Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2020 Greenbone Networks GmbHOPENVAS:1361412562310853208
HistoryJun 14, 2020 - 12:00 a.m.

openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2020:0800-1)

2020-06-1400:00:00
Copyright (C) 2020 Greenbone Networks GmbH
plugins.openvas.org
15

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

71.8%

JSON

The remote host is missing an update for the

# Copyright (C) 2020 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.853208");
  script_version("2023-10-20T16:09:12+0000");
  script_cve_id("CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2773", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830");
  script_tag(name:"cvss_base", value:"5.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_tag(name:"last_modification", value:"2023-10-20 16:09:12 +0000 (Fri, 20 Oct 2023)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-09-08 13:00:00 +0000 (Tue, 08 Sep 2020)");
  script_tag(name:"creation_date", value:"2020-06-14 03:01:16 +0000 (Sun, 14 Jun 2020)");
  script_name("openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2020:0800-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2020 Greenbone Networks GmbH");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap15\.1");

  script_xref(name:"openSUSE-SU", value:"2020:0800-1");
  script_xref(name:"URL", value:"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'java-1_8_0-openjdk'
  package(s) announced via the openSUSE-SU-2020:0800-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for java-1_8_0-openjdk to version jdk8u252 fixes the following
  issues:

  - CVE-2020-2754: Forward references to Nashorn (bsc#1169511)

  - CVE-2020-2755: Improve Nashorn matching (bsc#1169511)

  - CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511)

  - CVE-2020-2757: Less Blocking Array Queues (bsc#1169511)

  - CVE-2020-2773: Better signatures in XML (bsc#1169511)

  - CVE-2020-2781: Improve TLS session handling (bsc#1169511)

  - CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511)

  - CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511)

  - CVE-2020-2805: Enhance typing of methods (bsc#1169511)

  - CVE-2020-2830: Better Scanner conversions (bsc#1169511)

  - Ignore whitespaces after the header or footer in PEM X.509 cert
  (bsc#1171352)

  This update was imported from the SUSE:SLE-15:Update update project.


  Patch Instructions:

  To install this openSUSE Security Update use the SUSE recommended
  installation methods
  like YaST online_update or 'zypper patch'.

  Alternatively you can run the command listed for your product:

  - openSUSE Leap 15.1:

  zypper in -t patch openSUSE-2020-800=1");

  script_tag(name:"affected", value:"'java-1_8_0-openjdk' package(s) on openSUSE Leap 15.1.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "openSUSELeap15.1") {

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk", rpm:"java-1_8_0-openjdk~1.8.0.252~lp151.2.12.1", rls:"openSUSELeap15.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-accessibility", rpm:"java-1_8_0-openjdk-accessibility~1.8.0.252~lp151.2.12.1", rls:"openSUSELeap15.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debuginfo", rpm:"java-1_8_0-openjdk-debuginfo~1.8.0.252~lp151.2.12.1", rls:"openSUSELeap15.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debugsource", rpm:"java-1_8_0-openjdk-debugsource~1.8.0.252~lp151.2.12.1", rls:"openSUSELeap15.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo", rpm:"java-1_8_0-openjdk-demo~1.8.0.252~lp151.2.12.1", rls:"openSUSELeap15.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo-debuginfo", rpm:"java-1_8_0-openjdk-demo-debuginfo~1.8.0.252~lp151.2.12.1", rls:"openSUSELeap15.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel", rpm:"java-1_8_0-openjdk-devel~1.8.0.252~lp151.2.12.1", rls:"openSUSELeap15.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel-debuginfo", rpm:"java-1_8_0-openjdk-devel-debuginfo~1.8.0.252~lp151.2.12.1", rls:"openSUSELeap15.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless", rpm:"java-1_8_0-openjdk-headless~1.8.0.252~lp151.2.12.1", rls:"openSUSELeap15.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless-debuginfo", rpm:"java-1_8_0-openjdk-headless-debuginfo~1.8.0.252~lp151.2.12.1", rls:"openSUSELeap15.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-src", rpm:"java-1_8_0-openjdk-src~1.8.0.252~lp151.2.12.1", rls:"openSUSELeap15.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-javadoc", rpm:"java-1_8_0-openjdk-javadoc~1.8.0.252~lp151.2.12.1", rls:"openSUSELeap15.1"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

oraclelinux 7
nessus 65
openvas 30
centos 5
ibm 54
redhat 16
suse 3
osv 3
amazon 5
mageia 1
debian 3
fedora 3
gentoo 1
aix 1
ubuntu 1
f5 1
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2020-04-22 00:00:00
java-1.8.0-openjdk security update
2020-04-22 00:00:00
java-1.8.0-openjdk security update
2020-04-21 00:00:00
nessus
nessus
Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2020-1421)
2020-05-07 00:00:00
RHEL 7 : java-1.8.0-openjdk (RHSA-2020:1512)
2020-04-21 00:00:00
IBM Java 7.0 < 7.0.10.65 / 7.1 < 7.1.4.65 / 8.0 < 8.0.6.25 Multiple Vulnerabilities
2022-04-29 00:00:00
openvas
openvas
Fedora: Security Advisory for java-1.8.0-openjdk (FEDORA-2020-5386fe3bbb)
2020-05-11 00:00:00
Mageia: Security Advisory (MGASA-2020-0182)
2022-01-28 00:00:00
Fedora: Security Advisory for java-1.8.0-openjdk (FEDORA-2020-a60ad9d4ec)
2020-05-29 00:00:00
centos
centos
java security update
2020-04-30 19:53:37
java security update
2020-04-28 00:26:13
java security update
2020-04-28 00:24:04
ibm
ibm
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 - Includes Oracle Apr 2020 CPU minus CVE-2020-2773 affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time
2021-02-01 09:03:14
Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products
2020-07-10 07:26:57
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 - Includes Oracle Apr 2020 CPU minus CVE-2020-2773 affects Liberty for Java for IBM Cloud
2022-10-07 16:01:56
redhat
redhat
(RHSA-2020:1515) Important: java-1.8.0-openjdk security update
2020-04-22 08:56:46
(RHSA-2020:1516) Important: java-1.8.0-openjdk security update
2020-04-22 08:56:47
(RHSA-2020:1512) Important: java-1.8.0-openjdk security update
2020-04-21 09:11:34
suse
suse
Security update for java-1_8_0-openj9 (important)
2020-06-24 00:00:00
Security update for java-1_8_0-openjdk (important)
2020-06-13 00:00:00
Security update for java-11-openjdk (important)
2020-06-02 00:00:00
osv
osv
openjdk-8 - security update
2020-04-28 00:00:00
openjdk-7 - security update
2020-04-28 00:00:00
openjdk-11 - security update
2020-04-24 00:00:00
amazon
amazon
Important: java-1.8.0-openjdk
2020-05-05 01:18:00
Important: java-1.8.0-openjdk
2023-08-21 12:14:00
Important: java-1.7.0-openjdk
2020-05-08 20:58:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2020-04-24 20:03:35
debian
debian
[SECURITY] [DSA 4668-1] openjdk-8 security update
2020-04-28 19:35:17
[SECURITY] [DLA 2193-1] openjdk-7 security update
2020-04-29 00:48:53
[SECURITY] [DSA 4662-1] openjdk-11 security update
2020-04-24 12:55:19
fedora
fedora
[SECURITY] Fedora 30 Update: java-1.8.0-openjdk-1.8.0.252.b09-0.fc30
2020-05-13 03:36:38
[SECURITY] Fedora 31 Update: java-1.8.0-openjdk-1.8.0.252.b09-0.fc31
2020-05-18 03:23:13
[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.252.b09-0.fc32
2020-05-07 03:11:08
gentoo
gentoo
OpenJDK, IcedTea: Multiple vulnerabilities
2020-06-15 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2020-07-31 09:56:48
ubuntu
ubuntu
OpenJDK vulnerabilities
2020-04-22 00:00:00
f5
f5
K26555255 : Multiple Java vulnerabilities CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830
2021-04-09 00:00:00

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

71.8%

JSON
Related for OPENVAS:1361412562310853208
oraclelinux7nessus65openvas30centos5ibm54redhat16suse3osv3amazon5mageia1debian3fedora3gentoo1aix1ubuntu1f51