Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 Greenbone AGOPENVAS:1361412562310802276
HistoryNov 15, 2011 - 12:00 a.m.

Oracle Java SE 5, 6, 7 Multiple Vulnerabilities (cpuoct2011) - Windows

2011-11-1500:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
9

9.2 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

84.8%

JSON

Oracle Java SE is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.802276");
  script_version("2024-02-26T14:36:40+0000");
  script_cve_id("CVE-2011-3521", "CVE-2011-3554");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-26 14:36:40 +0000 (Mon, 26 Feb 2024)");
  script_tag(name:"creation_date", value:"2011-11-15 14:34:22 +0530 (Tue, 15 Nov 2011)");
  script_name("Oracle Java SE 5, 6, 7 Multiple Vulnerabilities (cpuoct2011) - Windows");
  script_xref(name:"URL", value:"http://secunia.com/advisories/46512");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50215");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50216");
  script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/70839");
  script_xref(name:"URL", value:"http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html");

  script_tag(name:"qod_type", value:"registry");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("General");
  script_dependencies("gb_java_prdts_detect_portable_win.nasl");
  script_mandatory_keys("Sun/Java/JDK_or_JRE/Win/installed");
  script_tag(name:"impact", value:"Successful exploitation allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors.");
  script_tag(name:"affected", value:"Oracle Java SE versions 7, 6 Update 27 and earlier, 5.0 Update 31 and
  earlier.");
  script_tag(name:"insight", value:"Multiple flaws are due to unspecified errors in the following
  components:

  - Deserialization

  - Java Runtime Environment");
  script_tag(name:"solution", value:"Upgrade to Oracle Java SE versions 7 Update 1, 6 Update 29, 5.0 Update
  32 or later.");
  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"summary", value:"Oracle Java SE is prone to multiple vulnerabilities.");
  exit(0);
}

include("version_func.inc");

jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
if(jreVer)
{

  ## 5.0 Update 31 and earlier
  if(version_is_equal(version:jreVer, test_version:"1.7.0") ||
     version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.27") ||
     version_in_range(version:jreVer, test_version:"1.5", test_version2:"1.5.0.31"))
  {
    security_message( port: 0, data: "The target host was found to be vulnerable" );
    exit(0);
  }
}

jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
if(jdkVer)
{
  ## 5.0 Update 31 and earlier
  if(version_is_equal(version:jdkVer, test_version:"1.7.0") ||
     version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.27") ||
     version_in_range(version:jdkVer, test_version:"1.5", test_version2:"1.5.0.31")){
     security_message( port: 0, data: "The target host was found to be vulnerable" );
     exit(0);
  }
}

exit(99);

Related

openvas 62
veracode 2
ubuntucve 2
prion 2
cve 2
zdi 1
securityvulns 3
nessus 33
fedora 18
debian 2
osv 2
centos 1
redhat 5
oraclelinux 1
amazon 1
ubuntu 2
threatpost 1
suse 3
ibm 1
seebug 1
gentoo 2
openvas
openvas
Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04)
2011-11-15 00:00:00
Ubuntu: Security Advisory (USN-1263-2)
2012-01-25 00:00:00
Debian Security Advisory DSA 2356-1 (openjdk-6)
2012-02-11 00:00:00
veracode
veracode
Authorization Bypass
2019-05-02 04:56:00
Arbitrary Code Execution
2019-05-02 04:55:59
ubuntucve
ubuntucve
CVE-2011-3554
2011-10-19 00:00:00
CVE-2011-3521
2011-10-19 00:00:00
prion
prion
Design/Logic Flaw
2011-10-19 21:55:00
Deserialization of untrusted data
2011-10-19 21:55:00
cve
cve
CVE-2011-3554
2011-10-19 21:55:00
CVE-2011-3521
2011-10-19 21:55:00
zdi
zdi
Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability
2011-10-26 00:00:00
securityvulns
securityvulns
ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability
2011-10-31 00:00:00
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
2011-11-11 00:00:00
Oracle Java multiple security vulnerabilities
2011-11-11 00:00:00
nessus
nessus
Debian DSA-2356-1 : openjdk-6 - several vulnerabilities (BEAST)
2011-12-02 00:00:00
Fedora 16 : java-1.7.0-openjdk-1.7.0.1-2.0.2.fc16 (2011-15555)
2011-11-14 00:00:00
CentOS 5 : java-1.6.0-openjdk (CESA-2011:1380) (BEAST)
2011-10-20 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: java-1.7.0-openjdk-1.7.0.1-2.0.2.fc16
2011-11-10 17:36:54
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16
2011-11-05 01:27:14
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-68.1.11.4.fc16
2012-09-19 03:03:35
debian
debian
[SECURITY] [DSA 2356-1] openjdk-6 security update
2011-12-01 20:33:49
[SECURITY] [DSA 2358-1] openjdk-6 security update
2011-12-05 19:27:12
osv
osv
openjdk-6 - several
2011-12-01 00:00:00
openjdk-6 - several
2011-12-05 00:00:00
centos
centos
java security update
2011-10-19 21:07:19
redhat
redhat
(RHSA-2011:1380) Critical: java-1.6.0-openjdk security update
2011-10-18 00:00:00
(RHSA-2011:1478) Critical: java-1.5.0-ibm security update
2011-11-24 00:00:00
(RHSA-2012:0034) Critical: java-1.6.0-ibm security update
2012-01-18 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2011-10-18 00:00:00
amazon
amazon
Critical: java-1.6.0-openjdk
2011-10-31 18:22:00
ubuntu
ubuntu
OpenJDK 6 regression
2012-01-24 00:00:00
IcedTea-Web, OpenJDK 6 vulnerabilities
2011-11-16 00:00:00
threatpost
threatpost
Apple Releases New Java Updates, Fix 17 Flaws
2011-11-09 17:09:04
suse
suse
Security update for IBM Java (important)
2011-12-02 10:08:33
Security update for IBM Java (important)
2012-01-23 17:08:23
Security update for IBM Java 1.6.0 (important)
2012-03-06 21:08:29
ibm
ibm
Potential Security Vulnerabilities With JavaTM SDKs
2018-06-17 14:01:55
seebug
seebug
IBM Rational AppScan 8.x/7.x 多个安全漏洞
2012-06-16 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00

9.2 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

84.8%

JSON
Related for OPENVAS:1361412562310802276
openvas62veracode2ubuntucve2prion2cve2zdi1securityvulns3nessus33fedora18debian2osv2centos1redhat5oraclelinux1amazon1ubuntu2threatpost1suse3ibm1seebug1gentoo2