-5067,\nCVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073,\nCVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079,\nCVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5087,\nCVE-2012-5088, CVE-2012-5089)\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR3 release. All running instances\nof IBM Java must be restarted for the update to take effect.\n", "cvss3": {}, "published": "2012-11-15T00:00:00", "type": "redhat", "title": "(RHSA-2012:1467) Critical: java-1.7.0-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3544", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-1718", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4820", "CVE-2012-4821", "CVE-2012-4822", "CVE-2012-4823", "CVE-2012-5067", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089", "CVE-2013-1475"], "modified": "2018-06-07T05:04:34", "id": "RHSA-2012:1467", "href": "https://access.redhat.com/errata/RHSA-2012:1467", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:38:56", "description": "IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2012-0547, CVE-2012-1531,\nCVE-2012-1532, CVE-2012-1533, CVE-2012-1682, CVE-2012-3143, CVE-2012-3159,\nCVE-2012-3216, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068,\nCVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075,\nCVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 6 SR12 release. All running instances\nof IBM Java must be restarted for the update to take effect.\n", "cvss3": {}, "published": "2012-11-15T00:00:00", "type": "redhat", "title": "(RHSA-2012:1466) Critical: java-1.6.0-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0547", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-1682", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4820", "CVE-2012-4822", "CVE-2012-4823", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5089", "CVE-2013-1475"], "modified": "2018-06-07T05:04:12", "id": "RHSA-2012:1466", "href": "https://access.redhat.com/errata/RHSA-2012:1466", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:35:42", "description": "IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2012-1531, CVE-2012-3143,\nCVE-2012-3216, CVE-2012-4820, CVE-2012-4822, CVE-2012-5069, CVE-2012-5071,\nCVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083,\nCVE-2012-5084, CVE-2012-5089)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR15 release. All running instances\nof IBM Java must be restarted for this update to take effect.\n", "cvss3": {}, "published": "2012-11-15T00:00:00", "type": "redhat", "title": "(RHSA-2012:1465) Critical: java-1.5.0-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1531", "CVE-2012-3143", "CVE-2012-3216", "CVE-2012-4820", "CVE-2012-4822", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5089", "CVE-2013-1475"], "modified": "2018-06-07T05:04:16", "id": "RHSA-2012:1465", "href": "https://access.redhat.com/errata/RHSA-2012:1465", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:45:40", "description": "IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2012-1531, CVE-2012-3216,\nCVE-2012-4820, CVE-2012-4822, CVE-2012-5073, CVE-2012-5079, CVE-2012-5081,\nCVE-2012-5083, CVE-2012-5084)\n\nThis is the last update of the java-1.4.2-ibm packages in Red Hat\nEnterprise Linux 5 Supplementary. Customers are advised to migrate to later\nversions of Java at this time. More current versions of IBM Java SE\ncontinue to be available via the Red Hat Enterprise Linux 5 Supplementary\nchannel. Customers should also consider OpenJDK which is the default Java\ndevelopment and runtime environment in Red Hat Enterprise Linux. In\ncases where it is not feasible to move to a later version of supported\nJava, customers are advised to contact IBM to evaluate other options.\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM J2SE 1.4.2 SR13-FP14 release. All running\ninstances of IBM Java must be restarted for this update to take effect\n", "cvss3": {}, "published": "2012-11-22T00:00:00", "type": "redhat", "title": "(RHSA-2012:1485) Critical: java-1.4.2-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1531", "CVE-2012-3216", "CVE-2012-4820", "CVE-2012-4822", "CVE-2012-5073", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2013-1475"], "modified": "2017-09-08T08:18:39", "id": "RHSA-2012:1485", "href": "https://access.redhat.com/errata/RHSA-2012:1485", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-12-04T00:32:31", "description": "## Releases\n\n * Ubuntu 12.10 \n * Ubuntu 12.04 \n * Ubuntu 11.10 \n * Ubuntu 11.04 \n * Ubuntu 10.04 \n\n## Packages\n\n * openjdk-6 \\- Open Source Java implementation\n * openjdk-7 \\- Open Source Java implementation\n\nSeveral information disclosure vulnerabilities were discovered in the \nOpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075, \nCVE-2012-5077, CVE-2012-5085)\n\nVulnerabilities were discovered in the OpenJDK JRE related to information \ndisclosure and data integrity. (CVE-2012-4416, CVE-2012-5071)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure and data integrity. An attacker could exploit these \nto cause a denial of service. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, \nCVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084, \nCVE-2012-5086, CVE-2012-5089)\n\nInformation disclosure vulnerabilities were discovered in the OpenJDK JRE. \nThese issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070)\n\nVulnerabilities were discovered in the OpenJDK JRE related to data \nintegrity. (CVE-2012-5073, CVE-2012-5079)\n\nA vulnerability was discovered in the OpenJDK JRE related to information \ndisclosure and data integrity. This issue only affected Ubuntu 12.10. \n(CVE-2012-5074)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure and data integrity. An attacker could exploit these \nto cause a denial of service. These issues only affected Ubuntu 12.10. \n(CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)\n\nA denial of service vulnerability was found in OpenJDK. (CVE-2012-5081)\n\nPlease see the following for more information: \n<http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html>\n", "cvss3": {}, "published": "2012-10-26T00:00:00", "type": "ubuntu", "title": "OpenJDK vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5067", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2012-10-26T00:00:00", "id": "USN-1619-1", "href": "https://ubuntu.com/security/notices/USN-1619-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T19:00:33", "description": "30 of different vulnerabilities", "cvss3": {}, "published": "2012-10-30T00:00:00", "type": "securityvulns", "title": "Oracle Java / OpenJDK multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-1533", "CVE-2012-3159", "CVE-2012-5087", "CVE-2012-5085", "CVE-2012-5076", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5067", "CVE-2012-5083", "CVE-2012-5088", "CVE-2012-5086", "CVE-2012-1532", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5078", "CVE-2012-0547", "CVE-2012-5072", "CVE-2012-1531", "CVE-2012-5068", "CVE-2012-3143", "CVE-2012-5080", "CVE-2012-5082", "CVE-2012-5070"], "modified": "2012-10-30T00:00:00", "id": "SECURITYVULNS:VULN:12665", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12665", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:08:02", "description": "java-openjdk was upgraded to version 1.11.5 to fix various\n security and non-security issues.\n", "cvss3": {}, "published": "2012-10-24T22:08:57", "type": "suse", "title": "Security update for OpenJDK (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-1533", "CVE-2012-3159", "CVE-2012-5087", "CVE-2012-5085", "CVE-2012-5076", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5067", "CVE-2012-5083", "CVE-2012-5088", "CVE-2012-5086", "CVE-2012-1532", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5078", "CVE-2012-5072", "CVE-2012-1531", "CVE-2012-4681", "CVE-2012-5068", "CVE-2012-3143", "CVE-2012-5080", "CVE-2012-5082", "CVE-2012-5070"], "modified": "2012-10-24T22:08:57", "id": "SUSE-SU-2012:1398-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:46:23", "description": "IBM Java 1.7.0 has been updated to SR3 which fixes bugs and\n security issues.\n\n More information can be found on:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n CVEs fixed:\n CVE-2012-3159,CVE-2012-3216,CVE-2012-5070,CVE-2012-5067,CVE-\n 2012-3143,CVE-2012-5076,CVE-2012-5077,CVE-2012-5073,CVE-2012\n -5074,CVE-2012-5075,CVE-2012-5083,CVE-2012-5083,CVE-2012-507\n 2,CVE-2012-1531,CVE-2012-5081,CVE-2012-1532,CVE-2012-1533,CV\n E-2012-5069,CVE-2012-5071,CVE-2012-5084,CVE-2012-5087,CVE-20\n 12-5086,CVE-2012-5079,CVE-2012-5088,CVE-2012-5089\n\n", "cvss3": {}, "published": "2012-11-21T18:08:45", "type": "suse", "title": "Security update for IBM Java 1.7.0 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-1533", "CVE-2012-3159", "CVE-2012-5087", "CVE-2012-5076", "CVE-2012-5079", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5067", "CVE-2012-5083", "CVE-2012-5088", "CVE-2012-1532", "CVE-2012-5077", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-1531", "CVE-2012-5070"], "modified": "2012-11-21T18:08:45", "id": "SUSE-SU-2012:1489-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00014.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:42:50", "description": "java-1_7_0-opendjk was updated to icedtea-2.3.3 (bnc#785814)\n * Security fixes\n - S6631398, CVE-2012-3216: FilePermission improved path\n checking\n - S7093490: adjust package access in rmiregistry\n - S7143535, CVE-2012-5068: ScriptEngine corrected\n permissions\n - S7158796, CVE-2012-5070: Tighten properties checking in\n EnvHelp\n - S7158807: Revise stack management with volatile call\n sites\n - S7163198, CVE-2012-5076: Tightened package accessibility\n - S7167656, CVE-2012-5077: Multiple Seeders are being\n created\n - S7169884, CVE-2012-5073: LogManager checks do not work\n correctly for sub-types\n - S7169887, CVE-2012-5074: Tightened package accessibility\n - S7169888, CVE-2012-5075: Narrowing resource definitions\n in JMX RMI connector\n - S7172522, CVE-2012-5072: Improve DomainCombiner checking\n - S7186286, CVE-2012-5081: TLS implementation to better\n adhere to RFC\n - S7189103, CVE-2012-5069: Executors needs to maintain\n state\n - S7189490: More improvements to DomainCombiner checking\n - S7189567, CVE-2012-5085: java net obselete protocol\n - S7192975, CVE-2012-5071: Issue with JMX reflection\n - S7195194, CVE-2012-5084: Better data validation for\n Swing\n - S7195549, CVE-2012-5087: Better bean object persistence\n - S7195917, CVE-2012-5086: XMLDecoder parsing at\n close-time should be improved\n - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw\n CCE without needing to create instance\n - S7196190, CVE-2012-5088: Improve method of handling\n MethodHandles\n - S7198296, CVE-2012-5089: Refactor classloader usage\n - S7158800: Improve storage of symbol tables\n - S7158801: Improve VM CompileOnly option\n - S7158804: Improve config file parsing\n - S7198606, CVE-2012-4416: Improve VM optimization\n * Bug fixes\n - Remove merge artefact.\n\n", "cvss3": {}, "published": "2012-10-31T16:11:24", "type": "suse", "title": "java-1_7_0-openjdk: Update to icedtea-2.3.3 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-5087", "CVE-2012-5085", "CVE-2012-5076", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5088", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068", "CVE-2012-5070"], "modified": "2012-10-31T16:11:24", "id": "OPENSUSE-SU-2012:1419-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00020.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:35", "description": "IBM Java 1.6.0 has been updated to SR12 which fixes bugs\n and security issues.\n\n More information can be found on:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n CVEs fixed: CVE-2012-3159, CVE-2012-3216, CVE-2012-5068,\n CVE-2012-3143, CVE-2012-5073, CVE-2012-5075,\n CVE-2012-5083, CVE-2012-5083, CVE-2012-5072,\n CVE-2012-1531, CVE-2012-5081, CVE-2012-1532,\n CVE-2012-1533, CVE-2012-5069, CVE-2012-5071,\n CVE-2012-5084, CVE-2012-5079, CVE-2012-5089\n\n\n", "cvss3": {}, "published": "2012-11-28T21:08:41", "type": "suse", "title": "Security update for IBM Java 1.6.0 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-1533", "CVE-2012-3159", "CVE-2012-5079", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-1532", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-1531", "CVE-2012-5068", "CVE-2012-3143"], "modified": "2012-11-28T21:08:41", "id": "SUSE-SU-2012:1588-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00020.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:37:36", "description": "IBM Java 1.6.0 has been updated to SR12 which fixes bugs\n and security issues.\n\n More information can be found on:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n CVEs fixed: CVE-2012-3159, CVE-2012-3216, CVE-2012-5068,\n CVE-2012-3143, CVE-2012-5073, CVE-2012-5075,\n CVE-2012-5083, CVE-2012-5083, CVE-2012-5072,\n CVE-2012-1531, CVE-2012-5081, CVE-2012-1532,\n CVE-2012-1533, CVE-2012-5069, CVE-2012-5071,\n CVE-2012-5084, CVE-2012-5079, CVE-2012-5089\n\n", "cvss3": {}, "published": "2012-11-30T21:18:46", "type": "suse", "title": "Security update for IBM Java 1.6.0 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-1533", "CVE-2012-3159", "CVE-2012-5079", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-1532", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-1531", "CVE-2012-5068", "CVE-2012-3143"], "modified": "2012-11-30T21:18:46", "id": "SUSE-SU-2012:1595-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:37:36", "description": "java 1.6.0 openjdk / icedtea was updated to 1.11.5\n (bnc#785433)\n * Security fixes\n - S6631398, CVE-2012-3216: FilePermission improved path\n checking\n - S7093490: adjust package access in rmiregistry\n - S7143535, CVE-2012-5068: ScriptEngine corrected\n permissions\n - S7167656, CVE-2012-5077: Multiple Seeders are being\n created\n - S7169884, CVE-2012-5073: LogManager checks do not work\n correctly for sub-types\n - S7169888, CVE-2012-5075: Narrowing resource definitions\n in JMX RMI connector\n - S7172522, CVE-2012-5072: Improve DomainCombiner checking\n - S7186286, CVE-2012-5081: TLS implementation to better\n adhere to RFC\n - S7189103, CVE-2012-5069: Executors needs to maintain\n state\n - S7189490: More improvements to DomainCombiner checking\n - S7189567, CVE-2012-5085: java net obselete protocol\n - S7192975, CVE-2012-5071: Conditional usage check is\n wrong\n - S7195194, CVE-2012-5084: Better data validation for\n Swing\n - S7195917, CVE-2012-5086: XMLDecoder parsing at\n close-time should be improved\n - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw\n CCE without needing to create instance\n - S7198296, CVE-2012-5089: Refactor classloader usage\n - S7158800: Improve storage of symbol tables\n - S7158801: Improve VM CompileOnly option\n - S7158804: Improve config file parsing\n - S7176337: Additional changes needed for 7158801 fix\n - S7198606, CVE-2012-4416: Improve VM optimization\n * Backports\n - S7175845: "jar uf" changes file permissions unexpectedly\n - S7177216: native2ascii changes file permissions of\n input file\n - S7199153: TEST_BUG: try-with-resources syntax pushed to\n 6-open repo\n * Bug fixes\n - PR1194: IcedTea tries to build with\n /usr/lib/jvm/java-openjdk (now a 1.7 VM) by default\n\n", "cvss3": {}, "published": "2012-10-31T17:08:50", "type": "suse", "title": "java-1_6_0-openjdk: update to 1.11.5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-5085", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068"], "modified": "2012-10-31T17:08:50", "id": "OPENSUSE-SU-2012:1424-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00024.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:02", "description": "This version upgrade to 1.11.5 fixed various security and\n non-security issues.\n\n", "cvss3": {}, "published": "2012-10-31T17:08:34", "type": "suse", "title": "java-1_6_0-openjdk: update to 1.11.5 icedtea (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-5085", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068"], "modified": "2012-10-31T17:08:34", "id": "OPENSUSE-SU-2012:1423-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:32:45", "description": "IBM Java 1.5.0 has been updated to SR15 which fixes bugs\n and security issues.\n\n More information can be found on:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n CVE-2012-3216,CVE-2012-3143,CVE-2012-5073,CVE-2012-5075,CVE-\n 2012-5083,CVE-2012-5083,CVE-2012-1531,CVE-2012-5081,CVE-2012\n -5069,CVE-2012-5071,CVE-2012-5084,CVE-2012-5079,CVE-2012-508\n 9\n\n\n", "cvss3": {}, "published": "2012-11-16T21:08:57", "type": "suse", "title": "Security update for IBM Java 1.5.0 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-5073", "CVE-2012-5079", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-1531", "CVE-2012-3143"], "modified": "2012-11-16T21:08:57", "id": "SUSE-SU-2012:1489-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:48", "description": "IBM Java 1.4.2 has been updated to SR13-FP14 which fixes\n bugs and security issues.\n\n More information can be found on:\n\n [<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>)(http://\n www.ibm.com/developerworks/java/jdk/alerts/)\n\n CVEs fixed:\n CVE-2012-3216,CVE-2012-5073,CVE-2012-5083,CVE-2012-5083,CVE-\n 2012-1531,CVE-2012-5081,CVE-2012-5084,CVE-2012-5079\n\n", "cvss3": {}, "published": "2012-11-16T21:09:15", "type": "suse", "title": "Security update for IBM Java 1.4.2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-5073", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-3216", "CVE-2012-5084"], "modified": "2012-11-16T21:09:15", "id": "SUSE-SU-2012:1490-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00011.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ibm": [{"lastseen": "2023-02-21T05:40:44", "description": "## Summary\n\nMultiple security vulnerabilities exist in the Java Runtime Environments (JREs) IBM JRE 7.0 Service Release 1 or earlier, and non-IBM Java 7.0 or earlier, that can affect the security of Rational Functional Tester. Fixes are available in IBM JRE 7.0 Service Release 3 and in the latest Java 7.0 patches.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE IDs: **CVE-2012-3159, CVE-2012-3216, CVE-2012-5070, CVE-2012-5067, CVE-2012-3143, CVE-2012-5076, CVE-2012-5077, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5083, CVE-2012-5072, CVE-2012-1531, CVE-2012-5081, CVE-2012-1532, CVE-2012-1533, CVE-2012-5069, CVE-2012-5071, CVE-2012-5084, CVE-2012-5087, CVE-2012-5086, CVE-2012-5079, CVE-2012-5088, CVE-2012-5089 \n \n**Description**: Vulnerabilities exist in the following JREs that can impact the security of Rational Functional Tester: \n\n 1. IBM JRE 7.0 Service Release 2 or earlier that is shipped with Rational Functional Tester\n 2. Non-IBM Java 7.0 or earlier, when used with Rational Functional Tester \n\nFixes are available in IBM JRE 7.0 Service Release 3 (shipped with Rational Functional Tester version 8.3.0.1) and in the latest Java 7.0 patches. \n\n\n**CVEID: **[**CVE-2012-3159**](<https://vulners.com/cve/CVE-2012-1359>)\n\n**Description**: Remote attackers could affect confidentiality and integrity through unknown vectors related to Deployment.\n\n \n \nCVSS Base Score 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79424> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n[](<https://vulners.com/cve/CVE-2012-3216>) \n[**CVEID: ****CVE-2012-3216**](<https://vulners.com/cve/CVE-2012-3216>) \n \n**Description**: Remote attackers could affect confidentiality through unknown vectors related to File. \n\nCVSS Base Score 2.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79436> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n \n \n \n[**CVEID: ****CVE-2012-5070**](<https://vulners.com/cve/CVE-2012-5070>) \n \n**Description**: Remote attackers could affect confidentiality, integrity, and availability through unknown vectors related to Hotspot. \n\nCVSS Base Score 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79430> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n \n[](<https://vulners.com/cve/CVE-2012-5067>) \n[**CVEID: ****CVE-2012-5067**](<https://vulners.com/cve/CVE-2012-5067>) \n \n**Description**: Remote attackers could affect confidentiality through unknown vectors related to Library. \n\nCVSS Base Score 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79429> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n \n[](<https://vulners.com/cve/CVE-2012-3143>) \n[**CVEID: ****CVE-2012-3143**](<https://vulners.com/cve/CVE-2012-3143>) \n \n**Description**: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to JMX. \n\nCVSS Base Score 10 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79419> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n \n[](<https://vulners.com/cve/CVE-2012-5076>) \n[**CVEID: ****CVE-2012-5076**](<https://vulners.com/cve/CVE-2012-5076>) \n \n**Description**: A number of internal com.sun packages which should be restricted are not. \n\nCVSS Base Score 9.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79418> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n \n[](<https://vulners.com/cve/CVE-2012-5077>) \n[**CVEID: ****CVE-2012-5077**](<https://vulners.com/cve/CVE-2012-5077>) \n \n**Description**: An undisclosed vulnerability exists in a portion of the JRE related to Security. \n\nCVSS Base Score 2.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79437> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n \n \n**CVEID: **[**CVE-2012-5073**](<https://vulners.com/cve/CVE-2012-5073>) \n \n**Description**: Parts of the java.util.logging API do not check access permissions correctly. \n\nCVSS Base Score 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79432> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n \n[**CVEID:**** ****CVE-2012-5074**](<https://vulners.com/cve/CVE-2012-5074>) \n \n**Description**: A number of internal com.sun packages which should be restricted are not. \n \nCVSS Base Score 6.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79426> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:N) \n \n[](<https://vulners.com/cve/CVE-2012-5075>) \n[**CVEID:**** ****CVE-2012-5075**](<https://vulners.com/cve/CVE-2012-5075>) \n \n**Description**: Remote attackers could affect confidentiality through unknown vectors related to RMI. \n\nCVSS Base Score 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79431> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n \n \n[**CVEID:**** ****CVE-2012-5083**](<https://vulners.com/cve/CVE-2012-5083>) \n \n**Description**: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to Swing. \n\nCVSS Base Score 10 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79412> \nCVSS Environmental Score undefined \nCVSS Vector ((AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n \n \n**CVEID: **[**CVE-2012-5072**](<https://vulners.com/cve/CVE-2012-5072>) \n \n**Description**: Under certain circumstances the java.security.AccessController.doPrivilegedWithCombiner() method does not work correctly. This potentially allows malicious code to elevate its privileges. \n\nCVSS Base Score 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79434> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n \n \n[**CVEID: ****CVE-2012-1531**](<https://vulners.com/cve/CVE-2012-1531>) \n \n**Description**: An attacker can induce a crash by injecting a maliciously crafted font file which contains invalid data. \n\nCVSS Base Score 10 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79413> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n \n \n**CVEID: **[**CVE-2012-5081**](<https://vulners.com/cve/CVE-2012-5081>) \n \n**Description**: Remote attackers could affect accessibility through unknown vectors related to Network. \n\nCVSS Base Score 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79435> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n \n \n \n**CVEID: **[**CVE-2012-1532**](<https://vulners.com/cve/CVE-2012-1532>) \n \n**Description**: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to Web Start. \n\nCVSS Base Score 10 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79417> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n \n \n**CVEID: **[**CVE-2012-1533**](<https://vulners.com/cve/CVE-2012-1533>) \n \n**Description**: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to Web Start. This is different from CVE-2012-1532. \n\nCVSS Base Score 10 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79416> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n \n \n**CVEID: **[**CVE-2012-****5069**](<https://vulners.com/cve/CVE-2012-5069>) \n \n**Description**: Remote attackers could affect confidentiality and integrity through unknown vectors related to ClassLoader. \n\nCVSS Base Score 5.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79428> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:M/Au:N/C:P/I:P/A:N)\n\n \n \n**CVEID: **[**CVE-2012-****5071**](<https://vulners.com/cve/CVE-2012-5071>) \n \n**Description**: Part of the javax.management (JMX) API incorrectly allows access to sun.* classes, which should be restricted. \n\nCVSS Base Score 6.4 \nCVSS Temporal Score: See** ****<https://exchange.xforce.ibmcloud.com/vulnerabilities/79427>** \nCVSS Environmental Score undefined \nCVSS Vector(AV:N/AC:L/Au:N/C:P/I:P/A:N)\n\n \n \n**CVEID: **[**CVE-2012-****5084**](<https://vulners.com/cve/CVE-2012-5084>) \n \n**Description**: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to Swing. This is different from CVE-2012-5083. \n\nCVSS Base Score 7.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79423> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C) \n\n \n \n**CVEID: **[**CVE-2012-508****7**](<https://vulners.com/cve/CVE-2012-5087>) \n \n**Description**: The class com.sun.beans.decoder.PropertyElementHandler does not check permissions correctly. This potentially allows malicious code to access restricted classes. \n\nCVSS Base Score 10 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79415> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n \n \n**CVEID: **[**CVE-2012-5086**](<https://vulners.com/cve/CVE-2012-5086>) \n \n**Description**: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to Beans. \n\nCVSS Base Score 10 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79414> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n \n \n**CVEID: **[**CVE-2012-****5079**](<https://vulners.com/cve/CVE-2012-5079>) \n \n**Description**: Remote attackers could affect integrity through unknown vectors related to Service. \n\nCVSS Base Score 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79433> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n\n \n \n**CVEID: **[**CVE-2012-5088**](<https://vulners.com/cve/CVE-2012-5088>) \n \n**Description**: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to Reflection. \n\nCVSS Base Score 10 \nCVSS Temporal Score: See<https://exchange.xforce.ibmcloud.com/vulnerabilities/79420> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n \n \n**CVEID: **[**CVE-2012-5089**](<https://vulners.com/cve/CVE-2012-5089>) \n \n**Description**: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to RMI. \n\nCVSS Base Score 7.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79422> \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C) \n\n## Affected Products and Versions\n\nIBM JRE 7.0 Service Release 2 or earlier, shipped with Rational Functional Tester and non-IBM Java 7.0\n\n## Remediation/Fixes\n\nUpgrade to [Rational Functional Tester Fix Pack 1 (8.3.0.1) for 8.3](<http://www.ibm.com/support/docview.wss?uid=swg24034096>). \n \nIf you intend to use IBM Rational Functional Tester with a non-IBM Java 7.0, ensure that you upgrade to the latest Java 7.0 patches to fix the vulnerability security issues. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2019-05-07T13:40:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Rational Functional Tester versions 8.x due to security vulnerabilities in IBM JRE 7.0 Service Release 2 or earlier, and non-IBM Java 7.0", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1359", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-5067", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089"], "modified": "2019-05-07T13:40:01", "id": "45B71341A260B8D1721867FF17BE36713B9C9FE3153B99E99D3F6E7D5B386B80", "href": "https://www.ibm.com/support/pages/node/486013", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:49:42", "description": "## Summary\n\nRational Build Forge is shipped with an IBM Java that is based on Oracle Java. Oracle has released a critical patch update (CPU) that contains security vulnerability fixes and IBM Java is affected. These fixes have been added to the Rational Build Forge 8.0 release. \n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n\n\n**CVE ID**: CVE-2012-3216 \n \n**Description:**\n\nAn unspecified vulnerability in Oracle Java Runtime Environment related to Libraries could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors \n\n \n \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79436> \nCVSS Environment Score: Undefined \n--- \nCVSS Access Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N) \n \n\n\n**CVE ID**: CVE-2012-5077 \n \n**Description:**\n\nAn unspecified vulnerability in Oracle Java Runtime Environment related to Security could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.\n\n \n \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/79437>_ \nCVSS Environment Score: Undefined \n--- \nCVSS Access Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N) \n \n\n\n**CVE ID**: CVE-2012-5073 \n \n**Description:**\n\nAn unspecified vulnerability in Oracle Java Runtime Environment related to Libraries has no confidentiality impact, partial integrity impact, and no availability impact.\n\n \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79432> \nCVSS Environment Score: Undefined \n--- \nCVSS Access Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n\n\n**CVE ID**: CVE-2012-5074 \n \n**Description:**\n\nAn unspecified vulnerability in Oracle Java Runtime Environment related to JAX-WS has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n \n \nCVSS Base Score: 6.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79426> \nCVSS Environment Score: Undefined \n--- \nCVSS Access Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N) \n \n\n\n**CVE ID**: CVE-2012-5083 \n \n**Description:**\n\nAn unspecified vulnerability in Oracle Java Runtime Environment related to 2D has complete confidentiality impact, complete integrity impact, and complete availability impact.\n\n \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79412> \nCVSS Environment Score: Undefined \n--- \nCVSS Access Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n\n\n**CVE ID**: CVE-2012-5072 \n \n**Description:**\n\nAn unspecified vulnerability in Oracle Java Runtime Environment related to Security could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.\n\n \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79434> \nCVSS Environment Score: Undefined \n--- \nCVSS Access Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n \n \n**CVE ID**: CVE-2012-1531 \n \n**Description:** \nAn unspecified vulnerability in Oracle Java Runtime Environment related to 2D has complete confidentiality impact, complete integrity impact, and complete availability impact. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79413> \nCVSS Environment Score: Undefined \n--- \nCVSS Access Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n \n**CVE ID:** CVE-2012-5081 \n \n**Description:** \nAn unspecified vulnerability in Oracle Java Runtime Environment related to JSSE could allow a remote attacker to cause a denial of service using unknown attack vectors. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/79435>_ \nCVSS Environment Score: Undefined \n--- \nCVSS Access Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n \n \n**CVE ID**: CVE-2012-5069 \n \n**Description:** \nAn unspecified vulnerability in Oracle Java Runtime Environment related to Concurrency has partial confidentiality impact, partial integrity impact, and no availability impact. \n \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79428> \nCVSS Environment Score: Undefined \n--- \nCVSS Access Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n \n \n \n**CVE ID:** CVE-2012-5079 \n \n**Description:** \nAn unspecified vulnerability in Oracle Java Runtime Environment related to Libraries has no confidentiality impact, partial integrity impact, and no availability impact. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79433> \nCVSS Environment Score: Undefined \n--- \nCVSS Access Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n \n \n**CVE ID:** CVE-2012-5088 \n \n**Description:** \nOracle Java Runtime Environment could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Libraries component. An attacker could exploit this vulnerability to execute arbitrary code on the system. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79420> \nCVSS Environment Score: Undefined \n--- \nCVSS Access Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n## Affected Products and Versions\n\nIBM Rational Build Forge 8.0 on all supported operating systems.\n\n## Remediation/Fixes\n\nUpgrade to [Rational Build Forge 8.0](<https://jazz.net/downloads/rational-build-forge/releases/8.0>), which contains the updated IBM Java. \n\n## Workarounds and Mitigations\n\nNone. If you are unable to upgrade to version 8.0, contact IBM Technical Support.\n\n## ", "cvss3": {}, "published": "2018-06-17T04:45:18", "type": "ibm", "title": "Security Bulletin: IBM Rational Build Forge Java (CVE-2012-3216, CVE-2012-5077, CVE-2012-5073, CVE-2012-5074, CVE-2012-5083, CVE-2012-5072, CVE-2012-1531, CVE-2012-5081, CVE-2012-5069, CVE-2012-5079, CVE-2012-5088)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1531", "CVE-2012-3216", "CVE-2012-5069", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5088"], "modified": "2018-06-17T04:45:18", "id": "35A89FAC12BEA1171A26CF6CD2F2679BABBF138B026E730D5873CE3FD3E85CAC", "href": "https://www.ibm.com/support/pages/node/493129", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T22:15:23", "description": "## Abstract\n\nThese vulnerabilities are only applicable to Java deployments where untrusted code may be executed under a security manager (e.g. Java applets running in a web browser). \n\n## Content\n\n \n**DESCRIPTION: ** \nThere are a number of vulnerabilities in the IBM JAVA SDK that affect various components (ORB, XML and JMX). The vulnerabilities allow code running under a security manager to escalate its privileges by modifying or removing the security manager. Some of the issues need to be combined in sequence to achieve an exploit. \n \nThe vulnerabilities could occur when the IBM JRE is installed as the system JRE, such that it may be used to execute untrusted Java applets or Web Start applications in a browser. \n \n \n**VULNERABILITY DETAILS:**\n\n**CVE ID**| **DESCRIPTION**| **CVSS ** \n---|---|--- \n[_CVE-2012-1531_](<https://vulners.com/cve/CVE-2012-1531>)| Unspecified vulnerability in JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D| 10 \n[_CVE-2012-1532_](<https://vulners.com/cve/CVE-2012-1532>)| Unspecified vulnerability in the JRE allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment| 10 \n[_CVE-2012-1533_](<https://vulners.com/cve/CVE-2012-1533>)| Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment| 10 \n[_CVE-2012-3143_](<https://vulners.com/cve/CVE-2012-3143>)| Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability, related to JMX| 10 \n[_CVE-2012-3159_](<https://vulners.com/cve/CVE-2012-3159>)| Unspecified vulnerability in the Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment| 7.5 \n[_CVE-2012-3216_](<https://vulners.com/cve/CVE-2012-3216>)| Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries| 2.6 \n[ CVE-2012-4820](<https://vulners.com/cve/CVE-2012-4820>)| Unspecified vulnerability in the JRE component allows remote attackers to execute arbitrary code on the system.| 9.3 \n[ CVE-2012-4821](<https://vulners.com/cve/CVE-2012-4821>)| Unspecified vulnerability in the JRE component allows remote attackers to execute arbitrary code on the system.| 9.3 \n[ CVE-2012-4822](<https://vulners.com/cve/CVE-2012-4822>)| Unspecified vulnerability in the JRE component allows remote attackers to execute arbitrary code on the system.| 9.3 \n[ CVE-2012-4823](<https://vulners.com/cve/CVE-2012-4823>)| Unspecified vulnerability in the JRE component allows remote attackers to execute arbitrary code on the system.| 9.3 \n[_CVE-2012-5068_](<https://vulners.com/cve/CVE-2012-5068>)| Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries| 7.5 \n[_CVE-2012-5069_](<https://vulners.com/cve/CVE-2012-5069>)| Unspecified vulnerability in JRE component allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency| 5.8 \n[_CVE-2012-5071_](<https://vulners.com/cve/CVE-2012-5071>)| Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality and integrity, related to JMX| 6.4 \n[_CVE-2012-5072_](<https://vulners.com/cve/CVE-2012-5072>)| Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via unknown vectors related to Security| 5 \n[_CVE-2012-5073_](<https://vulners.com/cve/CVE-2012-5073>)| Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Libraries| 5 \n[_CVE-2012-5075_](<https://vulners.com/cve/CVE-2012-5075>)| Unspecified vulnerability in the JRE allows remote attackers to affect confidentiality, related to JMX| 5 \n[_CVE-2012-5079_](<https://vulners.com/cve/CVE-2012-5079>)| Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Libraries| 5 \n[_CVE-2012-5083_](<https://vulners.com/cve/CVE-2012-5083>)| Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D| 10 \n[_CVE-2012-5084_](<https://vulners.com/cve/CVE-2012-5084>)| Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing| 7.6 \n[_CVE-2012-5089_](<https://vulners.com/cve/CVE-2012-5089>)| Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability, related to JMX| 7.6 \n \nFor the most current description and CVSS for each vulnerability, please refer to [_developerWorks Java__TM__ Technology Security Alerts_](<http://www.ibm.com/developerworks/java/jdk/alerts/>)\n\n \n**AFFECTED PRODUCTS AND VERSIONS: ** \nIBM Tivoli Monitoring version 6.2.3 through 6.2.3 Fix Pack 02 \nIBM Tivoli Monitoring version 6.2.2 through 6.2.2 Fix Pack 09 \nIBM Tivoli Monitoring version 6.2.1 through 6.2.1 Fix Pack 04 \nIBM Tivoli Monitoring version 6.2.0 through 6.2.0 Fix Pack 03 \n \n \n**REMEDIATION: ** This vulnerability exists where the affected JRE is installed on systems running the Tivoli Enterprise Portal Browser client or Java WebStart client. \n \nThe affected JRE is installed on a system when logging into the IBM Tivoli Enterprise Portal using the Browser client or WebStart client and a JRE at the required level does not exist. The portal provides an option to download the provided JRE to the system. \n--- \n \nThe fix below provides a server side JRE package for customers to install on the portal server. This is a scripted solution to update the portal JRE bundles that are provided to the end user. The fix upgrades the JRE to 1.6.0 SR12. \n \n**_Fix_**| **_VRMF_**| **_APAR_**| **_How to acquire fix_** \n---|---|---|--- \n_6.2-TIV-ITM_JRE-LA0002_| 6.2.0 through 6.23 FP2| IV30922-Sever | [**__http://www-01.ibm.com/support/docview.wss?uid=swg2033801__**](<http://www-01.ibm.com/support/docview.wss?uid=swg24033801>) \n \nThe Fix Pack listed below will include the IV30922-Server fix listed above. **_Fix_**| **_VRMF_**| **_APAR_**| **_How to acquire fix_** \n---|---|---|--- \n_6.2.3-TIV-ITM-FP0003_| 6.2.3.0| IV30922-Sever | [**__http://www-01.ibm.com/support/docview.wss?uid=swg24033803__**](<http://www-01.ibm.com/support/docview.wss?uid=swg24033803>) \nRefer to the link above for status on availability. \n \n \n**_Workaround(s):_** \nNone. \n \n**_Mitigation(s):_** \nNone. \n \n**REFERENCES: ** \n[](<https://www-304.ibm.com/support/docview.wss?uid=swg21496117&wv=1>)[\u00b7 __Complete CVSS Guide__](<http://www.first.org/cvss/v2/guide>) \n[\u00b7 __On-line Calculator V2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)_ _ \n[](<https://vulners.com/cve/CVE-2011-4820>)\u00b7 [_X-Force Vulnerability Database_](<http://xforce.iss.net>) \n \n \n**RELATED INFORMATION: ** \n<http://seclists.org/bugtraq/2012/Sep/38> \n \n**ACKNOWLEDGEMENT** \nThe vulnerability was reported to IBM by Adam Gowdiak of Security Explorations. \n \n**CHANGE HISTORY** \n_November 13, 2012 Advisory Flash Created_ \n_December 13, 2012 Updated Flash to document additional CVE's included in the provided JRE package. _ \n_May 15, 2016 Updated expiration date for document._ \n \n \n\n\n_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _\n\n \n**_Note: _**_According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY._\n\n[{\"Product\":{\"code\":\"SSTFXA\",\"label\":\"Tivoli Monitoring\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"6.2.3;6.2.2;6.2.1;6.2.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}] \n\n## Product Synonym\n\nITM TEP", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-25T23:13:40", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Monitoring clients affected by vulnerabilities in IBM JRE excuted under a security manager.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4820", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4820", "CVE-2012-4821", "CVE-2012-4822", "CVE-2012-4823", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5079", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5089"], "modified": "2022-09-25T23:13:40", "id": "1F2F1CB65E265B60CBD764981B767523532E4F8B6262F717906EA7945B91F6F1", "href": "https://www.ibm.com/support/pages/node/483227", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T22:15:45", "description": "## Abstract\n\nMultiple security vulnerabilities exist in the Java Runtime Environments (JREs) IBM JRE 5.0 Service Release 15 or earlier, and non-IBM Java 5.0 or earlier, that can affect the security of IBM Tivoli Application Dependency Discovery Manager.\n\n## Content\n\n**VULNERABILITY DETAILS: ** \n**_CVEID: CVE-2013-1475_** \n**Description:** \nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. \nNOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"IIOP type reuse management\" in ObjectStreamClass.java. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81760> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**_CVEID: CVE-2012-4820_** \n**Description:** \nUnspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to \"insecure use of the java.lang.reflect.Method invoke() method.\" \n \nCVSS Base Score: 9.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/78765> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) \n \n**_CVEID: CVE-2012-4822_** \n**Description :** \nMultiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to \"insecure use [of] multiple methods in the java.lang.class class.\" \n \nCVSS Base Score: 9.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/78766> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) \n \n**_CVEID: CVE-2012-3216_** \n**Description :** \nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. \n \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79436> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N) \n \n**_CVEID: CVE-2012-3143_** \n**Description :** \nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79419> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**_CVEID: CVE-2012-5073_** \n**Description :** \nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79432> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n**_CVEID: CVE-2012-5075_** \n**Description :** \nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79431> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n**_CVEID: CVE-2012-5083_** \n**Description :** \nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79412> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n\n**_CVEID: CVE-2012-1531_**\n\n \n**Description :** \nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79413> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**_CVEID: CVE-2012-5081_** \n**Description :** \nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79435> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**_CVEID: CVE-2012-5069_** \n**Description :** \nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency. \n \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79428> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n \n**_CVEID: CVE-2012-5071_** \n**Description :** \nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX. \n \nCVSS Base Score: 6.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79427> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N) \n \n \n**_CVEID: CVE-2012-5084_** \n**Description :** \nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. \n \nCVSS Base Score: 7.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79423> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) \n \n**_CVEID: CVE-2012-5079_** \n**Description :** \nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79433> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n**_CVEID: CVE-2012-5089_** \n**Description :** \nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX. \n \nCVSS Base Score: 7.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79422> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) \n \n**AFFECTED PRODUCTS AND VERSIONS: ** \nTADDM 7.2.0.0 through 7.2.1.3 \n \n**REMEDIATION: ** \n \n**_Fix*_**| **_VRMF_**| **_APAR_**| **_How to acquire fix_** \n---|---|---|--- \n_7.2.1-TIV-ITADM-FP0004_| _7.2.1.4_| _None_| [_Download from Fix Central_](<http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Tivoli/Tivoli+Application+Dependency+Discovery+Manager&release=7.2.1.3&platform=All&function=fixId&fixids=7.2.1-TIV-ITADDM-FP0004&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) \n_None_| _7.2.0.0_| _None_| _Upgrade to 7.2.1.4_ \n \n**_Workaround(s):_** \nNone \n \n**_Mitigation(s):_** \nJRE embedded in TADDM should not be used outside the product and never installed as system JRE. \n \n**REFERENCES: **\n\n * [__IBM Java security alerts__](<http://www.ibm.com/developerworks/java/jdk/alerts/>)\n * _X-Force Vulnerability Database:_\n * <https://exchange.xforce.ibmcloud.com/vulnerabilities/81760>\n * <https://exchange.xforce.ibmcloud.com/vulnerabilities/78765>\n * <https://exchange.xforce.ibmcloud.com/vulnerabilities/78767>\n * <https://exchange.xforce.ibmcloud.com/vulnerabilities/79436>\n * <https://exchange.xforce.ibmcloud.com/vulnerabilities/79419>\n * <https://exchange.xforce.ibmcloud.com/vulnerabilities/79432>\n * <https://exchange.xforce.ibmcloud.com/vulnerabilities/79431>\n * <https://exchange.xforce.ibmcloud.com/vulnerabilities/79412>\n * <https://exchange.xforce.ibmcloud.com/vulnerabilities/79413>\n * <https://exchange.xforce.ibmcloud.com/vulnerabilities/79435>\n * <https://exchange.xforce.ibmcloud.com/vulnerabilities/79428>\n * <https://exchange.xforce.ibmcloud.com/vulnerabilities/79427>\n * <https://exchange.xforce.ibmcloud.com/vulnerabilities/79423>\n * <https://exchange.xforce.ibmcloud.com/vulnerabilities/79433>\n * <https://exchange.xforce.ibmcloud.com/vulnerabilities/79422>\n * _Common Vulnerabilities and Exposures (CVE)_\n * [__https://vulners.com/cve/CVE-2013-1475__](<https://vulners.com/cve/CVE-2013-1475>)\n * [__https://vulners.com/cve/CVE-2012-4820__](<https://vulners.com/cve/CVE-2012-4820>)\n * [__https://vulners.com/cve/CVE-2012-4822__](<https://vulners.com/cve/CVE-2012-4822>)\n * [__https://vulners.com/cve/CVE-2012-3216__](<https://vulners.com/cve/CVE-2012-3216>)\n * [__https://vulners.com/cve/CVE-2012-3143__](<https://vulners.com/cve/CVE-2012-3143>)\n * [__https://vulners.com/cve/CVE-2012-5073__](<https://vulners.com/cve/CVE-2012-5073>)\n * [__https://vulners.com/cve/CVE-2012-5075__](<https://vulners.com/cve/CVE-2012-5075>)\n * [__https://vulners.com/cve/CVE-2012-5083__](<https://vulners.com/cve/CVE-2012-5083>)\n * [__https://vulners.com/cve/CVE-2012-1531__](<https://vulners.com/cve/CVE-2012-1531>)\n * [__https://vulners.com/cve/CVE-2012-5081__](<https://vulners.com/cve/CVE-2012-5081>)\n * [__https://vulners.com/cve/CVE-2012-5069__](<https://vulners.com/cve/CVE-2012-5069>)\n * [__https://vulners.com/cve/CVE-2012-5071__](<https://vulners.com/cve/CVE-2012-5071>)\n * [__https://vulners.com/cve/CVE-2012-5084__](<https://vulners.com/cve/CVE-2012-5084https://vulners.com/cve/CVE-2012-5079>)\n * [__https://vulners.com/cve/CVE-2012-5079__](<https://vulners.com/cve/CVE-2012-5079https://vulners.com/cve/CVE-2012-5089>)\n * [__https://vulners.com/cve/CVE-2012-5089__](<https://vulners.com/cve/CVE-2012-5079https://vulners.com/cve/CVE-2012-5089>)\n \n**RELATED INFORMATION: ** \n[_IBM Secure Engineering Web Portal _](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>) \n \n \n**ACKNOWLEDGEMENT** \nNone \n \n**CHANGE HISTORY** \n27 March 2013: Original Copy Published \n\n\n_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _\n\n \n_Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY._ \n\n\n[{\"Product\":{\"code\":\"SSPLFC\",\"label\":\"Tivoli Application Dependency Discovery Manager\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.2.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {}, "published": "2022-09-25T21:06:56", "type": "ibm", "title": "Security Bulletin: TADDM: Vulnerabilities in embedded JRE", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1531", "CVE-2012-3143", "CVE-2012-3216", "CVE-2012-4820", "CVE-2012-4822", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5089", "CVE-2013-1475"], "modified": "2022-09-25T21:06:56", "id": "26515D82CBE564FD841E30BEDD98666504A91C598E5AD7A19359583F7EA27CC7", "href": "https://www.ibm.com/support/pages/node/225321", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:38:17", "description": "## Summary\n\nVulnerabilities in the Java Runtime Environment (JRE) 6 SR10 and earlier component shipped with Rational Synergy may affect the security of the product.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE ID: **[**CVE-2012-0551**](<https://vulners.com/cve/CVE-2012-0551>) \n \n**Description**: Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 32 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment. \n \n**CVSS Base Score****:** 4.3 \n**CVSS Temporal Score****:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/75010>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n \n \n**CVE ID: **[**CVE-2012-1717**](<https://vulners.com/cve/CVE-2012-1717>) \n \n**Description**: Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 32 and earlier, allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux. \n \n**CVSS Base Score****:** 2.1 \n**CVSS Temporal Score****:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/76251>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:L/AC:L/Au:N/C:P/I:N/A:N) \n \n \n**CVE ID: **[**CVE-2012-1716**](<https://vulners.com/cve/CVE-2012-1716>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. \n \n**CVSS Base Score****:** 10.0 \n**CVSS Temporal Score****:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/76244>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE ID: **[**CVE-2012-1713**](<https://vulners.com/cve/CVE-2012-1713>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. \n \n**CVSS Base Score:** 10.0 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/76239> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector: **(AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE ID: **[**CVE-2012-1718**](<https://vulners.com/cve/CVE-2012-1718>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 32 and earlier, allows remote attackers to affect availability via unknown vectors related to Security. \n \n**CVSS Base Score:** 5.0 \n**CVSS Temporal Score:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/76249>_ for the current score \n**CVSS Environmental Score*: **Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVE ID: **[**CVE-2012-1719**](<https://vulners.com/cve/CVE-2012-1719>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 32 and earlier, allows remote attackers to affect integrity, related to CORBA. \n \n**CVSS Base Score:** 5.0 \n**CVSS Temporal Score: **See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/76247>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector: **(AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n \n**CVE ID: **[**CVE-2012-1722**](<https://vulners.com/cve/CVE-2012-1722>) \n \n**Description: **Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1721. \n \n**CVSS Base Score:** 10.0 \n**CVSS Temporal Score:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/76241>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE ID: **[**CVE-2012-1721**](<https://vulners.com/cve/CVE-2012-1721>) \n \n**Description: **Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1722. \n \n**CVSS Base Score****:** 10.0 \n**CVSS Temporal Score****: **See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/76240>_ for the current score \n**CVSS Environmental Score*****:** Undefined \n**CVSS ****Vector: **(AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE ID: **[**CVE-2012-1725**](<https://vulners.com/cve/CVE-2012-1725>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. \n \n**CVSS Base Score:** 10.0 \n**CVSS Temporal Score:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/76243>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE ID: **[**CVE-2012-1531**](<https://vulners.com/cve/CVE-2012-1531>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. \n \n**CVSS Base Score: **10.0 \n**CVSS Temporal Score:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/79294>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE ID: **[**CVE-2012-1532**](<https://vulners.com/cve/CVE-2012-1532>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. \n \n**CVSS Base Score****:** 10.0 \n**CVSS Temporal Score****:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/26069>_ for the current score \n**CVSS Environmental Score*****:** Undefined \n**CVSS ****Vector:** (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE ID: **[**CVE-2012-1533**](<https://vulners.com/cve/CVE-2012-1533>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. \n \n**CVSS Base Score****:** 10.0 \n**CVSS Temporal Score****:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/26069>_ for the current score \n**CVSS Environmental Score*****: **Undefined \n**CVSS ****Vector: **(AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE ID: **[**CVE-2012-3143**](<https://vulners.com/cve/CVE-2012-3143>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability, related to JMX. \n \n**CVSS Base Score****:** 10.0 \n**CVSS Temporal Score****:** Unknown \n**CVSS Environmental Score*****:** Undefined \n**CVSS ****Vector: **(AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE ID: **[**CVE-2012-3159**](<https://vulners.com/cve/CVE-2012-3159>) \n \n**Description: **Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. \n \n**CVSS Base Score:** 7.5 \n**CVSS Temporal Score****:** Unknown \n**CVSS Environmental Score*****:** Undefined \n**CVSS ****Vector:** (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**CVE ID: **[**CVE-2012-3216**](<https://vulners.com/cve/CVE-2012-3216>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. \n \n**CVSS Base Score:** 2.6 \n**CVSS Temporal Score:** Unknown \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:N/A:N) \n \n \n**CVE ID: **[**CVE-2012-4416**](<https://vulners.com/cve/CVE-2012-4416>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 updates 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot. \n \n**CVSS Base Score:** 6.4 \n**CVSS Temporal Score:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/78432>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:P/I:P/A:N) \n \n \n**CVE ID: **[**CVE-2012-****5068**](<https://vulners.com/cve/CVE-2012-5068>) \n \n**Description: **Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. \n \n**CVSS Base Score****:** 7.5 \n**CVSS Temporal Score****:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/79293>_ for the current score \n**CVSS Environmental Score*****:** Undefined \n**CVSS ****Vector:** (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**CVE ID: **[**CVE-2012-****5069**](<https://vulners.com/cve/CVE-2012-5069>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency. \n \n**CVSS Base Score:** 5.8 \n**CVSS Temporal Score****:** Unknown \n**CVSS Environmental Score*****:** Undefined \n**CVSS ****Vector:** (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n \n \n**CVE ID: **[**CVE-2012-****5071**](<https://vulners.com/cve/CVE-2012-5071>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 35 and earlier, allows remote attackers to affect confidentiality and integrity, related to JMX. \n \n**CVSS Base Score: **6.4 \n**CVSS Temporal Score****: **Unknown \n**CVSS Environmental Score*****:** Undefined \n**CVSS ****Vector: **(AV:N/AC:L/Au:N/C:P/I:P/A:N) \n \n \n**CVE ID: **[**CVE-2012-****5072**](<https://vulners.com/cve/CVE-2012-5072>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security. \n \n**CVSS Base Score: **5.0 \n**CVSS Temporal Score****:** Unknown \n**CVSS Environmental Score*****:** Undefined \n**CVSS Vector****: **(AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n \n**CVE ID: **[**CVE-2012-****5073**](<https://vulners.com/cve/CVE-2012-5073>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 35 and earlier, allows remote attackers to affect integrity via unknown vectors related to Libraries. \n \n**CVSS Base Score:** 5.0 \n**CVSS Temporal Score****:** Unknown \n**CVSS Environmental Score*****:** Undefined \n**CVSS Vector****:** (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n \n**CVE ID: **[**CVE-2012-****5075**](<https://vulners.com/cve/CVE-2012-5075>) \n \n**Description:** Unspecified vulnerability in the Java Runtime Environment (JRE) 6 update 35 and earlier, allows remote attackers to affect confidentiality, related to JMX. \n \n**CVSS Base Score:** 5.0 \n**CVSS Temporal Score****: **Unknown \n**CVSS Environmental Score*****:** Undefined \n**CVSS Vector****: **(AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nAll Rational Synergy supported platforms\n\n## Remediation/Fixes\n\nRational Synergy 7.1.0.x should upgrade to Rational Synergy version 7.1.0.7 ([Rational Synergy 7.1.0.7](<http://www.ibm.com/support/docview.wss?uid=swg24033509>)) or later.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-12-22T17:41:28", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Rational Synergy", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0551", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-1717", "CVE-2012-1718", "CVE-2012-1719", "CVE-2012-1721", "CVE-2012-1722", "CVE-2012-1725", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075"], "modified": "2020-12-22T17:41:28", "id": "5F88C2F077BAE6C14B265D60A735B19AC50E8C1401A58DB3FCBBE5B67A702B40", "href": "https://www.ibm.com/support/pages/node/485599", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T22:15:23", "description": "## Abstract\n\nIBM InfoSphere Streams makes use of IBM Java SE Version Version 6 SDK. Potential security exposures exist in IBM InfoSphere Streams due to vulnerabilities in IBM Java SE Version 6 SDK.\n\n## Content\n\n**VULNERABILITY**** ****DETAILS:** \n \n**CVE-2012-1718, CVE-2012-3143, CVE-2012-3159, CVE-2012-5081** \n \n**DESCRIPTION: ** \n \nVulnerabilities in the IBM Java SE Version 6 SDK allow remote attackers to affect confidentiality, integrity, and availability. For additional information on specific vulnerabilities refer to the CVE references. \n \n**CVSS:** \n \n**CVEID: CVE-2012-1718** \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See ([_https://exchange.xforce.ibmcloud.com/vulnerabilities/76249_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/76249>)) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID: CVE-2012-3143** \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See ([_https://exchange.xforce.ibmcloud.com/vulnerabilities/79419_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79419>)) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n**CVEID: CVE-2012-3159** \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See ([_https://exchange.xforce.ibmcloud.com/vulnerabilities/79424_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79424>)) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n**CVEID: CVE-2012-5081** \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See ([_https://exchange.xforce.ibmcloud.com/vulnerabilities/79435_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79435>)) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**AFFECTED VERSIONS/PLATFORMS:** \n \nIBM InfoSphere Streams V1.2 (all fix levels) \nIBM InfoSphere Streams V2.0 (all fix levels) \nIBM InfoSphere Streams V3.0 \n \n**REMEDIATION:** \n \nThe recommended solution is to apply the IBM SDK for Linux\u00ae Java SE Version 6 fix \nas soon as practical. Please see below for the fix information. \nTo download the fix, perform the following steps: \n1\\. Go to \n[1.2.0.0-Patch_for_IBM_Java6_SR12](<http://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information+Management&product=ibm/Information+Management/InfoSphere+Streams&release=All&platform=All&function=fixId&fixids=1.2.0.0-Patch_for_IBM_Java6_SR12&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) (Version 1.2.1) \n[2.0.0.0-Patch_for_IBM_Java6_SR12](<http://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information+Management&product=ibm/Information+Management/InfoSphere+Streams&release=All&platform=All&function=fixId&fixids=2.0.0.0-Patch_for_IBM_Java6_SR12&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) (Version 2.0) \n[3.0.0.0-Patch_for_IBM_Java6_SR12](<http://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information+Management&product=ibm/Information+Management/InfoSphere+Streams&release=All&platform=All&function=fixId&fixids=3.0.0.0-Patch_for_IBM_Java6_SR12&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) (Version 3.0) \n2\\. In the Download page, download the following: \nFix: Patch_for_IBM_Java6_SR12.tar.gz \nReadme: Patch_for_IBM_Java6_SR12.readme.txt \n3\\. Follow the instructions in the Readme to install the fix. \n \n** ** \n**WORKAROUNDS:** \n \nNone. \n \n**MITIGATIONS:** \n \nNone. \n \n**REFERENCES:** \n \n[_CVE-2012-1718_](<https://vulners.com/cve/CVE-2012-1718>) \n[_CVE-2012-3143_](<https://vulners.com/cve/CVE-2012-3143>) \n[_CVE-2012-3159_](<https://vulners.com/cve/CVE-2012-3159>) \n[_CVE-2012-5081_](<https://vulners.com/cve/CVE-2012-5081>) \n \nComplete CVSS Guide ([](<http://www.first.org/cvss/cvss-guide.html>)[__http://www.first.org/cvss/v2/guide__](<http://www.first.org/cvss/v2/guide>)) \nOn-line Calculator V2 ([__http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)) \nX-Force Vulnerability Database _(_[_https://exchange.xforce.ibmcloud.com/)_](<https://exchange.xforce.ibmcloud.com/>) \n \n**RELATED INFORMATION: ** \n \n[\uf0b7 __IBM Secure Engineering Web Portal__](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>) \n[\uf0b7 __IBM Product Security Incident Response Blog__](<https://www.ibm.com/blogs/PSIRT>) \n\n\n_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _\n\n**_Note: _**_According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY._\n\n[{\"Product\":{\"code\":\"SSCRJU\",\"label\":\"IBM Streams\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.2;2.0;3.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {}, "published": "2022-09-25T23:13:40", "type": "ibm", "title": "Security Bulletin: Potential security exposure when using IBM InfoSphere Streams due to vulnerabilities in IBM Java SE Version 6 SDK.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1718", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-5081"], "modified": "2022-09-25T23:13:40", "id": "927AB101A523874E35F3A61494C66C58B004E7492F4AB7E06CFD4880FCC23969", "href": "https://www.ibm.com/support/pages/node/487015", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-29T18:27:58", "description": "## Abstract\n\nMultiple security vulnerabilities in IBM Java Runtime Environment (JRE) can affect the security of IBM Content Classification.\n\n## Content\n\n**VULNERABILITY DETAILS** \n \n**CVE IDs:** CVE-2012-5083, CVE-2012-1531 \n \n**DESCRIPTION** \nVulnerabilities in IBM JRE Service Release 12 can impact the security of IBM Content Classification Version 8.8. Fixes are available in IBM Content Classification Version 8.8 Interim Fix 1. \n \n**CVE ID: **[**_CVE-2012-5083_**](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5083>) \n \n_CVSS Base Score 10 \nCVSS Temporal Score: See _[__https://exchange.xforce.ibmcloud.com/vulnerabilities/79412__](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79412>)_ \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)_ \n \n \n**CVE ID: **[**_CVE-2012-1531_**](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1531>)\n\n_CVSS Base Score 10 \nCVSS Temporal Score: See _[__https://exchange.xforce.ibmcloud.com/vulnerabilities/79413__](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79413>)_ \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)_\n\n \n \n \n**AFFECTED PRODUCT AND VERSION****:** \nIBM Content Classification Version 8.8 \n \n** \nREMEDIATION:** \nFixes are available in IBM Content Classification Version 8.8 Interim Fix 1. For instructions on downloading and installing Interim Fix 1, see the [_IBM Content Classification Version 8.8 Interim Fix 1 download document_](<http://www.ibm.com/support/docview.wss?uid=swg24034391>). \n \n** \nMITIGATION:** \nNone. Install the interim fix. \n \n**_ \nNote: _**_According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY_. \n\n## Related Information \n\n[IBM Content Classification Version 8.8 Interim Fix 1](<http://www.ibm.com/support/docview.wss?uid=swg24034391>)\n\n[{\"Product\":{\"code\":\"SSBRAM\",\"label\":\"IBM Content Classification\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"8.8\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {}, "published": "2022-09-25T20:45:36", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Content Classification Version 8.8 due to security vulnerabilities in IBM JRE 6", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1531", "CVE-2012-5083"], "modified": "2022-09-25T20:45:36", "id": "0A97610EBE8000799CEC9A08AFCAF0F5899EFB5953311FFD2EA25DBDFCAACD46", "href": "https://www.ibm.com/support/pages/node/219951", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T22:15:24", "description": "## Abstract\n\nIBM Java Runtime Environment 6.0 SR 13 release containing multiple fixes for CVEs covered in Oracle's Critical Patch Update release of October (2012), January 13, February 1 and February 19 releases (2013) contained in JDK 6.0 SR 10 and earlier\n\n## Content\n\n**VULNERABILITY DETAILS**\n\n**CVE ID: **CVE-2012-3159,CVE-2012-3216,CVE-2012-5068,CVE-2012-3143,CVE-2012-3143,CVE-2012-5073,CVE-2012-5075,CVE-2012-5083,CVE-2012-5083,CVE-2012-5072,CVE-2012-1531,CVE-2012-5081,CVE-2012-1532,CVE-2012-1533,CVE-2012-5069,CVE-2012-5071,CVE-2012-5084,CVE-2012-5079,CVE-2012-5089,CVE-2012-1541,CVE-2012-3213,CVE-2012-3342,CVE-2013-0351,CVE-2013-0409,CVE-2013-0419,CVE-2013-0423,CVE-2013-0424,CVE-2013-0425,CVE-2013-0426,CVE-2013-0427,CVE-2013-0428,CVE-2013-0432,CVE-2013-0433,CVE-2013-0434,CVE-2013-0435,CVE-2013-0438,CVE-2013-0440,CVE-2013-0441,CVE-2013-0442,CVE-2013-0443,CVE-2013-0445,CVE-2013-0446,CVE-2013-0450,CVE-2013-0809,CVE-2013-1473,CVE-2013-1475,CVE-2013-1476,CVE-2013-1478,CVE-2013-1480,CVE-2013-1481,CVE-2013-1486,CVE-2013-1487,CVE-2013-1493\n\n**DESCRIPTION:**\n\nIBM WebSphere ILOG JRules and IBM Operational Decision Manager includes a JDK 6.0 SR 4 containing a number of security vulnerabilities listed below:\n\n \n \nCVEID: [CVE-2012-3159](<https://vulners.com/cve/CVE-2012-3159>) \nCVSS Base Score 7.5 \nCVSS Temporal Score: See [X-Force 79424](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79424>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \nCVEID: [CVE-2012-3216](<https://vulners.com/cve/CVE-2012-3216>) \nCVSS Base Score 2.6 \nCVSS Temporal Score: See [X-Force 79436](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79436>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:H/Au:N/C:P/I:N/A:N) \n \nCVEID: [CVE-2012-5068](<https://vulners.com/cve/CVE-2012-5068>) \nCVSS Base Score 7.5 \nCVSS Temporal Score: See [X-Force 79425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79425>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \nCVEID: [CVE-2012-5070](<https://vulners.com/cve/CVE-2012-5070>) \nCVSS Base Score 5 \nCVSS Temporal Score: See [X-Force 79430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79430>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \nCVEID: [CVE-2012-5067](<https://vulners.com/cve/CVE-2012-5067>) \nCVSS Base Score 5 \nCVSS Temporal Score: See [X-Force 79429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79429>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \nCVEID: [CVE-2012-3143](<https://vulners.com/cve/CVE-2012-3143>) \nCVSS Base Score 10 \nCVSS Temporal Score: See [X-Force 79419](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79419>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2012-5076](<https://vulners.com/cve/CVE-2012-5076>) \nCVSS Base Score 9.3 \nCVSS Temporal Score: See [X-Force 79418](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79418>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2012-5077](<https://vulners.com/cve/CVE-2012-5077>) \nCVSS Base Score 2.6 \nCVSS Temporal Score: See [X-Force 79437](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79437>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:H/Au:N/C:P/I:N/A:N) \n \nCVEID: [CVE-2012-5073](<https://vulners.com/cve/CVE-2012-5073>) \nCVSS Base Score 5 \nCVSS Temporal Score: See [X-Force 79432](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79432>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \nCVEID: [CVE-2012-5074](<https://vulners.com/cve/CVE-2012-5074>) \nCVSS Base Score 6.4 \nCVSS Temporal Score: See [X-Force 79426](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79426>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:N) \n \nCVEID: [CVE-2012-5075](<https://vulners.com/cve/CVE-2012-5075>) \nCVSS Base Score 5 \nCVSS Temporal Score: See [X-Force 79431](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79431>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \nCVEID: [CVE-2012-5083](<https://vulners.com/cve/CVE-2012-5083>) \nCVSS Base Score 10 \nCVSS Temporal Score: See [X-Force 79412](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79412>) \nCVSS Environmental Score undefined \nCVSS Vector ((AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2012-5072](<https://vulners.com/cve/CVE-2012-5072>) \nCVSS Base Score 5 \nCVSS Temporal Score: See [X-Force 79434](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79434>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \nCVEID: [CVE-2012-1531](<https://vulners.com/cve/CVE-2012-1531>) \nCVSS Base Score 10 \nCVSS Temporal Score: See [X-Force 79413](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79413>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2012-5081](<https://vulners.com/cve/CVE-2012-5081>) \nCVSS Base Score 5 \nCVSS Temporal Score: See [X-Force 79435](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79435>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \nCVEID: [CVE-2012-1532](<https://vulners.com/cve/CVE-2012-1532>) \nCVSS Base Score 10 \nCVSS Temporal Score: See [X-Force 79417](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79417>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2012-1533](<https://vulners.com/cve/CVE-2012-1533>) \nCVSS Base Score 10 \nCVSS Temporal Score: See [X-Force 79416](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79416>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2012-5069](<https://vulners.com/cve/CVE-2012-5069>) \nCVSS Base Score 5.8 \nCVSS Temporal Score: See [X-Force 79428](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79428>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n \nCVEID: [CVE-2012-5071](<https://vulners.com/cve/CVE-2012-5071>) \nCVSS Base Score 6.4 \nCVSS Temporal Score: See [X-Force 79427](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79427>) \nCVSS Environmental Score undefined \nCVSS Vector(AV:N/AC:L/Au:N/C:P/I:P/A:N) \n \nCVEID: [CVE-2012-5084](<https://vulners.com/cve/CVE-2012-5084>) \nCVSS Base Score 7.6 \nCVSS Temporal Score: See [X-Force 79423](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79423>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2012-5087](<https://vulners.com/cve/CVE-2012-5087>) \nCVSS Base Score 10 \nCVSS Temporal Score: See [X-Force 79415](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79415>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2012-5086](<https://vulners.com/cve/CVE-2012-5086>) \nCVSS Base Score 10 \nCVSS Temporal Score: See [X-Force 79414](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79414>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2012-5079](<https://vulners.com/cve/CVE-2012-5079>) \nCVSS Base Score 5 \nCVSS Temporal Score: See [X-Force 79433](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79433>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \nCVEID: [CVE-2012-5088](<https://vulners.com/cve/CVE-2012-5088>) \nCVSS Base Score 10 \nCVSS Temporal Score: See [X-Force 79420](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79420>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2012-5089](<https://vulners.com/cve/CVE-2012-5089>) \nCVSS Base Score 7.6 \nCVSS Temporal Score: See [X-Force 79422](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79422>) \nCVSS Environmental Score undefined \nCVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2012-1541](<https://vulners.com/cve/CVE-2012-1541>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81761](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81761>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2012-1543](<https://vulners.com/cve/CVE-2012-1543>) \nCVSS Base Score: 7.6 \nCVSS Temporal Score: See [X-Force 81785](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81785>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) \n| \nCVEID: [CVE-2012-3213](<https://vulners.com/cve/CVE-2012-3213>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81769](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81769>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2012-4301](<https://vulners.com/cve/CVE-2012-4301>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81775](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81775>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2012-4305](<https://vulners.com/cve/CVE-2012-4305>) \nCVSS Base Score: 9.3 \nCVSS Temporal Score: See [X-Force 81780](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81780>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0351](<https://vulners.com/cve/CVE-2013-0351>) \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [X-Force 81786](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81786>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \nCVEID: [CVE-2013-0409](<https://vulners.com/cve/CVE-2013-0409>) \nCVSS Base Score: 5 \nCVSS Temporal Score: See [X-Force 81793](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81793>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \nCVEID: [CVE-2013-0419](<https://vulners.com/cve/CVE-2013-0419>) \nCVSS Base Score: 7.6 \nCVSS Temporal Score: See [X-Force 81783](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81783>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0423](<https://vulners.com/cve/CVE-2013-0423>) \nCVSS Base Score: 7.6 \nCVSS Temporal Score: See [X-Force 81784](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81784>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0424](<https://vulners.com/cve/CVE-2013-0424>) \nCVSS Base Score: 5 \nCVSS Temporal Score: See [X-Force 81798](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81798>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \nCVEID: [CVE-2013-0425](<https://vulners.com/cve/CVE-2013-0425>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81766>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0426](<https://vulners.com/cve/CVE-2013-0426>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81767](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81767>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0427](<https://vulners.com/cve/CVE-2013-0427>) \nCVSS Base Score: 5 \nCVSS Temporal Score: See [X-Force 81795](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81795>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \nCVEID: [CVE-2013-0428](<https://vulners.com/cve/CVE-2013-0428>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81768>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0429](<https://vulners.com/cve/CVE-2013-0429>) \nCVSS Base Score: 7.6 \nCVSS Temporal Score: See [X-Force 81782](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81782>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0430](<https://vulners.com/cve/CVE-2013-0430>) \nCVSS Base Score: 6.9 \nCVSS Temporal Score: See [X-Force 81787](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81787>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0431](<https://vulners.com/cve/CVE-2013-0431>) \nCVSS Base Score: 5 \nCVSS Temporal Score: See [X-Force 81794](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81794>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \nCVEID: [CVE-2013-0432](<https://vulners.com/cve/CVE-2013-0432>) \nCVSS Base Score: 6.4 \nCVSS Temporal Score: See [X-Force 81788](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81788>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N) \n \nCVEID: [CVE-2013-0433](<https://vulners.com/cve/CVE-2013-0433>) \nCVSS Base Score: 5 \nCVSS Temporal Score: See [X-Force 81797](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81797>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \nCVEID: [CVE-2013-0434](<https://vulners.com/cve/CVE-2013-0434>) \nCVSS Base Score: 5 \nCVSS Temporal Score: See [X-Force 81792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81792>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \nCVEID: [CVE-2013-0435](<https://vulners.com/cve/CVE-2013-0435>) \nCVSS Base Score: 5 \nCVSS Temporal Score: See [X-Force 81791](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81791>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \nCVEID: [CVE-2013-0436](<https://vulners.com/cve/CVE-2013-0436>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81771](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81771>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0437](<https://vulners.com/cve/CVE-2013-0437>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81753](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81753>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0438](<https://vulners.com/cve/CVE-2013-0438>) \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [X-Force 81800](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81800>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \nCVEID: [CVE-2013-0439](<https://vulners.com/cve/CVE-2013-0439>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81772](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81772>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0440](<https://vulners.com/cve/CVE-2013-0440>) \nCVSS Base Score: 5 \nCVSS Temporal Score: See [X-Force 81799](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81799>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \nCVEID: [CVE-2013-0441](<https://vulners.com/cve/CVE-2013-0441>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81758](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81758>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0442](<https://vulners.com/cve/CVE-2013-0442>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81755](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81755>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0443](<https://vulners.com/cve/CVE-2013-0443>) \nCVSS Base Score: 4 \nCVSS Temporal Score: See [X-Force 81801](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81801>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n| \nCVEID: [CVE-2013-0444](<https://vulners.com/cve/CVE-2013-0444>) \nCVSS Base Score: 7.6 \nCVSS Temporal Score: See [X-Force 81781](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81781>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0445](<https://vulners.com/cve/CVE-2013-0445>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81756](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81756>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0446](<https://vulners.com/cve/CVE-2013-0446>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81762](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81762>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0447](<https://vulners.com/cve/CVE-2013-0447>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81773](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81773>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-0448](<https://vulners.com/cve/CVE-2013-0448>) \nCVSS Base Score: 5 \nCVSS Temporal Score: See [X-Force 81796](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81796>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \nCVEID: [CVE-2013-0449](<https://vulners.com/cve/CVE-2013-0449>) \nCVSS Base Score: 5 \nCVSS Temporal Score: See [X-Force 81789](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81789>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \nCVEID: [CVE-2013-0450](<https://vulners.com/cve/CVE-2013-0450>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81764](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81764>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1472](<https://vulners.com/cve/CVE-2013-1472>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81774](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81774>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1473](<https://vulners.com/cve/CVE-2013-1473>) \nCVSS Base Score: 5 \nCVSS Temporal Score: See [X-Force 81790](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81790>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \nCVEID: [CVE-2013-1474](<https://vulners.com/cve/CVE-2013-1474>) \nCVSS Base Score: 9.3 \nCVSS Temporal Score: See [X-Force 81779](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81779>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1475](<https://vulners.com/cve/CVE-2013-1475>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81759](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81759>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1476](<https://vulners.com/cve/CVE-2013-1476>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81760](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81760>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1477](<https://vulners.com/cve/CVE-2013-1477>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81776](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81776>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1478](<https://vulners.com/cve/CVE-2013-1478>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81754>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1479](<https://vulners.com/cve/CVE-2013-1479>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81765](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81765>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1480](<https://vulners.com/cve/CVE-2013-1480>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81757](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81757>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1481](<https://vulners.com/cve/CVE-2013-1481>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81770](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81770>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1482](<https://vulners.com/cve/CVE-2013-1482>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81777](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81777>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1483](<https://vulners.com/cve/CVE-2013-1483>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 81778](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81778>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1484](<https://vulners.com/cve/CVE-2013-1484>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 82179](<https://exchange.xforce.ibmcloud.com/vulnerabilities/82179>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1485](<https://vulners.com/cve/CVE-2013-1485>) \nCVSS Base Score: 5 \nCVSS Temporal Score: See [X-Force 82180](<https://exchange.xforce.ibmcloud.com/vulnerabilities/82180>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \nCVEID: [CVE-2013-1486](<https://vulners.com/cve/CVE-2013-1486>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 82178](<https://exchange.xforce.ibmcloud.com/vulnerabilities/82178>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1487](<https://vulners.com/cve/CVE-2013-1487>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 82177](<https://exchange.xforce.ibmcloud.com/vulnerabilities/82177>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1489](<https://vulners.com/cve/CVE-2013-1489>) \nCVSS Base Score: 0 \nCVSS Temporal Score: See [X-Force 81802](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81802>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:N) \n \nCVEID: [CVE-2013-0809](<https://vulners.com/cve/CVE-2013-0809>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 82515](<https://exchange.xforce.ibmcloud.com/vulnerabilities/82515>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \nCVEID: [CVE-2013-1493](<https://vulners.com/cve/CVE-2013-1493>) \nCVSS Base Score: 10 \nCVSS Temporal Score: See [X-Force 82514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/82514>) \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n---|---|--- \n \n \n_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _ \n \n \n**AFFECTED PLATFORMS:** \nIBM WebSphere ILOG JRules V7.1.1 is affected on Windows system where a JDK is provided. \nIBM WebSphere Operational Decision Management V7.5 and IBM Operational Decision Manager V8.0 are affected on all distributed platforms. \n \n**REMEDIATION: ** \nApply the fixes described below \n \n**FIX** \nFor IBM WebSphere ILOG JRules V7.1.1.x an interim fix for APAR RS01283 is available from IBM Fix Central: [7.1.1.5-WS-BRMS_JDK-WIN-IF018](<http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+ILOG+JRules&release=All&platform=All&function=aparId&apars=RS01283&source=fc>) \n \nFor IBM WebSphere Operational Decision Manager v7.5 a fix pack for APAR RS01283 is available from IBM Fix Central: [Fix Pack 7.5.0.4](<http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Operational+Decision+Management&release=7.5.0.0&platform=All&function=aparId&apars=RS01283&source=fc>) \n \nAPAR RS01283 is targeted for availability in IBM Operational Decision Manager V8.0.1.1 \n \n**MITIGATION:** \nnone known \n \n**WORKAROUND:** \nNone known; apply fixes \n \n**REFERENCES**: \nComplete CVSS Guide (<https://www.first.org/cvss/v2/guide>) \nOn-line Calculator V2 ([http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)) \n \n \n**CHANGE HISTORY**: \n29 Apr 2013: Original Copy \n20 Feb 2016: Fix broken link CVSS guide \n \n_Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY_\n\n[{\"Product\":{\"code\":\"SSQP76\",\"label\":\"IBM Operational Decision Manager\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Maintenance\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"8.0.1;7.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Product\":{\"code\":\"SS6MTS\",\"label\":\"WebSphere ILOG JRules\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Maintenance\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.1.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {}, "published": "2022-09-25T23:13:40", "type": "ibm", "title": "Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE 6.0", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-1541", "CVE-2012-1543", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3213", "CVE-2012-3216", "CVE-2012-3342", "CVE-2012-4301", "CVE-2012-4305", "CVE-2012-5067", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089", "CVE-2013-0351", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0430", "CVE-2013-0431", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0436", "CVE-2013-0437", "CVE-2013-0438", "CVE-2013-0439", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0447", "CVE-2013-0448", "CVE-2013-0449", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1472", "CVE-2013-1473", "CVE-2013-1474", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1477", "CVE-2013-1478", "CVE-2013-1479", "CVE-2013-1480", "CVE-2013-1481", "CVE-2013-1482", "CVE-2013-1483", "CVE-2013-1484", "CVE-2013-1485", "CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1489", "CVE-2013-1493"], "modified": "2022-09-25T23:13:40", "id": "C84B4AF1E4DFDAA1D01B212AB48E59FAE64DCE886C1682502F098ED789D47987", "href": "https://www.ibm.com/support/pages/node/491295", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:10", "description": "[1.7.0.9-2.3.3.0.1.el6_3.1]\n- Update DISTRO_NAME in specfile\n[1.7.0.9-2.3.3.el6.1]\n- Changed permissions of sa-jdi.jar to correct 644\n- Resolves: rhbz#865050\n[1.7.0.9-2.3.3.el6]\n- Updated to 2.3.3\n- Updated java-1.7.0-openjdk-java-access-bridge-security.patch\n- Resolves rhbz#s 856124, 865346, 865348, 865350, 865352, 865354, 865357,\n 865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514,\n 865519, 865531, 865541, 865568\n[1.7.0.5-2.3.2.el6.1]\n- Cleanup before security release\n- Updated to latest IcedTea7-forest 2.3\n- Resolves: rhbz#852299\n[1.7.0.5-2.2.1.1.el6.4]\n- Cleanup before security release\n- Removed patches:\n patch 1001 sec-webrevs-openjdk7-29_aug_2012-7162473.patch\n patch 1002 sec-webrevs-openjdk7-29_aug_2012-7162476.patch\n patch 1003 sec-webrevs-openjdk7-29_aug_2012-7163201.patch\n patch 1004 sec-webrevs-openjdk7-29_aug_2012-7194567.patch\n patch 1005 sec-webrevs-openjdk7-29_aug_2012-78e01a6ca8d3.patch\n- Resolves: rhbz#852299", "cvss3": {}, "published": "2012-10-17T00:00:00", "type": "oraclelinux", "title": "java-1.7.0-openjdk security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-5087", "CVE-2012-5085", "CVE-2012-5076", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5088", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068", "CVE-2012-5070"], "modified": "2012-10-17T00:00:00", "id": "ELSA-2012-1386", "href": "http://linux.oracle.com/errata/ELSA-2012-1386.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:25", "description": "[1:1.6.0.0-1.28.1.10.10.0.1.el5_8]\n- Add oracle-enterprise.patch\n[1:1.6.0.0-1.28.1.10.10]\n- Updated to IcedTea6 1.10.10\n- Resolves rhbz#s 856124, 865346, 865348, 865350, 865352, 865354, 865357,\n 865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514,\n 865519, 865531, 865541, 865568", "cvss3": {}, "published": "2012-10-17T00:00:00", "type": "oraclelinux", "title": "java-1.6.0-openjdk security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-5085", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068"], "modified": "2012-10-17T00:00:00", "id": "ELSA-2012-1385", "href": "http://linux.oracle.com/errata/ELSA-2012-1385.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:20", "description": "[1:1.6.0.0-1.50.1.11.5]\n- Changed permissions of sa-jdi.jar to correct 644\n- Resolves: rhbz#865045\n[1:1.6.0.0-1.49.1.11.5]\n- Updated to IcedTea6 1.11.5\n- Resolves rhbz#s 856124, 865346, 865348, 865350, 865352, 865354, 865357,\n 865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514,\n 865519, 865531, 865541, 865568", "cvss3": {}, "published": "2012-10-17T00:00:00", "type": "oraclelinux", "title": "java-1.6.0-openjdk security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-5085", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068"], "modified": "2012-10-17T00:00:00", "id": "ELSA-2012-1384", "href": "http://linux.oracle.com/errata/ELSA-2012-1384.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-01-11T11:05:58", "description": "Check for the Version of java", "cvss3": {}, "published": "2012-10-19T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2012:1386 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-5087", "CVE-2012-5085", "CVE-2012-5076", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5088", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068", "CVE-2012-5070"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:881525", "href": "http://plugins.openvas.org/nasl.php?oid=881525", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2012:1386 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the Beans,\n Libraries, Swing, and JMX components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084,\n CVE-2012-5089)\n \n The default Java security properties configuration did not restrict access\n to certain com.sun.org.glassfish packages. An untrusted Java application\n or applet could use these flaws to bypass Java sandbox restrictions. This\n update lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074)\n \n Multiple improper permission check issues were discovered in the Scripting,\n JMX, Concurrency, Libraries, and Security components in OpenJDK. An\n untrusted Java application or applet could use these flaws to bypass\n certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\n CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n \n It was discovered that java.util.ServiceLoader could create an instance of\n an incompatible class while performing provider lookup. An untrusted Java\n application or applet could use this flaw to bypass certain Java sandbox\n restrictions. (CVE-2012-5079)\n \n It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\n implementation did not properly handle handshake records containing an\n overly large data length value. An unauthenticated, remote attacker could\n possibly use this flaw to cause an SSL/TLS server to terminate with an\n exception. (CVE-2012-5081)\n \n It was discovered that the JMX component in OpenJDK could perform certain\n actions in an insecure manner. An untrusted Java application or applet\n could possibly use these flaws to disclose sensitive information.\n (CVE-2012-5070, CVE-2012-5075)\n \n A bug in the Java HotSpot Virtual Machine optimization code could cause it\n to not perform array initialization in certain cases. An untrusted Java\n application or applet could use this flaw to disclose portions of the\n virtual machine's memory. (CVE-2012-4416)\n \n It was discovered that the SecureRandom class did not properly protect\n against the creation of multiple seeders. An untrusted Java application or\n applet could possibly use this flaw to disclose sensitive information.\n (CVE-2012-5077)\n \n It was discovered that the java.io.FilePermission class exposed the hash\n code of the canonicalized path name. An untrusted Java application or\n applet could possibly use this flaw to determine certain system paths, suc ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"java on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-October/018947.html\");\n script_id(881525);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-19 10:20:49 +0530 (Fri, 19 Oct 2012)\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\",\n \"CVE-2012-5070\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\",\n \"CVE-2012-5074\", \"CVE-2012-5075\", \"CVE-2012-5076\", \"CVE-2012-5077\",\n \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\",\n \"CVE-2012-5086\", \"CVE-2012-5087\", \"CVE-2012-5088\", \"CVE-2012-5089\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1386\");\n script_name(\"CentOS Update for java CESA-2012:1386 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:06:40", "description": "Check for the Version of java-1.7.0-openjdk", "cvss3": {}, "published": "2012-10-19T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-5087", "CVE-2012-5085", "CVE-2012-5076", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5088", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068", "CVE-2012-5070"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:870853", "href": "http://plugins.openvas.org/nasl.php?oid=870853", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the Beans,\n Libraries, Swing, and JMX components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084,\n CVE-2012-5089)\n\n The default Java security properties configuration did not restrict access\n to certain com.sun.org.glassfish packages. An untrusted Java application\n or applet could use these flaws to bypass Java sandbox restrictions. This\n update lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074)\n\n Multiple improper permission check issues were discovered in the Scripting,\n JMX, Concurrency, Libraries, and Security components in OpenJDK. An\n untrusted Java application or applet could use these flaws to bypass\n certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\n CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"java-1.7.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-October/msg00027.html\");\n script_id(870853);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-19 09:49:34 +0530 (Fri, 19 Oct 2012)\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\",\n \"CVE-2012-5070\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\",\n \"CVE-2012-5074\", \"CVE-2012-5075\", \"CVE-2012-5076\", \"CVE-2012-5077\",\n \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\",\n \"CVE-2012-5086\", \"CVE-2012-5087\", \"CVE-2012-5088\", \"CVE-2012-5089\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1386-01\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1.7.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.3.el6_3.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.9~2.3.3.el6_3.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:19:47", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1619-1", "cvss3": {}, "published": "2012-10-29T00:00:00", "type": "openvas", "title": "Ubuntu Update for openjdk-7 USN-1619-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-1533", "CVE-2012-3159", "CVE-2012-5087", "CVE-2012-5085", "CVE-2012-5076", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5067", "CVE-2012-5083", "CVE-2012-5088", "CVE-2012-5086", "CVE-2012-1532", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-1531", "CVE-2012-5068", "CVE-2012-3143", "CVE-2012-5070"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841202", "href": "http://plugins.openvas.org/nasl.php?oid=841202", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1619_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for openjdk-7 USN-1619-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several information disclosure vulnerabilities were discovered in the\n OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075,\n CVE-2012-5077, CVE-2012-5085)\n\n Vulnerabilities were discovered in the OpenJDK JRE related to information\n disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071)\n \n Several vulnerabilities were discovered in the OpenJDK JRE related to\n information disclosure and data integrity. An attacker could exploit these\n to cause a denial of service. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,\n CVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084,\n CVE-2012-5086, CVE-2012-5089)\n \n Information disclosure vulnerabilities were discovered in the OpenJDK JRE.\n These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070)\n \n Vulnerabilities were discovered in the OpenJDK JRE related to data\n integrity. (CVE-2012-5073, CVE-2012-5079)\n \n A vulnerability was discovered in the OpenJDK JRE related to information\n disclosure and data integrity. This issue only affected Ubuntu 12.10.\n (CVE-2012-5074)\n \n Several vulnerabilities were discovered in the OpenJDK JRE related to\n information disclosure and data integrity. An attacker could exploit these\n to cause a denial of service. These issues only affected Ubuntu 12.10.\n (CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)\n \n A denial of service vulnerability was found in OpenJDK. (CVE-2012-5081)\n \n Please see the following for more information:\n http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1619-1\";\ntag_affected = \"openjdk-7 on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1619-1/\");\n script_id(841202);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-29 11:03:54 +0530 (Mon, 29 Oct 2012)\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-5069\", \"CVE-2012-5072\", \"CVE-2012-5075\",\n \"CVE-2012-5077\", \"CVE-2012-5085\", \"CVE-2012-4416\", \"CVE-2012-5071\",\n \"CVE-2012-1531\", \"CVE-2012-1532\", \"CVE-2012-1533\", \"CVE-2012-3143\",\n \"CVE-2012-3159\", \"CVE-2012-5068\", \"CVE-2012-5083\", \"CVE-2012-5084\",\n \"CVE-2012-5086\", \"CVE-2012-5089\", \"CVE-2012-5067\", \"CVE-2012-5070\",\n \"CVE-2012-5073\", \"CVE-2012-5079\", \"CVE-2012-5074\", \"CVE-2012-5076\",\n \"CVE-2012-5087\", \"CVE-2012-5088\", \"CVE-2012-5081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1619-1\");\n script_name(\"Ubuntu Update for openjdk-7 USN-1619-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:15", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1619-1", "cvss3": {}, "published": "2012-10-29T00:00:00", "type": "openvas", "title": "Ubuntu Update for openjdk-7 USN-1619-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-1533", "CVE-2012-3159", "CVE-2012-5087", "CVE-2012-5085", "CVE-2012-5076", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5067", "CVE-2012-5083", "CVE-2012-5088", "CVE-2012-5086", "CVE-2012-1532", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-1531", "CVE-2012-5068", "CVE-2012-3143", "CVE-2012-5070"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841202", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841202", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1619_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for openjdk-7 USN-1619-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1619-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841202\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-29 11:03:54 +0530 (Mon, 29 Oct 2012)\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-5069\", \"CVE-2012-5072\", \"CVE-2012-5075\",\n \"CVE-2012-5077\", \"CVE-2012-5085\", \"CVE-2012-4416\", \"CVE-2012-5071\",\n \"CVE-2012-1531\", \"CVE-2012-1532\", \"CVE-2012-1533\", \"CVE-2012-3143\",\n \"CVE-2012-3159\", \"CVE-2012-5068\", \"CVE-2012-5083\", \"CVE-2012-5084\",\n \"CVE-2012-5086\", \"CVE-2012-5089\", \"CVE-2012-5067\", \"CVE-2012-5070\",\n \"CVE-2012-5073\", \"CVE-2012-5079\", \"CVE-2012-5074\", \"CVE-2012-5076\",\n \"CVE-2012-5087\", \"CVE-2012-5088\", \"CVE-2012-5081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1619-1\");\n script_name(\"Ubuntu Update for openjdk-7 USN-1619-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1619-1\");\n script_tag(name:\"affected\", value:\"openjdk-7 on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Several information disclosure vulnerabilities were discovered in the\n OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075,\n CVE-2012-5077, CVE-2012-5085)\n\n Vulnerabilities were discovered in the OpenJDK JRE related to information\n disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071)\n\n Several vulnerabilities were discovered in the OpenJDK JRE related to\n information disclosure and data integrity. An attacker could exploit these\n to cause a denial of service. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,\n CVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084,\n CVE-2012-5086, CVE-2012-5089)\n\n Information disclosure vulnerabilities were discovered in the OpenJDK JRE.\n These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070)\n\n Vulnerabilities were discovered in the OpenJDK JRE related to data\n integrity. (CVE-2012-5073, CVE-2012-5079)\n\n A vulnerability was discovered in the OpenJDK JRE related to information\n disclosure and data integrity. This issue only affected Ubuntu 12.10.\n (CVE-2012-5074)\n\n Several vulnerabilities were discovered in the OpenJDK JRE related to\n information disclosure and data integrity. An attacker could exploit these\n to cause a denial of service. These issues only affected Ubuntu 12.10.\n (CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)\n\n A denial of service vulnerability was found in OpenJDK. (CVE-2012-5081)\n\n Please see the references for more information.\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-10-19T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2012:1386 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-5087", "CVE-2012-5085", "CVE-2012-5076", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5088", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068", "CVE-2012-5070"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881525", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881525", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2012:1386 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-October/018947.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881525\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-19 10:20:49 +0530 (Fri, 19 Oct 2012)\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\",\n \"CVE-2012-5070\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\",\n \"CVE-2012-5074\", \"CVE-2012-5075\", \"CVE-2012-5076\", \"CVE-2012-5077\",\n \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\",\n \"CVE-2012-5086\", \"CVE-2012-5087\", \"CVE-2012-5088\", \"CVE-2012-5089\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1386\");\n script_name(\"CentOS Update for java CESA-2012:1386 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"java on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the Beans,\n Libraries, Swing, and JMX components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084,\n CVE-2012-5089)\n\n The default Java security properties configuration did not restrict access\n to certain com.sun.org.glassfish packages. An untrusted Java application\n or applet could use these flaws to bypass Java sandbox restrictions. This\n update lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074)\n\n Multiple improper permission check issues were discovered in the Scripting,\n JMX, Concurrency, Libraries, and Security components in OpenJDK. An\n untrusted Java application or applet could use these flaws to bypass\n certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\n CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\n It was discovered that java.util.ServiceLoader could create an instance of\n an incompatible class while performing provider lookup. An untrusted Java\n application or applet could use this flaw to bypass certain Java sandbox\n restrictions. (CVE-2012-5079)\n\n It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\n implementation did not properly handle handshake records containing an\n overly large data length value. An unauthenticated, remote attacker could\n possibly use this flaw to cause an SSL/TLS server to terminate with an\n exception. (CVE-2012-5081)\n\n It was discovered that the JMX component in OpenJDK could perform certain\n actions in an insecure manner. An untrusted Java application or applet\n could possibly use these flaws to disclose sensitive information.\n (CVE-2012-5070, CVE-2012-5075)\n\n A bug in the Java HotSpot Virtual Machine optimization code could cause it\n to not perform array initialization in certain cases. An untrusted Java\n application or applet could use this flaw to disclose portions of the\n virtual machine's memory. (CVE-2012-4416)\n\n It was discovered that the SecureRandom class did not properly protect\n against the creation of multiple seeders. An untrusted Java application or\n applet could possibly use this flaw to disclose sensitive information.\n (CVE-2012-5077)\n\n It was discovered that the java.io.FilePermission class exposed the hash\n code of the canonicalized path name. An untrusted Java application or\n applet could possibly use this flaw to determine certain system paths, suc ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-10-19T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-5087", "CVE-2012-5085", "CVE-2012-5076", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5088", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068", "CVE-2012-5070"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870853", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870853", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-October/msg00027.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870853\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-19 09:49:34 +0530 (Fri, 19 Oct 2012)\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\",\n \"CVE-2012-5070\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\",\n \"CVE-2012-5074\", \"CVE-2012-5075\", \"CVE-2012-5076\", \"CVE-2012-5077\",\n \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\",\n \"CVE-2012-5086\", \"CVE-2012-5087\", \"CVE-2012-5088\", \"CVE-2012-5089\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1386-01\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.7.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"java-1.7.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the Beans,\n Libraries, Swing, and JMX components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084,\n CVE-2012-5089)\n\n The default Java security properties configuration did not restrict access\n to certain com.sun.org.glassfish packages. An untrusted Java application\n or applet could use these flaws to bypass Java sandbox restrictions. This\n update lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074)\n\n Multiple improper permission check issues were discovered in the Scripting,\n JMX, Concurrency, Libraries, and Security components in OpenJDK. An\n untrusted Java application or applet could use these flaws to bypass\n certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\n CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.3.el6_3.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.9~2.3.3.el6_3.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-03T10:56:45", "description": "Check for the Version of java-1.6.0-openjdk", "cvss3": {}, "published": "2012-10-19T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2012:1385-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-5085", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:870852", "href": "http://plugins.openvas.org/nasl.php?oid=870852", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2012:1385-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the Beans,\n Swing, and JMX components in OpenJDK. An untrusted Java application or\n applet could use these flaws to bypass Java sandbox restrictions.\n (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\n Multiple improper permission check issues were discovered in the Scripting,\n JMX, Concurrency, Libraries, and Security components in OpenJDK. An\n untrusted Java application or applet could use these flaws to bypass\n certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\n CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\n It was discovered that java.util.ServiceLoader could create an instance of\n an incompatible class while performing provider lookup. An untrusted Java\n application or applet could use this flaw to bypass certain Java sandbox\n restrictions. (CVE-2012-5079)\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-October/msg00026.html\");\n script_id(870852);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-19 09:48:55 +0530 (Fri, 19 Oct 2012)\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\",\n \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\",\n \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\",\n \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1385-01\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2012:1385-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.28.1.10.10.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.28.1.10.10.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.28.1.10.10.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.28.1.10.10.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.28.1.10.10.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.28.1.10.10.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:07:34", "description": "Check for the Version of java-1_6_0-openjdk", "cvss3": {}, "published": "2012-12-13T00:00:00", "type": "openvas", "title": "SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1424-1 (java-1_6_0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-5085", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:850360", "href": "http://plugins.openvas.org/nasl.php?oid=850360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_1424_1.nasl 8285 2018-01-04 06:29:16Z teissa $\n#\n# SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1424-1 (java-1_6_0-openjdk)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"java-1_6_0-openjdk on openSUSE 11.4\";\ntag_insight = \"java 1.6.0 openjdk / icedtea was updated to 1.11.5\n (bnc#785433)\n * Security fixes\n - S6631398, CVE-2012-3216: FilePermission improved path\n checking\n - S7093490: adjust package access in rmiregistry\n - S7143535, CVE-2012-5068: ScriptEngine corrected\n permissions\n - S7167656, CVE-2012-5077: Multiple Seeders are being\n created\n - S7169884, CVE-2012-5073: LogManager checks do not work\n correctly for sub-types\n - S7169888, CVE-2012-5075: Narrowing resource definitions\n in JMX RMI connector\n - S7172522, CVE-2012-5072: Improve DomainCombiner checking\n - S7186286, CVE-2012-5081: TLS implementation to better\n adhere to RFC\n - S7189103, CVE-2012-5069: Executors needs to maintain\n state\n - S7189490: More improvements to DomainCombiner checking\n - S7189567, CVE-2012-5085: java net obselete protocol\n - S7192975, CVE-2012-5071: Conditional usage check is\n wrong\n - S7195194, CVE-2012-5084: Better data validation for\n Swing\n - S7195917, CVE-2012-5086: XMLDecoder parsing at\n close-time should be improved\n - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw\n CCE without needing to create instance\n - S7198296, CVE-2012-5089: Refactor classloader usage\n - S7158800: Improve storage of symbol tables\n - S7158801: Improve VM CompileOnly option\n - S7158804: Improve config file parsing\n - S7176337: Additional changes needed for 7158801 fix\n - S7198606, CVE-2012-4416: Improve VM optimization\n * Backports\n - S7175845: "jar uf" changes file permissions unexpectedly\n - S7177216: native2ascii changes file permissions of\n input file\n - S7199153: TEST_BUG: try-with-resources syntax pushed to\n 6-open repo\n * Bug fixes\n - PR1194: IcedTea tries to build with\n /usr/lib/jvm/java-openjdk (now a 1.7 VM) by default\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850360);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:26 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\",\n \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\",\n \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\",\n \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:1424_1\");\n script_name(\"SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1424-1 (java-1_6_0-openjdk)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1_6_0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk\", rpm:\"java-1_6_0-openjdk~1.6.0.0_b24.1.11.5~21.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-debuginfo\", rpm:\"java-1_6_0-openjdk-debuginfo~1.6.0.0_b24.1.11.5~21.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-debugsource\", rpm:\"java-1_6_0-openjdk-debugsource~1.6.0.0_b24.1.11.5~21.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo\", rpm:\"java-1_6_0-openjdk-demo~1.6.0.0_b24.1.11.5~21.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo-debuginfo\", rpm:\"java-1_6_0-openjdk-demo-debuginfo~1.6.0.0_b24.1.11.5~21.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel\", rpm:\"java-1_6_0-openjdk-devel~1.6.0.0_b24.1.11.5~21.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel-debuginfo\", rpm:\"java-1_6_0-openjdk-devel-debuginfo~1.6.0.0_b24.1.11.5~21.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-javadoc\", rpm:\"java-1_6_0-openjdk-javadoc~1.6.0.0_b24.1.11.5~21.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-src\", rpm:\"java-1_6_0-openjdk-src~1.6.0.0_b24.1.11.5~21.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-03T10:58:24", "description": "Check for the Version of java", "cvss3": {}, "published": "2012-10-19T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2012:1384 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-5085", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:881526", "href": "http://plugins.openvas.org/nasl.php?oid=881526", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2012:1384 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the Beans,\n Swing, and JMX components in OpenJDK. An untrusted Java application or\n applet could use these flaws to bypass Java sandbox restrictions.\n (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n \n Multiple improper permission check issues were discovered in the Scripting,\n JMX, Concurrency, Libraries, and Security components in OpenJDK. An\n untrusted Java application or applet could use these flaws to bypass\n certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\n CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n \n It was discovered that java.util.ServiceLoader could create an instance of\n an incompatible class while performing provider lookup. An untrusted Java\n application or applet could use this flaw to bypass certain Java sandbox\n restrictions. (CVE-2012-5079)\n \n It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\n implementation did not properly handle handshake records containing an\n overly large data length value. An unauthenticated, remote attacker could\n possibly use this flaw to cause an SSL/TLS server to terminate with an\n exception. (CVE-2012-5081)\n \n It was discovered that the JMX component in OpenJDK could perform certain\n actions in an insecure manner. An untrusted Java application or applet\n could possibly use this flaw to disclose sensitive information.\n (CVE-2012-5075)\n \n A bug in the Java HotSpot Virtual Machine optimization code could cause it\n to not perform array initialization in certain cases. An untrusted Java\n application or applet could use this flaw to disclose portions of the\n virtual machine's memory. (CVE-2012-4416)\n \n It was discovered that the SecureRandom class did not properly protect\n against the creation of multiple seeders. An untrusted Java application or\n applet could possibly use this flaw to disclose sensitive information.\n (CVE-2012-5077)\n \n It was discovered that the java.io.FilePermission class exposed the hash\n code of the canonicalized path name. An untrusted Java application or\n applet could possibly use this flaw to determine certain system paths, such\n as the current working directory. (CVE-2012-3216)\n \n This update disables Gopher protocol support in the java.net package by\n default. Gopher support can be enabled by setting the newly introduced\n property, "jdk.net.registerGopherProtocol", to true. (CVE-2012-5085)\n \n Note: If the web browser plug-in provided by the icedtea-web package was\n in ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"java on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-October/018946.html\");\n script_id(881526);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-19 10:21:40 +0530 (Fri, 19 Oct 2012)\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\",\n \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\",\n \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\",\n \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1384\");\n script_name(\"CentOS Update for java CESA-2012:1384 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.50.1.11.5.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message
VMware ESX / ESXi NFC and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0003) (remote check)
