Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2015 Greenbone AGOPENVAS:1361412562310108404
HistoryApr 21, 2015 - 12:00 a.m.

Oracle Java SE JRE Unspecified Code Execution Vulnerability (Apr 2015) - Linux

2015-04-2100:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
12

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

4.8 Medium

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON

Oracle Java SE JRE is prone to an arbitrary code execution vulnerability.

# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.108404");
  script_version("2024-02-20T14:37:13+0000");
  script_cve_id("CVE-2015-0458");
  script_tag(name:"cvss_base", value:"7.6");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-20 14:37:13 +0000 (Tue, 20 Feb 2024)");
  script_tag(name:"creation_date", value:"2015-04-21 17:49:11 +0530 (Tue, 21 Apr 2015)");
  script_name("Oracle Java SE JRE Unspecified Code Execution Vulnerability (Apr 2015) - Linux");

  script_tag(name:"summary", value:"Oracle Java SE JRE is prone to an arbitrary code execution vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The flaw is due to error related to the
  Deployment subcomponent.");

  script_tag(name:"impact", value:"Successful exploitation will allow attackers
  to execute arbitrary code on affected system.");

  script_tag(name:"affected", value:"Oracle Java SE 6 update 91 and prior, 7
  update 76 and prior, 8 update 40 and prior on Linux.");

  script_tag(name:"solution", value:"Apply the patch from the referenced advisory.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"qod_type", value:"executable_version");

  script_xref(name:"URL", value:"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74141");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_family("General");
  script_dependencies("gb_java_prdts_detect_lin.nasl");
  script_mandatory_keys("Sun/Java/JRE/Linux/Ver");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

cpe_list = make_list("cpe:/a:oracle:jre", "cpe:/a:oracle:jdk", "cpe:/a:sun:jre", "cpe:/a:sun:jdk");

if(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))
  exit(0);

vers = infos["version"];
path = infos["location"];

if(vers =~ "^1\.[6-8]") {
  if(version_in_range(version:vers, test_version:"1.8.0", test_version2:"1.8.0.40")||
     version_in_range(version:vers, test_version:"1.7.0", test_version2:"1.7.0.76")||
     version_in_range(version:vers, test_version:"1.6.0", test_version2:"1.6.0.91")) {
    report = 'Installed version: ' + vers + '\n' +
             'Fixed version:     ' + "Apply the patch"  + '\n';
    security_message(data:report);
    exit(0);
  }
}

exit(99);

Related

cve 1
ubuntucve 1
cvelist 1
nvd 1
openvas 24
debiancve 1
prion 1
ibm 12
nessus 30
redhat 7
f5 2
suse 16
veracode 4
kaspersky 2
aix 1
gentoo 1
securityvulns 1
oracle 1
cve
cve
CVE-2015-0458
2015-04-16 16:59:16
ubuntucve
ubuntucve
CVE-2015-0458
2015-04-16 00:00:00
cvelist
cvelist
CVE-2015-0458
2015-04-16 16:00:00
nvd
nvd
CVE-2015-0458
2015-04-16 16:59:16
openvas
openvas
Oracle Java SE JRE Unspecified Code Execution Vulnerability (Apr 2015) - Windows
2015-04-21 00:00:00
openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2015:0774-1)
2015-09-18 00:00:00
SUSE: Security Advisory for java-1_7_0-openjdk (SUSE-SU-2015:0833-1)
2015-10-16 00:00:00
debiancve
debiancve
CVE-2015-0458
2015-04-16 16:59:16
prion
prion
Design/Logic Flaw
2015-04-16 16:59:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director Storage Control
2019-01-31 02:10:01
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Tivoli Storage Productivity Center April 2015 CPU
2022-08-19 23:26:06
Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.5.0 and 1.7.0 affect IBM Flex System Manager (FSM)
2018-06-18 01:29:52
nessus
nessus
Oracle Java SE 6 < Update 92 Multiple Vulnerabilities
2015-01-22 00:00:00
RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2015:0858)
2015-04-21 00:00:00
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2015-331)
2015-04-28 00:00:00
redhat
redhat
(RHSA-2015:0858) Important: java-1.6.0-sun security update
2015-04-20 14:05:19
(RHSA-2015:0857) Critical: java-1.7.0-oracle security update
2015-04-20 13:52:00
(RHSA-2015:1091) Low: Red Hat Satellite IBM Java Runtime security update
2015-06-11 00:00:00
f5
f5
SOL17125 - Multiple Java vulnerabilities
2015-08-12 00:00:00
K17125 : Multiple Java vulnerabilities
2015-08-12 00:00:00
suse
suse
Security update for java-1_7_0-openjdk (important)
2015-04-27 13:05:55
Security update for java-1_7_0-openjdk (critical)
2015-05-07 21:04:54
Security update for IBM Java (important)
2015-06-22 16:04:54
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 05:39:14
Sandbox Restrictions Bypass
2019-05-02 05:39:15
Sandbox Restrictions Bypass
2019-05-02 05:39:14
kaspersky
kaspersky
KLA10548 Multiple vulnerabilities in Oracle products
2015-04-14 00:00:00
KLA10551 Code execution vulnerabilities in Microsoft Office
2015-04-14 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2015-06-03 12:58:42
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2016-03-12 00:00:00
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-04-17 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2015
2015-04-14 00:00:00

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

4.8 Medium

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON
Related for OPENVAS:1361412562310108404
cve1ubuntucve1cvelist1nvd1openvas24debiancve1prion1ibm12nessus30redhat7f52suse16veracode4kaspersky2aix1gentoo1securityvulns1oracle1