Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 Greenbone AGOPENVAS:1361412562310802274
HistoryNov 15, 2011 - 12:00 a.m.

Oracle Java SE 6, 7 Multiple Vulnerabilities (cpuoct2011) - Windows

2011-11-1500:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
26

9.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

JSON

Oracle Java SE is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.802274");
  script_version("2024-02-26T14:36:40+0000");
  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
  script_cve_id("CVE-2011-3544", "CVE-2011-3546", "CVE-2011-3550", "CVE-2011-3551",
                "CVE-2011-3553", "CVE-2011-3558", "CVE-2011-3561");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-26 14:36:40 +0000 (Mon, 26 Feb 2024)");
  script_tag(name:"creation_date", value:"2011-11-15 14:34:22 +0530 (Tue, 15 Nov 2011)");
  script_name("Oracle Java SE 6, 7 Multiple Vulnerabilities (cpuoct2011) - Windows");
  script_xref(name:"URL", value:"http://secunia.com/advisories/46512");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50218");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50224");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50226");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50239");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50242");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50246");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50250");
  script_xref(name:"URL", value:"http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html");

  script_tag(name:"qod_type", value:"registry");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("General");
  script_dependencies("gb_java_prdts_detect_portable_win.nasl");
  script_mandatory_keys("Sun/Java/JDK_or_JRE/Win/installed");
  script_tag(name:"impact", value:"Successful exploitation allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors.");
  script_tag(name:"affected", value:"Oracle Java SE versions 7, 6 Update 27 and earlier.");
  script_tag(name:"insight", value:"Multiple flaws are due to unspecified errors in the following
  components:

  - Scripting

  - Deployment

  - AWT

  - 2D

  - JAXWS

  - HotSpot");
  script_tag(name:"solution", value:"Upgrade to Oracle Java SE versions 7 Update 1, 6 Update 29 or later.");
  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"summary", value:"Oracle Java SE is prone to multiple vulnerabilities.");
  exit(0);
}

include("version_func.inc");

jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
if(jreVer)
{

  if(version_is_equal(version:jreVer, test_version:"1.7.0") ||
     version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.27"))
  {
    security_message( port: 0, data: "The target host was found to be vulnerable" );
    exit(0);
  }
}

jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
if(jdkVer)
{

  if(version_is_equal(version:jdkVer, test_version:"1.7.0") ||
     version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.27")) {
     security_message( port: 0, data: "The target host was found to be vulnerable" );
     exit(0);
  }
}

exit(99);

Related

openvas 62
nessus 33
securityvulns 3
threatpost 10
redhat 5
ibm 1
suse 2
oraclelinux 1
fedora 18
centos 1
ubuntucve 7
prion 7
veracode 7
cve 7
amazon 1
canvas 1
thn 2
seebug 3
saint 4
packetstorm 1
metasploit 1
ubuntu 2
checkpoint_advisories 1
zdi 1
attackerkb 1
cisa_kev 1
osv 2
exploitdb 1
debian 2
symantec 1
fireeye 1
gentoo 2
securelist 1
openvas
openvas
Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02)
2011-11-15 00:00:00
Java for Mac OS X 10.6 Update 6 And 10.7 Update 1
2011-11-17 00:00:00
Java for Mac OS X 10.6 Update 6 And 10.7 Update 1
2011-11-17 00:00:00
nessus
nessus
Mac OS X : Java for Mac OS X 10.6 Update 6 (BEAST)
2011-11-09 00:00:00
openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST)
2014-06-13 00:00:00
Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (BEAST)
2012-08-01 00:00:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2011-11-11 00:00:00
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
2011-11-11 00:00:00
ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability
2011-10-31 00:00:00
threatpost
threatpost
Apple Releases New Java Updates, Fix 17 Flaws
2011-11-09 17:09:04
New Trojan For Mac Used In Attacks On Tibetan NGOs
2012-03-21 18:31:56
Java Exploit Linked to Red October Espionage Malware Campaign
2013-01-15 17:40:04
redhat
redhat
(RHSA-2011:1384) Critical: java-1.6.0-sun security update
2011-10-19 00:00:00
(RHSA-2012:0034) Critical: java-1.6.0-ibm security update
2012-01-18 00:00:00
(RHSA-2011:1380) Critical: java-1.6.0-openjdk security update
2011-10-18 00:00:00
ibm
ibm
Potential Security Vulnerabilities With JavaTM SDKs
2018-06-17 14:01:55
suse
suse
Security update for IBM Java 1.6.0 (important)
2012-03-06 21:08:29
Security update for IBM Java (important)
2012-01-23 17:08:23
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2011-10-18 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16
2011-11-05 01:27:14
[SECURITY] Fedora 16 Update: java-1.7.0-openjdk-1.7.0.1-2.0.2.fc16
2011-11-10 17:36:54
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-68.1.11.4.fc16
2012-09-19 03:03:35
centos
centos
java security update
2011-10-19 21:07:19
ubuntucve
ubuntucve
CVE-2011-3561
2011-10-19 00:00:00
CVE-2011-3558
2011-10-19 00:00:00
CVE-2011-3553
2011-10-19 00:00:00
prion
prion
Design/Logic Flaw
2011-10-19 21:55:00
Design/Logic Flaw
2011-10-19 21:55:00
Design/Logic Flaw
2011-10-19 21:55:00
veracode
veracode
Information Disclosure
2019-05-02 04:56:00
Information Disclosure
2020-04-10 01:03:13
Information Disclosure
2019-05-02 04:56:00
cve
cve
CVE-2011-3561
2011-10-19 21:55:00
CVE-2011-3558
2011-10-19 21:55:00
CVE-2011-3553
2011-10-19 21:55:00
amazon
amazon
Critical: java-1.6.0-openjdk
2011-10-31 18:22:00
canvas
canvas
Immunity Canvas: JAVA_RHINO
2011-10-19 21:55:00
thn
thn
Office based Trojan threat for Mac OS X by Chinese hackers
2012-03-29 17:25:00
Kaspersky finds Malware that resides in your RAM
2012-03-20 13:48:00
seebug
seebug
Oracle Java Applet Rhino脚本引擎远程代码执行漏洞
2011-12-01 00:00:00
Java Applet Rhino Script Engine Remote Code Execution
2014-07-01 00:00:00
IBM Rational AppScan 8.x/7.x 多个安全漏洞
2012-06-16 00:00:00
saint
saint
Oracle Java Rhino Script Engine Code Execution
2011-12-02 00:00:00
Oracle Java Rhino Script Engine Code Execution
2011-12-02 00:00:00
Oracle Java Rhino Script Engine Code Execution
2011-12-02 00:00:00
packetstorm
packetstorm
Java Applet Rhino Script Engine Remote Code Execution
2011-11-30 00:00:00
metasploit
metasploit
Java Applet Rhino Script Engine Remote Code Execution
2011-11-30 00:05:20
ubuntu
ubuntu
OpenJDK 6 regression
2012-01-24 00:00:00
IcedTea-Web, OpenJDK 6 vulnerabilities
2011-11-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java Applet Rhino Script Engine Policy Bypass (CVE-2011-3544)
2012-03-19 00:00:00
zdi
zdi
Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability
2011-10-26 00:00:00
attackerkb
attackerkb
CVE-2011-3544
2011-10-19 00:00:00
cisa_kev
cisa_kev
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
2022-03-03 00:00:00
osv
osv
openjdk-6 - several
2011-12-01 00:00:00
openjdk-6 - several
2011-12-05 00:00:00
exploitdb
exploitdb
Java Applet Rhino Script Engine - Remote Code Execution (Metasploit)
2011-11-30 00:00:00
debian
debian
[SECURITY] [DSA 2356-1] openjdk-6 security update
2011-12-01 20:33:49
[SECURITY] [DSA 2358-1] openjdk-6 security update
2011-12-05 19:27:12
symantec
symantec
Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
2011-10-18 00:00:00
fireeye
fireeye
Internet Explorer 8 Exploit Found in Watering Hole Campaign Targeting Chinese Dissidents
2013-03-20 17:26:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
securelist
securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
2017-11-16 10:00:34

9.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

JSON
Related for OPENVAS:1361412562310802274
openvas62nessus33securityvulns3threatpost10redhat5ibm1suse2oraclelinux1fedora18centos1ubuntucve7prion7veracode7cve7amazon1canvas1thn2seebug3saint4packetstorm1metasploit1ubuntu2checkpoint_advisories1zdi1attackerkb1cisa_kev1osv2exploitdb1debian2symantec1fireeye1gentoo2securelist1