Lucene search
Copyright (C) 2014 Greenbone AGOPENVAS:1361412562310804688HistoryJul 25, 2014 - 12:00 a.m.
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 (Jul 2014) - Windows
2014-07-2500:00:00
Copyright (C) 2014 Greenbone AG
plugins.openvas.org
13
3.9 Low
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Oracle Java SE JRE is prone to multiple unspecified vulnerabilities.
# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.804688");
script_version("2024-02-20T14:37:13+0000");
script_cve_id("CVE-2014-4264", "CVE-2014-4266", "CVE-2014-4221", "CVE-2014-4220",
"CVE-2014-4208", "CVE-2014-2490");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"2024-02-20 14:37:13 +0000 (Tue, 20 Feb 2024)");
script_tag(name:"creation_date", value:"2014-07-25 09:35:38 +0530 (Fri, 25 Jul 2014)");
script_name("Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 (Jul 2014) - Windows");
script_tag(name:"summary", value:"Oracle Java SE JRE is prone to multiple unspecified vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple unspecified flaws exist:
- An error in the Security subcomponent related to the Elliptic Curve (EC)
cryptography implementation.
- An error in the Serviceability subcomponent related to
share/native/sun/management/GcInfoBuilder.c
- An error in the Libraries subcomponent related to
share/classes/java/lang/invoke/MethodHandles.java
- An unspecified error related to the Deployment subcomponent.
- Two errors related to the Deployment subcomponent.
- A format string error in the Hotspot subcomponent within the EventMark
constructor and destructor in share/vm/utilities/events.cpp");
script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to update, insert, or
delete certain data, execute arbitrary code, conduct denial-of-service and
disclose sensitive information.");
script_tag(name:"affected", value:"Oracle Java SE 7 update 60 and prior, and 8 update 5 and prior on Windows.");
script_tag(name:"solution", value:"Apply the patch from the referenced advisory.");
script_tag(name:"qod_type", value:"registry");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://secunia.com/advisories/59501");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/68571");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/68576");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/68580");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/68596");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/68612");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/68645");
script_xref(name:"URL", value:"http://securitytracker.com/id?1030577");
script_xref(name:"URL", value:"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone AG");
script_family("General");
script_dependencies("gb_java_prdts_detect_portable_win.nasl");
script_mandatory_keys("Sun/Java/JRE/Win/Ver");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
cpe_list = make_list("cpe:/a:oracle:jre", "cpe:/a:sun:jre");
if(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))
exit(0);
vers = infos["version"];
path = infos["location"];
if(vers =~ "^1\.[78]") {
if(version_in_range(version:vers, test_version:"1.7.0", test_version2:"1.7.0.60")||
version_in_range(version:vers, test_version:"1.8.0", test_version2:"1.8.0.5")) {
security_message( port: 0, data: "The target host was found to be vulnerable" );
exit(0);
}
}
References
secunia.com/advisories/59501
securitytracker.com/id?1030577
www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
www.securityfocus.com/bid/68571
www.securityfocus.com/bid/68576
www.securityfocus.com/bid/68580
www.securityfocus.com/bid/68596
www.securityfocus.com/bid/68612
www.securityfocus.com/bid/68645
Related
openvas
openvas
SUSE: Security Advisory for openjdk (SUSE-SU-2014:0961-1)
2015-10-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1037-1)
2021-06-09 00:00:00
cvelist
cvelist
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2014-07-17 05:10:00
Design/Logic Flaw
2014-07-17 05:10:00
Design/Logic Flaw
2014-07-17 11:17:00
nvd
nvd
cve
cve
redhat
redhat
(RHSA-2014:0902) Critical: java-1.7.0-oracle security update
2014-07-18 01:28:56
(RHSA-2014:1042) Critical: java-1.7.1-ibm security update
2014-08-11 00:00:00
(RHSA-2014:1041) Critical: java-1.7.0-ibm security update
2014-08-11 00:00:00
nessus
nessus
RHEL 7 : java-1.7.0-oracle (RHSA-2014:0902)
2014-11-08 00:00:00
Oracle Java SE Multiple Vulnerabilities (July 2014 CPU) (Unix)
2014-07-16 00:00:00
SuSE 11.3 Security Update : openjdk (SAT Patch Number 9543)
2014-08-05 00:00:00
ibm
ibm
veracode
veracode
Arbitrary Code Execution
2019-01-15 08:56:47
Unchecked Return Value
2019-05-02 05:03:23
Authentication Bypass
2019-05-02 05:03:23
suse
suse
Security update for openjdk (important)
2014-08-04 19:04:23
Security update for java-1_7_0-ibm (important)
2015-02-21 01:05:45
kaspersky
kaspersky
KLA10507 Multiple vulnerabilities in Oracle products
2014-07-17 00:00:00
zdi
zdi
Oracle Java ResourceBundle Format String Remote Code Execution Vulnerability
2014-07-18 00:00:00
debian
debian
[SECURITY] [DSA 2987-1] openjdk-7 security update
2014-07-23 19:51:55
[SECURITY] [DSA 2980-1] openjdk-6 security update
2014-07-17 16:00:25
[SECURITY] [DLA 96-1] openjdk-6 security update
2014-11-28 10:26:06
ubuntu
ubuntu
OpenJDK 7 update
2014-09-17 00:00:00
OpenJDK 7 vulnerabilities
2014-08-20 00:00:00
OpenJDK 7 regression
2014-08-26 00:00:00
aix
aix
centos
centos
java security update
2014-07-16 10:46:11
java security update
2014-07-16 10:53:36
java security update
2014-07-21 18:20:14
mageia
mageia
Updated java-1.7.0-openjdk packages fix multiple vulnerabilities
2014-07-26 15:03:50
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2014-07-16 00:00:00
java-1.7.0-openjdk security update
2014-07-16 00:00:00
java-1.6.0-openjdk security and bug fix update
2014-07-21 00:00:00
amazon
amazon
Critical: java-1.7.0-openjdk
2014-07-23 14:01:00
Important: java-1.6.0-openjdk
2014-07-31 13:52:00
osv
osv
openjdk-6 - security update
2014-11-28 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2015-02-15 00:00:00
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL applications security vulnerabilities
2014-07-21 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00
3.9 Low
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related for OPENVAS:1361412562310804688