Search...

Oracle Java SE Code Execution Vulnerabilities (Windows)

2011-02-28T00:00:00

ID OPENVAS:1361412562310902353
Type openvas
Reporter Copyright (C) 2011 SecPod
Modified 2018-10-20T00:00:00

Description

This host is installed with Sun Java SE and is prone to multiple code execution vulnerabilities.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_oracle_java_mult_code_exec_vuln_win.nasl 11997 2018-10-20 11:59:41Z mmartin $
#
# Oracle Java SE Code Execution Vulnerabilities (Windows)
#
# Authors:
# Madhuri D &lt;dmadhuri@secpod.com&gt;
#
# Copyright:
# Copyright (c) 2011 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.902353");
  script_version("$Revision: 11997 $");
  script_tag(name:"last_modification", value:"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $");
  script_tag(name:"creation_date", value:"2011-02-28 11:12:07 +0100 (Mon, 28 Feb 2011)");
  script_cve_id("CVE-2010-4468", "CVE-2010-4471");
  script_bugtraq_id(46393, 46399);
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_name("Oracle Java SE Code Execution Vulnerabilities (Windows)");
  script_xref(name:"URL", value:"http://www.vupen.com/english/advisories/2011/0405");
  script_xref(name:"URL", value:"http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 SecPod");
  script_family("General");
  script_dependencies("gb_java_prdts_detect_portable_win.nasl");
  script_mandatory_keys("Sun/Java/JDK_or_JRE/Win/installed");
  script_tag(name:"impact", value:"Successful attacks will allow attackers to execute arbitrary code in the
  context of the affected application with system privileges.");
  script_tag(name:"affected", value:"Oracle Java SE 6 Update 23 and prior.
  Oracle Java SE 5.0 Update 27 and prior.");
  script_tag(name:"insight", value:"The flaws are due to an error in 'Java Runtime Environment (JRE)',
  which allows remote untrusted Java Web Start applications and untrusted Java
  applets to affect confidentiality and integrity via unknown vectors related
  to JDBC and 2D.");
  script_tag(name:"solution", value:"Upgrade to Oracle Java SE 6 Update 24 or later.");
  script_xref(name:"URL", value:"http://java.com/en/download/index.jsp");
  script_tag(name:"summary", value:"This host is installed with Sun Java SE and is prone to multiple
  code execution vulnerabilities.");
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("smb_nt.inc");
include("version_func.inc");

jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
if(jreVer)
{

  if(version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.23") ||
     version_in_range(version:jreVer, test_version:"1.5", test_version2:"1.5.0.27"))
  {
    security_message( port: 0, data: "The target host was found to be vulnerable" );
    exit(0);
  }
}

jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
if(jdkVer)
{
  if(version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.23") ||
     version_in_range(version:jdkVer, test_version:"1.5", test_version2:"1.5.0.27")){
    security_message( port: 0, data: "The target host was found to be vulnerable" );
  }
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310902353", "type": "openvas", "bulletinFamily": "scanner", "title": "Oracle Java SE Code Execution Vulnerabilities (Windows)", "description": "This host is installed with Sun Java SE and is prone to multiple\n code execution vulnerabilities.", "published": "2011-02-28T00:00:00", "modified": "2018-10-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902353", "reporter": "Copyright (C) 2011 SecPod", "references": ["http://www.vupen.com/english/advisories/2011/0405", "http://java.com/en/download/index.jsp", "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"], "cvelist": ["CVE-2010-4468", "CVE-2010-4471"], "lastseen": "2019-05-29T18:39:50", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-4471", "CVE-2010-4468"]}, {"type": "openvas", "idList": ["OPENVAS:902353", "OPENVAS:1361412562310835257", "OPENVAS:1361412562310850160", "OPENVAS:1361412562310902557", "OPENVAS:850160", "OPENVAS:835257", "OPENVAS:1361412562310902556", "OPENVAS:902556", "OPENVAS:870394", "OPENVAS:902557"]}, {"type": "nessus", "idList": ["SUSE_JAVA-1_5_0-IBM-7442.NASL", "ORACLE_JAVA_CPU_FEB_2011.NASL", "SUSE_JAVA-1_5_0-IBM-7388.NASL", "REDHAT-RHSA-2011-0357.NASL", "SUSE_11_3_JAVA-1_6_0-SUN-110217.NASL", "SUSE_11_JAVA-1_6_0-IBM-110307.NASL", "SUSE9_12691.NASL", "REDHAT-RHSA-2011-0364.NASL", "REDHAT-RHSA-2011-0282.NASL", "SL_20110217_JAVA__JDK_1_6_0__ON_SL4_X.NASL"]}, {"type": "redhat", "idList": ["RHSA-2011:0357", "RHSA-2011:0880", "RHSA-2011:0364", "RHSA-2011:0282"]}, {"type": "suse", "idList": ["SUSE-SA:2011:010", "SUSE-SA:2011:014"]}, {"type": "ubuntu", "idList": ["USN-1079-2", "USN-1079-1", "USN-1079-3"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11443"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2224-1:ECD2A"]}, {"type": "gentoo", "idList": ["GLSA-201406-32", "GLSA-201111-02"]}, {"type": "vmware", "idList": ["VMSA-2011-0013"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2011-301950"]}], "modified": "2019-05-29T18:39:50", "rev": 2}, "score": {"value": 9.3, "vector": "NONE", "modified": "2019-05-29T18:39:50", "rev": 2}, "vulnersScore": 9.3}, "pluginID": "1361412562310902353", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_oracle_java_mult_code_exec_vuln_win.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# Oracle Java SE Code Execution Vulnerabilities (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902353\");\n script_version(\"$Revision: 11997 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-28 11:12:07 +0100 (Mon, 28 Feb 2011)\");\n script_cve_id(\"CVE-2010-4468\", \"CVE-2010-4471\");\n script_bugtraq_id(46393, 46399);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Oracle Java SE Code Execution Vulnerabilities (Windows)\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2011/0405\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JDK_or_JRE/Win/installed\");\n script_tag(name:\"impact\", value:\"Successful attacks will allow attackers to execute arbitrary code in the\n context of the affected application with system privileges.\");\n script_tag(name:\"affected\", value:\"Oracle Java SE 6 Update 23 and prior.\n Oracle Java SE 5.0 Update 27 and prior.\");\n script_tag(name:\"insight\", value:\"The flaws are due to an error in 'Java Runtime Environment (JRE)',\n which allows remote untrusted Java Web Start applications and untrusted Java\n applets to affect confidentiality and integrity via unknown vectors related\n to JDBC and 2D.\");\n script_tag(name:\"solution\", value:\"Upgrade to Oracle Java SE 6 Update 24 or later.\");\n script_xref(name:\"URL\", value:\"http://java.com/en/download/index.jsp\");\n script_tag(name:\"summary\", value:\"This host is installed with Sun Java SE and is prone to multiple\n code execution vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\nif(jreVer)\n{\n\n if(version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.23\") ||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.27\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\njdkVer = get_kb_item(\"Sun/Java/JDK/Win/Ver\");\nif(jdkVer)\n{\n if(version_in_range(version:jdkVer, test_version:\"1.6\", test_version2:\"1.6.0.23\") ||\n version_in_range(version:jdkVer, test_version:\"1.5\", test_version2:\"1.5.0.27\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "naslFamily": "General", "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:45:04", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC.", "edition": 6, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4468", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4468"], "modified": "2017-12-22T02:29:00", "cpe": ["cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0"], "id": "CVE-2010-4468", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4468", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:45:04", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.", "edition": 6, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4471", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4471"], "modified": "2017-12-22T02:29:00", "cpe": ["cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0"], "id": "CVE-2010-4471", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4471", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-11-13T12:58:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4468", "CVE-2010-4471"], "description": "This host is installed with Sun Java SE and is prone to multiple\n code execution vulnerabilities.", "modified": "2017-11-08T00:00:00", "published": "2011-02-28T00:00:00", "id": "OPENVAS:902353", "href": "http://plugins.openvas.org/nasl.php?oid=902353", "type": "openvas", "title": "Oracle Java SE Code Execution Vulnerabilities (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_oracle_java_mult_code_exec_vuln_win.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Oracle Java SE Code Execution Vulnerabilities (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful attacks will allow attackers to execute arbitrary code in the\n context of the affected application with system privileges.\n Impact Level: Application\";\ntag_affected = \"Oracle Java SE 6 Update 23 and prior.\n Oracle Java SE 5.0 Update 27 and prior.\";\ntag_insight = \"The flaws are due to an error in 'Java Runtime Environment (JRE)',\n which allows remote untrusted Java Web Start applications and untrusted Java\n applets to affect confidentiality and integrity via unknown vectors related\n to JDBC and 2D.\";\ntag_solution = \"Upgrade to Oracle Java SE 6 Update 24 or later\n http://java.com/en/download/index.jsp\";\ntag_summary = \"This host is installed with Sun Java SE and is prone to multiple\n code execution vulnerabilities.\";\n\nif(description)\n{\n script_id(902353);\n script_version(\"$Revision: 7699 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-28 11:12:07 +0100 (Mon, 28 Feb 2011)\");\n script_cve_id(\"CVE-2010-4468\", \"CVE-2010-4471\");\n script_bugtraq_id(46393, 46399);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Oracle Java SE Code Execution Vulnerabilities (Windows)\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2011/0405\");\n script_xref(name : \"URL\" , value : \"http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JDK_or_JRE/Win/installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\n# Get KB for JRE Version On Windows\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\nif(jreVer)\n{\n\n # Check version from 1.6 < 1.6.0_23 (6 Update 23), 1.5 < 1.5.0_27(5 Update 27)\n if(version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.23\") ||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.27\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Get KB for JDK Version On Windows\njdkVer = get_kb_item(\"Sun/Java/JDK/Win/Ver\");\nif(jdkVer)\n{\n # Check version from 1.6 < 1.6.0_23 (6 Update 23), 1.5 < 1.5.0_27(5 Update 27)\n if(version_in_range(version:jdkVer, test_version:\"1.6\", test_version2:\"1.6.0.23\") ||\n version_in_range(version:jdkVer, test_version:\"1.5\", test_version2:\"1.5.0.27\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4468", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2010-4467"], "description": "This host is missing an important security update according to\n Java for Mac OS X 10.6 Update 4.", "modified": "2019-03-19T00:00:00", "published": "2011-08-29T00:00:00", "id": "OPENVAS:1361412562310902557", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902557", "type": "openvas", "title": "Java for Mac OS X 10.6 Update 4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_macosx_java_10_6_upd_4.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Java for Mac OS X 10.6 Update 4\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902557\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-29 16:22:41 +0200 (Mon, 29 Aug 2011)\");\n script_cve_id(\"CVE-2010-4422\", \"CVE-2010-4447\", \"CVE-2010-4448\", \"CVE-2010-4450\",\n \"CVE-2010-4454\", \"CVE-2010-4462\", \"CVE-2010-4463\", \"CVE-2010-4465\",\n \"CVE-2010-4467\", \"CVE-2010-4468\", \"CVE-2010-4469\", \"CVE-2010-4470\",\n \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4473\", \"CVE-2010-4476\");\n script_bugtraq_id(46091, 46386, 46387, 46391, 46393, 46394, 46395, 46397,\n 46398, 46399, 46400, 46402, 46403, 46404, 46406, 46409);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Java for Mac OS X 10.6 Update 4\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4562\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2011/mar/msg00001.html\");\n\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.6\\.6\");\n script_tag(name:\"impact\", value:\"Successful exploitation may allow an untrusted Java applet to execute\n arbitrary code outside the Java sandbox. Visiting a web page containing\n a maliciously crafted untrusted Java applet may lead to arbitrary code\n execution with the privileges of the current user.\");\n script_tag(name:\"affected\", value:\"Java for Mac OS X v10.6.6 and Mac OS X Server v10.6.6\");\n script_tag(name:\"insight\", value:\"For more information on the vulnerabilities refer the below links.\");\n script_tag(name:\"solution\", value:\"Upgrade to Java for Mac OS X 10.6 Update 4.\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Java for Mac OS X 10.6 Update 4.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName || \"Mac OS X Server\" >< osName)\n{\n if(version_is_equal(version:osVer, test_version:\"10.6.6\"))\n {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.6Update\", diff:\"4\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4468", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2010-4467"], "description": "This host is missing an important security update according to\n Mac OS X 10.5 Update 9.", "modified": "2019-03-19T00:00:00", "published": "2011-08-29T00:00:00", "id": "OPENVAS:1361412562310902556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902556", "type": "openvas", "title": "Java for Mac OS X 10.5 Update 9", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_macosx_java_10_5_upd_9.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Java for Mac OS X 10.5 Update 9\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902556\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-29 16:22:41 +0200 (Mon, 29 Aug 2011)\");\n script_cve_id(\"CVE-2010-4422\", \"CVE-2010-4447\", \"CVE-2010-4448\", \"CVE-2010-4450\",\n \"CVE-2010-4454\", \"CVE-2010-4462\", \"CVE-2010-4463\", \"CVE-2010-4465\",\n \"CVE-2010-4467\", \"CVE-2010-4468\", \"CVE-2010-4469\", \"CVE-2010-4470\",\n \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4473\", \"CVE-2010-4476\");\n script_bugtraq_id(46091, 46386, 46387, 46391, 46393, 46394, 46395, 46397,\n 46398, 46399, 46400, 46402, 46403, 46404, 46406, 46409);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Java for Mac OS X 10.5 Update 9\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4563\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce//2011//Mar/msg00002.html\");\n\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.5\\.8\");\n script_tag(name:\"impact\", value:\"Successful exploitation may allow an untrusted Java applet to execute\n arbitrary code outside the Java sandbox. Visiting a web page containing\n a maliciously crafted untrusted Java applet may lead to arbitrary code\n execution with the privileges of the current user.\");\n script_tag(name:\"affected\", value:\"Java for Mac OS X v10.5.8 and Mac OS X Server v10.5.8\");\n script_tag(name:\"insight\", value:\"For more information on the vulnerabilities refer the below links.\");\n script_tag(name:\"solution\", value:\"Upgrade to Java for Mac OS X 10.5 Update 9.\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Mac OS X 10.5 Update 9.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName || \"Mac OS X Server\" >< osName)\n{\n if(version_is_equal(version:osVer, test_version:\"10.5.8\"))\n {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"9\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:19:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4468", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2010-4467"], "description": "This host is missing an important security update according to\n Mac OS X 10.5 Update 9.", "modified": "2017-08-30T00:00:00", "published": "2011-08-29T00:00:00", "id": "OPENVAS:902556", "href": "http://plugins.openvas.org/nasl.php?oid=902556", "type": "openvas", "title": "Java for Mac OS X 10.5 Update 9", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_macosx_java_10_5_upd_9.nasl 7024 2017-08-30 11:51:43Z teissa $\n#\n# Java for Mac OS X 10.5 Update 9\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may allow an untrusted Java applet to execute\n arbitrary code outside the Java sandbox. Visiting a web page containing\n a maliciously crafted untrusted Java applet may lead to arbitrary code\n execution with the privileges of the current user.\n Impact Level: System/Application\";\ntag_affected = \"Java for Mac OS X v10.5.8 and Mac OS X Server v10.5.8\";\ntag_insight = \"For more information on the vulnerabilities refer the below links.\";\ntag_solution = \"Upgrade to Java for Mac OS X 10.5 Update 9,\n For updates refer to http://support.apple.com/kb/HT4563\";\ntag_summary = \"This host is missing an important security update according to\n Mac OS X 10.5 Update 9.\";\n\nif(description)\n{\n script_id(902556);\n script_version(\"$Revision: 7024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-30 13:51:43 +0200 (Wed, 30 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-29 16:22:41 +0200 (Mon, 29 Aug 2011)\");\n script_cve_id(\"CVE-2010-4422\", \"CVE-2010-4447\", \"CVE-2010-4448\", \"CVE-2010-4450\",\n \"CVE-2010-4454\", \"CVE-2010-4462\", \"CVE-2010-4463\", \"CVE-2010-4465\",\n \"CVE-2010-4467\", \"CVE-2010-4468\", \"CVE-2010-4469\", \"CVE-2010-4470\",\n \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4473\", \"CVE-2010-4476\");\n script_bugtraq_id(46091, 46386, 46387, 46391, 46393, 46394, 46395, 46397,\n 46398, 46399, 46400, 46402, 46403, 46404, 46406, 46409);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Java for Mac OS X 10.5 Update 9\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4563\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Mar/msg00002.html\");\n\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X and Mac OS X Server\nif(\"Mac OS X\" >< osName || \"Mac OS X Server\" >< osName)\n{\n ## Check the affected OS versions\n if(version_is_equal(version:osVer, test_version:\"10.5.8\"))\n {\n ## Check for the security update\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"9\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-04T14:19:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4468", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2010-4467"], "description": "This host is missing an important security update according to\n Java for Mac OS X 10.6 Update 4.", "modified": "2017-08-28T00:00:00", "published": "2011-08-29T00:00:00", "id": "OPENVAS:902557", "href": "http://plugins.openvas.org/nasl.php?oid=902557", "type": "openvas", "title": "Java for Mac OS X 10.6 Update 4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_macosx_java_10_6_upd_4.nasl 7015 2017-08-28 11:51:24Z teissa $\n#\n# Java for Mac OS X 10.6 Update 4\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may allow an untrusted Java applet to execute\n arbitrary code outside the Java sandbox. Visiting a web page containing\n a maliciously crafted untrusted Java applet may lead to arbitrary code\n execution with the privileges of the current user.\n Impact Level: System/Application\";\ntag_affected = \"Java for Mac OS X v10.6.6 and Mac OS X Server v10.6.6\";\ntag_insight = \"For more information on the vulnerabilities refer the below links.\";\ntag_solution = \"Upgrade to Java for Mac OS X 10.6 Update 4,\n For updates refer to http://support.apple.com/kb/HT4562\";\ntag_summary = \"This host is missing an important security update according to\n Java for Mac OS X 10.6 Update 4.\";\n\nif(description)\n{\n script_id(902557);\n script_version(\"$Revision: 7015 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-28 13:51:24 +0200 (Mon, 28 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-29 16:22:41 +0200 (Mon, 29 Aug 2011)\");\n script_cve_id(\"CVE-2010-4422\", \"CVE-2010-4447\", \"CVE-2010-4448\", \"CVE-2010-4450\",\n \"CVE-2010-4454\", \"CVE-2010-4462\", \"CVE-2010-4463\", \"CVE-2010-4465\",\n \"CVE-2010-4467\", \"CVE-2010-4468\", \"CVE-2010-4469\", \"CVE-2010-4470\",\n \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4473\", \"CVE-2010-4476\");\n script_bugtraq_id(46091, 46386, 46387, 46391, 46393, 46394, 46395, 46397,\n 46398, 46399, 46400, 46402, 46403, 46404, 46406, 46409);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Java for Mac OS X 10.6 Update 4\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4562\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2011/mar/msg00001.html\");\n\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X and Mac OS X Server\nif(\"Mac OS X\" >< osName || \"Mac OS X Server\" >< osName)\n{\n ## Check the affected OS versions\n if(version_is_equal(version:osVer, test_version:\"10.6.6\"))\n {\n ## Check for the security update\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.6Update\", diff:\"4\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2010-4467", "CVE-2010-4466"], "description": "Check for the Version of Java", "modified": "2017-07-06T00:00:00", "published": "2011-06-06T00:00:00", "id": "OPENVAS:835257", "href": "http://plugins.openvas.org/nasl.php?oid=835257", "type": "openvas", "title": "HP-UX Update for Java HPSBUX02685", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02685\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code\n disclosure of information and other vulnerabilities.\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.09 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.21 or earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities could allow remote execution of arbitrary code, disclosure \n of information, and other vulnerabilities.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02775276\");\n script_id(835257);\n script_version(\"$Revision: 6582 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:11:56 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02685\");\n script_cve_id(\"CVE-2010-4422\", \"CVE-2010-4447\", \"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4452\", \"CVE-2010-4454\", \"CVE-2010-4462\", \"CVE-2010-4463\", \"CVE-2010-4465\", \"CVE-2010-4466\", \"CVE-2010-4467\", \"CVE-2010-4468\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4473\", \"CVE-2010-4475\", \"CVE-2010-4476\");\n script_name(\"HP-UX Update for Java HPSBUX02685\");\n\n script_summary(\"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2010-4467", "CVE-2010-4466"], "description": "The remote host is missing an update for the Java package(s) announced via the referenced advisory.", "modified": "2018-10-04T00:00:00", "published": "2011-06-06T00:00:00", "id": "OPENVAS:1361412562310835257", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835257", "type": "openvas", "title": "HP-UX Update for Java HPSBUX02685", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_hp_ux_HPSBUX02685.nasl 11739 2018-10-04 07:49:31Z cfischer $\n#\n# HP-UX Update for Java HPSBUX02685\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02775276\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835257\");\n script_version(\"$Revision: 11739 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-04 09:49:31 +0200 (Thu, 04 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"HPSBUX\", value:\"02685\");\n script_cve_id(\"CVE-2010-4422\", \"CVE-2010-4447\", \"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4452\", \"CVE-2010-4454\", \"CVE-2010-4462\", \"CVE-2010-4463\", \"CVE-2010-4465\", \"CVE-2010-4466\", \"CVE-2010-4467\", \"CVE-2010-4468\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4473\", \"CVE-2010-4475\", \"CVE-2010-4476\");\n script_name(\"HP-UX Update for Java HPSBUX02685\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Java package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/hp_pkgrev\", re:\"ssh/login/release=HPUX(11\\.31|11\\.23|11\\.11)\");\n\n script_tag(name:\"impact\", value:\"Remote execution of arbitrary code, disclosure of information and other vulnerabilities.\");\n\n script_tag(name:\"affected\", value:\"Java on HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.09 or earlier\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.21 or earlier\");\n\n script_tag(name:\"insight\", value:\"Potential security vulnerabilities have been identified in Java Runtime\n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These\n vulnerabilities could allow remote execution of arbitrary code, disclosure\n of information, and other vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = hpux_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.10.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.10.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.10.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881416", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881416", "type": "openvas", "title": "CentOS Update for java CESA-2011:0281 centos5 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2011:0281 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-April/017314.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881416\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:49:38 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\",\n \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0281\");\n script_name(\"CentOS Update for java CESA-2011:0281 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"java on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n\n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n\n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n\n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n\n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n\n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the 'appletviewer' application.\n\n This update also provides one defense in depth patch. (BZ#676019)\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2011-02-18T00:00:00", "id": "OPENVAS:1361412562310870394", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870394", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-February/msg00024.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870394\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0281-01\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n\n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n\n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n\n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n\n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n\n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the 'appletviewer' application.\n\n This update also provides one defense in depth patch. (BZ#676019)\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "description": "Check for the Version of java", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880559", "href": "http://plugins.openvas.org/nasl.php?oid=880559", "type": "openvas", "title": "CentOS Update for java CESA-2011:0281 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2011:0281 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n \n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n \n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n \n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n \n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n \n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n \n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the "appletviewer" application.\n \n This update also provides one defense in depth patch. (BZ#676019)\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"java on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017313.html\");\n script_id(880559);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0281\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_name(\"CentOS Update for java CESA-2011:0281 centos5 i386\");\n\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-1.6.0.0\", rpm:\"java-1.6.0-openjdk-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo-1.6.0.0\", rpm:\"java-1.6.0-openjdk-demo-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel-1.6.0.0\", rpm:\"java-1.6.0-openjdk-devel-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc-1.6.0.0\", rpm:\"java-1.6.0-openjdk-javadoc-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src-1.6.0.0\", rpm:\"java-1.6.0-openjdk-src-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-20T15:15:19", "description": "IBM Java 5 was updated to SR 12 FP 4 fixing various security issues.\n\nFor more details, please check the IBM JDK Alerts page :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/", "edition": 19, "published": "2011-03-31T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7388)", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4450", "CVE-2010-4473", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4466"], "cpe": ["cpe:/o:suse:suse_linux"], "modified": "2011-03-31T00:00:00", "id": "SUSE_JAVA-1_5_0-IBM-7388.NASL", "href": "https://www.tenable.com/plugins/nessus/53235", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53235);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-4447\", \"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4454\", \"CVE-2010-4462\", \"CVE-2010-4465\", \"CVE-2010-4466\", \"CVE-2010-4468\", \"CVE-2010-4471\", \"CVE-2010-4473\", \"CVE-2010-4475\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7388)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 5 was updated to SR 12 FP 4 fixing various security issues.\n\nFor more details, please check the IBM JDK Alerts page :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4447.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4448.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4454.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4462.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4465.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4466.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4468.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4471.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4473.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4475.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7388.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-demo-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-devel-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-src-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_5_0-ibm-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_5_0-ibm-devel-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr12.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr12.4-0.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:43", "description": "IBM Java 5 was updated to SR 12 FP 4 fixing various security issues.\n\nFor more details, please check the IBM JDK Alerts page :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/", "edition": 23, "published": "2011-04-01T00:00:00", "title": "SuSE9 Security Update : IBM Java JRE and SDK (YOU Patch Number 12691)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4450", "CVE-2010-4473", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4466"], "modified": "2011-04-01T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12691.NASL", "href": "https://www.tenable.com/plugins/nessus/53251", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53251);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4447\", \"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4454\", \"CVE-2010-4462\", \"CVE-2010-4465\", \"CVE-2010-4466\", \"CVE-2010-4468\", \"CVE-2010-4471\", \"CVE-2010-4473\", \"CVE-2010-4475\");\n\n script_name(english:\"SuSE9 Security Update : IBM Java JRE and SDK (YOU Patch Number 12691)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 5 was updated to SR 12 FP 4 fixing various security issues.\n\nFor more details, please check the IBM JDK Alerts page :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4447.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4448.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4454.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4462.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4465.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4466.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4468.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4471.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4473.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4475.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12691.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"IBMJava5-JRE-1.5.0_sr12.4-0.6\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"IBMJava5-SDK-1.5.0_sr12.4-0.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:15:21", "description": "IBM Java 5 was updated to SR 12 FP 4 fixing various security issues.\n\nFor more details, please check the IBM JDK Alerts page :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/", "edition": 19, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7442)", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4450", "CVE-2010-4473", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4466"], "cpe": ["cpe:/o:suse:suse_linux"], "modified": "2011-12-13T00:00:00", "id": "SUSE_JAVA-1_5_0-IBM-7442.NASL", "href": "https://www.tenable.com/plugins/nessus/57206", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57206);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-4447\", \"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4454\", \"CVE-2010-4462\", \"CVE-2010-4465\", \"CVE-2010-4466\", \"CVE-2010-4468\", \"CVE-2010-4471\", \"CVE-2010-4473\", \"CVE-2010-4475\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7442)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 5 was updated to SR 12 FP 4 fixing various security issues.\n\nFor more details, please check the IBM JDK Alerts page :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4447.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4448.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4454.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4462.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4465.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4466.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4468.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4471.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4473.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4475.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7442.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-demo-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-devel-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-src-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_5_0-ibm-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_5_0-ibm-devel-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr12.4-0.7.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr12.4-0.7.18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:09:01", "description": "Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras, and Red Hat\nEnterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM 'Security alerts'\npage, listed in the References section. (CVE-2010-4447, CVE-2010-4448,\nCVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465,\nCVE-2010-4466, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473,\nCVE-2010-4475)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR12-FP4 Java release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.", "edition": 30, "published": "2011-03-18T00:00:00", "title": "RHEL 4 / 5 / 6 : java-1.5.0-ibm (RHSA-2011:0364)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4450", "CVE-2010-4473", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4466"], "modified": "2011-03-18T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2011-0364.NASL", "href": "https://www.tenable.com/plugins/nessus/52709", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0364. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52709);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4447\", \"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4454\", \"CVE-2010-4462\", \"CVE-2010-4465\", \"CVE-2010-4466\", \"CVE-2010-4468\", \"CVE-2010-4471\", \"CVE-2010-4473\", \"CVE-2010-4475\");\n script_bugtraq_id(46391, 46393, 46394, 46397, 46398, 46399, 46403, 46406, 46409, 46410, 46411);\n script_xref(name:\"RHSA\", value:\"2011:0364\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : java-1.5.0-ibm (RHSA-2011:0364)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras, and Red Hat\nEnterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM 'Security alerts'\npage, listed in the References section. (CVE-2010-4447, CVE-2010-4448,\nCVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465,\nCVE-2010-4466, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473,\nCVE-2010-4475)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR12-FP4 Java release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4475\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0364\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0364\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.12.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.12.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.12.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:15:37", "description": "IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float\nnumber handling :\n\n - The Java Runtime Environment hangs forever when\n converting '2.2250738585072012e-308' to a binary\n floating-point number. (CVE-2010-4476)", "edition": 25, "published": "2011-03-22T00:00:00", "title": "SuSE 10 Security Update : java-1_6_0-ibm, java-1_6_0-ibm-32bit, java-1_6_0-ibm-64bit, java-1_6_0-ibm-alsa, java-1_6_0-ibm-alsa-32bit, java-1_6_0-ibm-demo, java-1_6_0-ibm-devel, java-1_6_0-ibm-devel-32bit, java-1_6_0-ibm-fonts, java-1_6_0-ibm-jdbc, java-1_6_0-ibm-jdbc-32bit, java-1_6_0-ibm-jdbc-64bit, java-1_6_0-ibm-plugin, java-1_6_0-ibm-plugin-32bit, java-1_6_0-ibm-src (ZYPP Patch Number 7369)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4422", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4476", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4467"], "modified": "2011-03-22T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_6_0-IBM-7369.NASL", "href": "https://www.tenable.com/plugins/nessus/52752", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52752);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-4422\", \"CVE-2010-4447\", \"CVE-2010-4448\", \"CVE-2010-4452\", \"CVE-2010-4454\", \"CVE-2010-4462\", \"CVE-2010-4463\", \"CVE-2010-4465\", \"CVE-2010-4467\", \"CVE-2010-4468\", \"CVE-2010-4471\", \"CVE-2010-4473\", \"CVE-2010-4475\", \"CVE-2010-4476\");\n\n script_name(english:\"SuSE 10 Security Update : java-1_6_0-ibm, java-1_6_0-ibm-32bit, java-1_6_0-ibm-64bit, java-1_6_0-ibm-alsa, java-1_6_0-ibm-alsa-32bit, java-1_6_0-ibm-demo, java-1_6_0-ibm-devel, java-1_6_0-ibm-devel-32bit, java-1_6_0-ibm-fonts, java-1_6_0-ibm-jdbc, java-1_6_0-ibm-jdbc-32bit, java-1_6_0-ibm-jdbc-64bit, java-1_6_0-ibm-plugin, java-1_6_0-ibm-plugin-32bit, java-1_6_0-ibm-src (ZYPP Patch Number 7369)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float\nnumber handling :\n\n - The Java Runtime Environment hangs forever when\n converting '2.2250738585072012e-308' to a binary\n floating-point number. (CVE-2010-4476)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4422.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4447.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4448.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4452.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4454.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4462.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4463.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4465.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4467.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4468.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4471.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4473.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4475.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4476.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7369.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Applet2ClassLoader Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_6_0-ibm-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-32bit-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-alsa-32bit-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-devel-32bit-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-plugin-32bit-1.6.0_sr9.1-1.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:09:01", "description": "Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras, and Red Hat\nEnterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM 'Security alerts'\npage, listed in the References section. (CVE-2010-4422, CVE-2010-4447,\nCVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462,\nCVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467,\nCVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475)\n\nNote: The RHSA-2010:0987 and RHSA-2011:0290 java-1.6.0-ibm errata were\nmissing 64-bit PowerPC packages for Red Hat Enterprise Linux 4 Extras.\nThis erratum provides 64-bit PowerPC packages for Red Hat Enterprise\nLinux 4 Extras as expected.\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR9-FP1 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.", "edition": 29, "published": "2011-03-17T00:00:00", "title": "RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2011:0357)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4422", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4467", "CVE-2010-4466"], "modified": "2011-03-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility", "cpe:/o:redhat:enterprise_linux:6.0", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm"], "id": "REDHAT-RHSA-2011-0357.NASL", "href": "https://www.tenable.com/plugins/nessus/52701", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0357. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52701);\n script_version(\"1.33\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4422\", \"CVE-2010-4447\", \"CVE-2010-4448\", \"CVE-2010-4452\", \"CVE-2010-4454\", \"CVE-2010-4462\", \"CVE-2010-4463\", \"CVE-2010-4465\", \"CVE-2010-4466\", \"CVE-2010-4467\", \"CVE-2010-4468\", \"CVE-2010-4471\", \"CVE-2010-4473\", \"CVE-2010-4475\");\n script_bugtraq_id(46386, 46388, 46391, 46393, 46394, 46395, 46398, 46399, 46402, 46403, 46406, 46409, 46410, 46411);\n script_xref(name:\"RHSA\", value:\"2011:0357\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2011:0357)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras, and Red Hat\nEnterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM 'Security alerts'\npage, listed in the References section. (CVE-2010-4422, CVE-2010-4447,\nCVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462,\nCVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467,\nCVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475)\n\nNote: The RHSA-2010:0987 and RHSA-2011:0290 java-1.6.0-ibm errata were\nmissing 64-bit PowerPC packages for Red Hat Enterprise Linux 4 Extras.\nThis erratum provides 64-bit PowerPC packages for Red Hat Enterprise\nLinux 4 Extras as expected.\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR9-FP1 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4475\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n # https://rhn.redhat.com/errata/RHSA-2010-0987.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0987\"\n );\n # https://rhn.redhat.com/errata/RHSA-2011-0290.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0357\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Applet2ClassLoader Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0357\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.9.1-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.9.1-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.9.1-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:39:00", "description": "IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float\nnumber handling :\n\n - The Java Runtime Environment hangs forever when\n converting '2.2250738585072012e-308' to a binary\n floating-point number. (CVE-2010-4476)", "edition": 24, "published": "2011-03-22T00:00:00", "title": "SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4109)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4422", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4476", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4467", "CVE-2010-4466"], "modified": "2011-03-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa"], "id": "SUSE_11_JAVA-1_6_0-IBM-110307.NASL", "href": "https://www.tenable.com/plugins/nessus/52751", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52751);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-4422\", \"CVE-2010-4447\", \"CVE-2010-4448\", \"CVE-2010-4452\", \"CVE-2010-4454\", \"CVE-2010-4462\", \"CVE-2010-4463\", \"CVE-2010-4465\", \"CVE-2010-4466\", \"CVE-2010-4467\", \"CVE-2010-4468\", \"CVE-2010-4471\", \"CVE-2010-4473\", \"CVE-2010-4475\", \"CVE-2010-4476\");\n\n script_name(english:\"SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4109)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float\nnumber handling :\n\n - The Java Runtime Environment hangs forever when\n converting '2.2250738585072012e-308' to a binary\n floating-point number. (CVE-2010-4476)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=673738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=673798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4422.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4447.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4448.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4452.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4454.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4462.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4463.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4465.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4466.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4467.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4468.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4471.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4473.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4475.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4476.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4109.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Applet2ClassLoader Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"java-1_6_0-ibm-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T01:16:58", "description": "The remote Mac OS X host is running a version of Java for Mac OS X\n10.6 that is missing Update 4. As such, it is affected by several\nsecurity vulnerabilities, the most serious of which may allow an\nuntrusted Java applet to execute arbitrary code with the privileges of\nthe current user outside the Java sandbox.", "edition": 10, "published": "2011-03-09T00:00:00", "title": "Mac OS X : Java for Mac OS X 10.6 Update 4", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4468", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2010-4467"], "modified": "2011-03-09T00:00:00", "cpe": [], "id": "MACOSX_JAVA_10_6_UPDATE4.NASL", "href": "https://www.tenable.com/plugins/nessus/52588", "sourceData": "#TRUSTED 386c8d39ad2b670539e7dbb09811a31b14cdeac09d8634ec26844008ca18541406dd6b3971bf3690122223208796ee5039f454dcf5aae20e7be343fa0406c5d5460f66c8ed3e0fcf63908cbc521d929ac931db7489437f6bcc49d3b8ceb47948e420cca9ca41df305d9afa39d73c1d60dad57b202a2f0bf7dbd024b871ed183c7371de2cf9a0af91466961836181ecd1c60a839f5a5fdf6f437f6ff3daa44e74a31a0d11bc4b9ee4c2c57d9a66ab6e165363ad31664f6f489023a3d824b1f56f4f1766ce6c0871d1b224627a304fd020b06a69129e88e17720faf1318ab819988c20bbe26102d043b5826b0e31e64c2bb9ec8136e81858bb33c04bb0a31ec2c2ef41dbca1371b9eeef5c89335864db15ec5c532f50804f29b6bceec1ddcf0ff55b7b86eaf6be65cecf1eed9d950675dcd1619fc64c8341dd7fe67bb46002662532f0b7a4bf51f884edc06f7353d34ded86296e01d835a5c64cf7b6d5ebcdc5541932d05e656ac940e02f391805505c6f1cda30c5ebc427c3d9950672384e871bf0a84a488cb1a4152221d1c910eaf0a756b8621dc26860587d7eb1fdffbfdeae48d2f9dabefa5dc337d2d4a016aa352cba025cdf8b828f6fdfdd726a22ec32373462f16152bd0660486cf9185d613f2e59facf89e2dcece56cca76e41dbc80b1cf6ecb4299ed8c91148a893fc684df7134dd7f24b0533bcf0ba62f3ffd482f4b\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52588);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\n \"CVE-2010-4422\",\n \"CVE-2010-4447\",\n \"CVE-2010-4448\",\n \"CVE-2010-4450\",\n \"CVE-2010-4454\",\n \"CVE-2010-4462\",\n \"CVE-2010-4463\",\n \"CVE-2010-4465\",\n \"CVE-2010-4467\",\n \"CVE-2010-4468\",\n \"CVE-2010-4469\",\n \"CVE-2010-4470\",\n \"CVE-2010-4471\",\n \"CVE-2010-4472\",\n \"CVE-2010-4473\",\n \"CVE-2010-4476\"\n );\n script_bugtraq_id(\n 46091,\n 46386,\n 46387,\n 46391,\n 46393,\n 46394,\n 46395,\n 46397,\n 46398,\n 46399,\n 46400,\n 46402,\n 46403,\n 46404,\n 46406,\n 46409\n );\n\n script_name(english:\"Mac OS X : Java for Mac OS X 10.6 Update 4\");\n script_summary(english:\"Checks version of the JavaVM framework\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Mac OS X host is running a version of Java for Mac OS X\n10.6 that is missing Update 4. As such, it is affected by several\nsecurity vulnerabilities, the most serious of which may allow an\nuntrusted Java applet to execute arbitrary code with the privileges of\nthe current user outside the Java sandbox.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4562\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Mar/msg00001.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Java for Mac OS X 10.6 Update 4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var ret, buf;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(0, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\n\n# Mac OS X 10.6 only.\nif (!egrep(pattern:\"Darwin.* 10\\.\", string:uname)) exit(0, \"The remote Mac is not running Mac OS X 10.6 and thus is not affected.\");\n\nplist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\ncmd =\n 'cat ' + plist + ' | ' +\n 'grep -A 1 CFBundleVersion | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\$.*\\\$<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (!strlen(version)) exit(1, \"Failed to get the version of the JavaVM Framework.\");\n\nversion = chomp(version);\nif (!ereg(pattern:\"^[0-9]+\\.\", string:version)) exit(1, \"The JavaVM Framework version does not appear to be numeric (\"+version+\").\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Fixed in version 13.4.0.\nif (\n ver[0] < 13 ||\n (ver[0] == 13 && ver[1] < 4)\n)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet')\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : 13.4.0\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse exit(0, \"The remote host is not affected since JavaVM Framework version \"+version+\" is installed.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T01:16:48", "description": "The remote Mac OS X host is running a version of Java for Mac OS X\n10.5 that is missing Update 9. As such, it is affected by several\nsecurity vulnerabilities, the most serious of which may allow an\nuntrusted Java applet to execute arbitrary code with the privileges of\nthe current user outside the Java sandbox.", "edition": 10, "published": "2011-03-09T00:00:00", "title": "Mac OS X : Java for Mac OS X 10.5 Update 9", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4468", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2010-4467"], "modified": "2011-03-09T00:00:00", "cpe": [], "id": "MACOSX_JAVA_10_5_UPDATE9.NASL", "href": "https://www.tenable.com/plugins/nessus/52587", "sourceData": "#TRUSTED 103a2475e1399bd894534ee43c647d73d7f0297cea9f71a081fcf3f6f82fb07a1dcc8fddb319486a502cb57adcc2d9c2cd65b7ca77fe42dba614628141d3622b6ec4a6cb78e64111dead984fa0c7528badab1d49a09e724e2c17b3423d426d07712edbca5c4b8cadb7785aea4f80aca262ad3d7b656ebed8bc1dc697f4e2056c99afa70a10511f06908e25e3cd96766dc755330c8f46d0ec020ee47d1e58f7452bfb8bda049483df2b791a3db0d50829824e2323053a2f5fef34ea09cc66cce818b0ddd0b73dd887c5d3bb3ea4dc9f818bb3ea0fb2973a780752a40a3f460cbd07c74faf8e9bc3566bf43573bcd97faf3e562818696a648c7c0c31d562f324bcd02c599a44415bd35c13f70b8fff373ae1f6c8b67e2582285905cf5483d5f02bd4d85cda805751c592ea930164ba3fe57b0dc9a230bcdd0e9f51d9d417106c9eae959eac613d6ad9fbbb43a7b248fe057bbb2553c5431b1c128cb9eaea73153c5d6b31304c8ab03ad78e6e296b485bd5fa5a2ba998dcd6506b9462882809d67739ccd6037957bb9d1871914077b6592dd1c958f5de7f0b06927f5d4f4fcc9327e4aadf7fe3a5e30076aef2ad72cd7b3488db087c2764a773557de9ef9acf6acbca050721977f1edd72cd9e70d6549d5a257bbfbd567866c50bd1fe591df5d9fec1effc96b4fc2b1de7a7395e273be1a78e7c090c825ec91e301e3b89817b84c9\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52587);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\n \"CVE-2010-4422\",\n \"CVE-2010-4447\",\n \"CVE-2010-4448\",\n \"CVE-2010-4450\",\n \"CVE-2010-4454\",\n \"CVE-2010-4462\",\n \"CVE-2010-4463\",\n \"CVE-2010-4465\",\n \"CVE-2010-4467\",\n \"CVE-2010-4468\",\n \"CVE-2010-4469\",\n \"CVE-2010-4470\",\n \"CVE-2010-4471\",\n \"CVE-2010-4472\",\n \"CVE-2010-4473\",\n \"CVE-2010-4476\"\n );\n script_bugtraq_id(\n 46091,\n 46386,\n 46387,\n 46391,\n 46393,\n 46394,\n 46395,\n 46397,\n 46398,\n 46399,\n 46400,\n 46402,\n 46403,\n 46404,\n 46406,\n 46409\n );\n\n script_name(english:\"Mac OS X : Java for Mac OS X 10.5 Update 9\");\n script_summary(english:\"Checks version of the JavaVM framework\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Mac OS X host is running a version of Java for Mac OS X\n10.5 that is missing Update 9. As such, it is affected by several\nsecurity vulnerabilities, the most serious of which may allow an\nuntrusted Java applet to execute arbitrary code with the privileges of\nthe current user outside the Java sandbox.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4563\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Mar/msg00002.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Java for Mac OS X 10.5 Update 9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var ret, buf;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(0, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\n\n\n# Mac OS X 10.5 only.\nif (!egrep(pattern:\"Darwin.* 9\\.\", string:uname)) exit(0, \"The remote Mac is not running Mac OS X 10.5 and thus is not affected.\");\n\nplist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\ncmd =\n 'cat ' + plist + ' | ' +\n 'grep -A 1 CFBundleVersion | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\$.*\\\$<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (!strlen(version)) exit(1, \"Failed to get the version of the JavaVM Framework.\");\n\nversion = chomp(version);\nif (!ereg(pattern:\"^[0-9]+\\.\", string:version)) exit(1, \"The JavaVM Framework version does not appear to be numeric (\"+version+\").\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Fixed in version 12.8.0.\nif (\n ver[0] < 12 ||\n (ver[0] == 12 && ver[1] < 8)\n)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet')\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.8.0\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse exit(0, \"The remote host is not affected since JavaVM Framework version \"+version+\" is installed.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T04:56:16", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is earlier than 6 Update 24 / 5.0 Update 28\n/ 1.4.2_30. Such versions are potentially affected by security issues\nin the following components :\n\n - Deployment\n - HotSpot\n - Install\n - JAXP\n - Java Language\n - JDBC\n - Launcher\n - Networking\n - Security\n - Sound\n - Swing\n - XML Digital Signature\n - 2D", "edition": 28, "published": "2013-02-22T00:00:00", "title": "Oracle Java SE Multiple Vulnerabilities (February 2011 CPU) (Unix)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2010-4467", "CVE-2010-4466"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "ORACLE_JAVA_CPU_FEB_2011_UNIX.NASL", "href": "https://www.tenable.com/plugins/nessus/64844", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64844);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\n \"CVE-2010-4422\",\n \"CVE-2010-4447\",\n \"CVE-2010-4448\",\n \"CVE-2010-4450\",\n \"CVE-2010-4451\",\n \"CVE-2010-4452\",\n \"CVE-2010-4454\",\n \"CVE-2010-4462\",\n \"CVE-2010-4463\",\n \"CVE-2010-4465\",\n \"CVE-2010-4466\",\n \"CVE-2010-4467\",\n \"CVE-2010-4468\",\n \"CVE-2010-4469\",\n \"CVE-2010-4470\",\n \"CVE-2010-4471\",\n \"CVE-2010-4472\",\n \"CVE-2010-4473\",\n \"CVE-2010-4474\",\n \"CVE-2010-4475\",\n \"CVE-2010-4476\"\n );\n script_bugtraq_id(\n 46091,\n 46386,\n 46387,\n 46388,\n 46391,\n 46393,\n 46394,\n 46395,\n 46397,\n 46398,\n 46399,\n 46400,\n 46402,\n 46403,\n 46404,\n 46405,\n 46406,\n 46407,\n 46409,\n 46410,\n 46411\n );\n script_xref(name:\"EDB-ID\", value:\"16990\");\n\n script_name(english:\"Oracle Java SE Multiple Vulnerabilities (February 2011 CPU) (Unix)\");\n script_summary(english:\"Checks version of the JRE\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Unix host contains a programming platform that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is earlier than 6 Update 24 / 5.0 Update 28\n/ 1.4.2_30. Such versions are potentially affected by security issues\nin the following components :\n\n - Deployment\n - HotSpot\n - Install\n - JAXP\n - Java Language\n - JDBC\n - Launcher\n - Networking\n - Security\n - Sound\n - Swing\n - XML Digital Signature\n - 2D\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-082/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-083/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-084/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-085/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-086/\");\n # https://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ee63f401\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.oracle.com/technetwork/java/eol-135779.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to JDK / JRE 6 Update 24, JDK 5.0 Update 28, SDK 1.4.2_30 or\nlater and remove, if necessary, any affected versions.\n\nNote that an Extended Support contract with Oracle is needed to obtain\nJDK 5.0 Update 28 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Applet2ClassLoader Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/22\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"Host/Java/JRE/Unmanaged/*\");\n\ninfo = \"\";\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = \"\";\ngranular = \"\";\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"Host/Java/JRE/Unmanaged/\";\n if (ver !~ \"^[0-9.]+\") continue;\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ '^1\\\\.6\\\\.0_([0-9]|[01][0-9]|2[0-3])([^0-9]|$)' ||\n ver =~ '^1\\\\.5\\\\.0_([0-9]|[01][0-9]|2[0-7])([^0-9]|$)' ||\n ver =~ '^1\\\\.4\\\\.([01]_|2_([0-9]|[0-2][0-9])([^0-9]|$))'\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_24 / 1.5.0_28 / 1.4.2_30\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += \"The Oracle Java version \"+ver+\" at \"+dir+\" is not granular enough to make a determination.\"+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:06", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4468", "CVE-2010-4471", "CVE-2010-4473", "CVE-2010-4475"], "description": "The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2010-4447, CVE-2010-4448,\nCVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466,\nCVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR12-FP4 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "modified": "2018-06-07T09:04:30", "published": "2011-03-17T04:00:00", "id": "RHSA-2011:0364", "href": "https://access.redhat.com/errata/RHSA-2011:0364", "type": "redhat", "title": "(RHSA-2011:0364) Critical: java-1.5.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:40", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4422", "CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4452", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4463", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4467", "CVE-2010-4468", "CVE-2010-4471", "CVE-2010-4473", "CVE-2010-4475"], "description": "The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2010-4422, CVE-2010-4447,\nCVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463,\nCVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471,\nCVE-2010-4473, CVE-2010-4475)\n\nNote: The RHSA-2010:0987 and RHSA-2011:0290 java-1.6.0-ibm errata were\nmissing 64-bit PowerPC packages for Red Hat Enterprise Linux 4 Extras. This\nerratum provides 64-bit PowerPC packages for Red Hat Enterprise Linux 4\nExtras as expected.\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR9-FP1 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:29", "published": "2011-03-16T04:00:00", "id": "RHSA-2011:0357", "href": "https://access.redhat.com/errata/RHSA-2011:0357", "type": "redhat", "title": "(RHSA-2011:0357) Critical: java-1.6.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:31", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4422", "CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4451", "CVE-2010-4452", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4463", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4467", "CVE-2010-4468", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4473", "CVE-2010-4475", "CVE-2010-4476"], "description": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. Further\ninformation about these flaws can be found on the \"Oracle Java SE and Java\nfor Business Critical Patch Update Advisory\" page, listed in the References\nsection. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450,\nCVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463,\nCVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469,\nCVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475,\nCVE-2010-4476)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of Sun Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:34", "published": "2011-02-17T05:00:00", "id": "RHSA-2011:0282", "href": "https://access.redhat.com/errata/RHSA-2011:0282", "type": "redhat", "title": "(RHSA-2011:0282) Critical: java-1.6.0-sun security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:03", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2010-1321", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3553", "CVE-2010-3555", "CVE-2010-3556", "CVE-2010-3557", "CVE-2010-3558", "CVE-2010-3560", "CVE-2010-3562", "CVE-2010-3563", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3571", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574", "CVE-2010-4422", "CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4452", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4463", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4467", "CVE-2010-4468", "CVE-2010-4471", "CVE-2010-4473", "CVE-2010-4475", "CVE-2010-4476"], "description": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite 5.4.1. In\na typical operating environment, these are of low security risk as the\nruntime is not used on untrusted applets.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment. Detailed vulnerability descriptions are linked from the IBM\n\"Security alerts\" page, listed in the References section. (CVE-2009-3555,\nCVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550,\nCVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557,\nCVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,\nCVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572,\nCVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,\nCVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465,\nCVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473,\nCVE-2010-4475, CVE-2010-4476)\n\nUsers of Red Hat Network Satellite 5.4.1 are advised to upgrade to these\nupdated java-1.6.0-ibm packages, which contain the IBM 1.6.0 SR9-FP1 Java\nrelease. For this update to take effect, Red Hat Network Satellite must be\nrestarted. Refer to the Solution section for details.\n", "modified": "2016-04-04T18:36:46", "published": "2011-06-16T04:00:00", "id": "RHSA-2011:0880", "href": "https://access.redhat.com/errata/RHSA-2011:0880", "type": "redhat", "title": "(RHSA-2011:0880) Low: Red Hat Network Satellite server IBM Java Runtime security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:41:42", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2010-4467", "CVE-2010-4466"], "description": "Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-02-22T14:41:11", "published": "2011-02-22T14:41:11", "id": "SUSE-SA:2011:010", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00005.html", "title": "remote code execution in java-1_6_0-sun", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:32:47", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-3557", "CVE-2010-3553", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4422", "CVE-2010-4463", "CVE-2010-3574", "CVE-2010-4473", "CVE-2010-3571", "CVE-2010-4476", "CVE-2010-4471", "CVE-2010-1321", "CVE-2010-4447", "CVE-2010-4467", "CVE-2010-4466"], "description": "IBM Java 6 was updated to SR9 FP1 was updated to fix a critical security bug in float number handling and also contains other security bugfixes.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-03-22T13:32:34", "published": "2011-03-22T13:32:34", "id": "SUSE-SA:2011:014", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-03/msg00003.html", "title": "remote code execution in java-1_6_0-ibm,java-1_5_0-ibm,java-1_4_2-ibm", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:40", "bulletinFamily": "software", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2011-0706", "CVE-2010-4467", "CVE-2010-4466"], "description": "Over 20 of different vulnerabilities.", "edition": 1, "modified": "2011-02-17T00:00:00", "published": "2011-02-17T00:00:00", "id": "SECURITYVULNS:VULN:11443", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11443", "title": "Oracle Java multiple security vulnerabilities / OpenJDK", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:21:16", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "description": "USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM) \narchitectures. This update provides the corresponding updates for \nOpenJDK 6 for use with the armel (ARM) architectures.\n\nIn order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04 \nLTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu \n10.04 LTS updates.\n\nOriginal advisory details:\n\nIt was discovered that untrusted Java applets could create domain \nname resolution cache entries, allowing an attacker to manipulate \nname resolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly \nsetup the LD_LIBRARY_PATH environment variable. A local attacker \ncould exploit this to execute arbitrary code as the user invoking \nthe program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events \ncould allow bypass of SecurityManager checks. This could allow an \nattacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory \nmanagement within the HotSpot JVM. This could allow an attacker to \ncause a denial of service through an application crash or possibly \ninject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled \nallowed them to be manipulated by untrusted applets. An attacker \ncould use this to bypass XML processing restrictions and elevate \nprivileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken \nCFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature \ncomponent could allow an attacker to cause untrusted code to \nreplace the XML Digital Signature Transform or C14N algorithm \nimplementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double literals \nwere improperly handled, allowing a remote attacker to cause a denial \nof service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling multiple \nsignatures allowed remote attackers to gain privileges due to the \nassignment of an inappropriate security descriptor. (CVE-2011-0706)", "edition": 5, "modified": "2011-03-15T00:00:00", "published": "2011-03-15T00:00:00", "id": "USN-1079-2", "href": "https://ubuntu.com/security/notices/USN-1079-2", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T01:41:44", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "description": "USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM) \narchitectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes \nvulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu \n10.10.\n\nOriginal advisory details:\n\nIt was discovered that untrusted Java applets could create domain \nname resolution cache entries, allowing an attacker to manipulate \nname resolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly \nsetup the LD_LIBRARY_PATH environment variable. A local attacker \ncould exploit this to execute arbitrary code as the user invoking \nthe program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events \ncould allow bypass of SecurityManager checks. This could allow an \nattacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory \nmanagement within the HotSpot JVM. This could allow an attacker to \ncause a denial of service through an application crash or possibly \ninject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled \nallowed them to be manipulated by untrusted applets. An attacker \ncould use this to bypass XML processing restrictions and elevate \nprivileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken \nCFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature \ncomponent could allow an attacker to cause untrusted code to \nreplace the XML Digital Signature Transform or C14N algorithm \nimplementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double literals \nwere improperly handled, allowing a remote attacker to cause a denial \nof service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling multiple \nsignatures allowed remote attackers to gain privileges due to the \nassignment of an inappropriate security descriptor. (CVE-2011-0706)", "edition": 5, "modified": "2011-03-17T00:00:00", "published": "2011-03-17T00:00:00", "id": "USN-1079-3", "href": "https://ubuntu.com/security/notices/USN-1079-3", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:29:06", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "description": "It was discovered that untrusted Java applets could create domain \nname resolution cache entries, allowing an attacker to manipulate \nname resolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly \nsetup the LD_LIBRARY_PATH environment variable. A local attacker \ncould exploit this to execute arbitrary code as the user invoking \nthe program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events \ncould allow bypass of SecurityManager checks. This could allow an \nattacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory \nmanagement within the HotSpot JVM. This could allow an attacker to \ncause a denial of service through an application crash or possibly \ninject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled \nallowed them to be manipulated by untrusted applets. An attacker \ncould use this to bypass XML processing restrictions and elevate \nprivileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken \nCFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature \ncomponent could allow an attacker to cause untrusted code to \nreplace the XML Digital Signature Transform or C14N algorithm \nimplementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double literals \nwere improperly handled, allowing a remote attacker to cause a denial \nof service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling multiple \nsignatures allowed remote attackers to gain privileges due to the \nassignment of an inappropriate security descriptor. (CVE-2011-0706)", "edition": 5, "modified": "2011-03-01T00:00:00", "published": "2011-03-01T00:00:00", "id": "USN-1079-1", "href": "https://ubuntu.com/security/notices/USN-1079-1", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:20:00", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2010-4351", "CVE-2011-0706"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2224-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nApril 20, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-6\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2010-4351 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 \n CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472\n CVE-2011-0025 CVE-2011-0706\n\nSeveral security vulnerabilities were discovered in OpenJDK, an\nimplementation of the Java platform.\n\nCVE-2010-4351\n The JNLP SecurityManager returns from the checkPermission method\n instead of throwing an exception in certain circumstances, which\n might allow context-dependent attackers to bypass the intended\n security policy by creating instances of ClassLoader.\n\nCVE-2010-4448\n Malicious applets can perform DNS cache poisoning.\n\nCVE-2010-4450\n An empty (but set) LD_LIBRARY_PATH environment variable results in\n a misconstructed library search path, resulting in code execution\n from possibly untrusted sources.\n\nCVE-2010-4465\n Malicious applets can extend their privileges by abusing Swing\n timers.\n\nCVE-2010-4469\n The Hotspot just-in-time compiler miscompiles crafted byte\n sequences, resulting in heap corruption.\n\nCVE-2010-4470\n JAXP can be exploited by untrusted code to elevate privileges.\n\nCVE-2010-4471\n Java2D can be exploited by untrusted code to elevate privileges.\n\nCVE-2010-4472\n Untrusted code can replace the XML DSIG implementation.\n\nCVE-2011-0025\n Signatures on JAR files are not properly verified, which allows\n remote attackers to trick users into executing code that appears\n to come from a trusted source.\n\nCVE-2011-0706\n The JNLPClassLoader class allows remote attackers to gain\n privileges via unknown vectors related to multiple signers and the\n assignment of "an inappropriate security descriptor\n\nIn addition, this security update contains stability fixes, such as\nswitching to the recommended Hotspot version (hs14) for this\nparticular version of OpenJDK.\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 6b18-1.8.7-2~lenny1.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 6b18-1.8.7-2~squeeze1.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.8.7-1.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2011-04-20T20:20:06", "published": "2011-04-20T20:20:06", "id": "DEBIAN:DSA-2224-1:ECD2A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00093.html", "title": "[SECURITY] [DSA 2224-1] openjdk-6 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706"], "description": "The OpenJDK runtime environment. ", "modified": "2011-02-16T19:17:23", "published": "2011-02-16T19:17:23", "id": "FEDORA:35FB5110DCD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706"], "description": "The OpenJDK runtime environment. ", "modified": "2011-02-16T19:20:33", "published": "2011-02-16T19:20:33", "id": "FEDORA:CA1BF110F53", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706", "CVE-2011-0815", "CVE-2011-0822", "CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0870", "CVE-2011-0871", "CVE-2011-0872"], "description": "The OpenJDK runtime environment. ", "modified": "2011-06-11T04:18:13", "published": "2011-06-11T04:18:13", "id": "FEDORA:5BB2B10F988", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706", "CVE-2011-0815", "CVE-2011-0822", "CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0870", "CVE-2011-0871", "CVE-2011-0872"], "description": "The OpenJDK runtime environment. ", "modified": "2011-06-15T05:33:46", "published": "2011-06-15T05:33:46", "id": "FEDORA:3C16110F9D3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-51.1.8.8.fc13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706", "CVE-2011-0815", "CVE-2011-0822", "CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0870", "CVE-2011-0871", "CVE-2011-0872", "CVE-2011-2513"], "description": "The OpenJDK runtime environment. ", "modified": "2011-08-02T01:56:23", "published": "2011-08-02T01:56:23", "id": "FEDORA:2EE9C110E14", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-54.1.9.9.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706", "CVE-2011-0815", "CVE-2011-0822", "CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0870", "CVE-2011-0871", "CVE-2011-0872", "CVE-2011-2513", "CVE-2011-3389", "CVE-2011-3521", "CVE-2011-3544", "CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3551", "CVE-2011-3552", "CVE-2011-3554", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3558", "CVE-2011-3560"], "description": "The OpenJDK runtime environment. ", "modified": "2011-10-20T09:53:34", "published": "2011-10-20T09:53:34", "id": "FEDORA:5DDA721219", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-55.1.9.10.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "vmware": [{"lastseen": "2019-11-06T16:05:41", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3562", "CVE-2010-4475", "CVE-2011-0865", "CVE-2010-2054", "CVE-2010-4468", "CVE-2010-3557", "CVE-2010-3563", "CVE-2010-3551", "CVE-2011-0802", "CVE-2010-3552", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-3566", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-3565", "CVE-2010-4180", "CVE-2010-4454", "CVE-2010-3572", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2011-0002", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-3574", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-3541", "CVE-2011-0873", "CVE-2010-3571", "CVE-2010-3173", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-3560", "CVE-2010-3559", "CVE-2008-7270", "CVE-2011-0815", "CVE-2010-1321", "CVE-2010-3556", "CVE-2011-0867", "CVE-2010-3561", "CVE-2010-4447", "CVE-2010-3549", "CVE-2010-3554", "CVE-2010-3170", "CVE-2010-4470", "CVE-2010-3555", "CVE-2011-0864", "CVE-2010-3570", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-3548", "CVE-2010-4467", "CVE-2010-3568", "CVE-2011-0862", "CVE-2010-3558", "CVE-2010-4466", "CVE-2010-3569", "CVE-2011-0871", "CVE-2011-0814"], "description": "a. ESX third party update for Service Console openssl RPM \nThe Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 4, "modified": "2012-03-29T00:00:00", "published": "2011-10-27T00:00:00", "id": "VMSA-2011-0013", "href": "https://www.vmware.com/security/advisories/VMSA-2011-0013.html", "title": "VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2019-05-29T18:21:10", "bulletinFamily": "software", "cvelist": ["CVE-2011-0799", "CVE-2011-0412", "CVE-2011-0801", "CVE-2011-0808", "CVE-2011-0859", "CVE-2011-0856", "CVE-2011-0793", "CVE-2011-0791", "CVE-2010-4468", "CVE-2010-3450", "CVE-2011-0837", "CVE-2011-0787", "CVE-2011-0821", "CVE-2011-0812", "CVE-2011-0827", "CVE-2011-0805", "CVE-2011-0846", "CVE-2011-0824", "CVE-2011-0807", "CVE-2010-4452", "CVE-2011-0810", "CVE-2011-0790", "CVE-2010-4462", "CVE-2011-0851", "CVE-2010-4448", "CVE-2010-4465", "CVE-2011-0803", "CVE-2011-0798", "CVE-2010-3689", "CVE-2011-0820", "CVE-2010-4454", "CVE-2011-0806", "CVE-2010-4253", "CVE-2011-0809", "CVE-2011-0789", "CVE-2011-0841", "CVE-2011-0861", "CVE-2010-3451", "CVE-2011-0795", "CVE-2010-4450", "CVE-2011-0834", "CVE-2011-0825", "CVE-2011-0823", "CVE-2011-0850", "CVE-2010-4473", "CVE-2011-0860", "CVE-2011-0828", "CVE-2011-0858", "CVE-2011-0847", "CVE-2009-3555", "CVE-2010-3454", "CVE-2010-4476", "CVE-2010-4472", "CVE-2011-0843", "CVE-2010-4471", "CVE-2011-0849", "CVE-2011-0800", "CVE-2011-0826", "CVE-2011-0840", "CVE-2011-0857", "CVE-2011-0792", "CVE-2011-0818", "CVE-2010-4643", "CVE-2011-0853", "CVE-2011-0794", "CVE-2010-3453", "CVE-2011-0836", "CVE-2011-0839", "CVE-2010-4470", "CVE-2011-0796", "CVE-2011-0833", "CVE-2011-0813", "CVE-2011-0804", "CVE-2011-0819", "CVE-2011-0844", "CVE-2011-0829", "CVE-2011-0855", "CVE-2011-0797", "CVE-2011-0411", "CVE-2011-0785", "CVE-2010-3452", "CVE-2011-0854"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 73 new security fixes across all product families listed below.\n", "modified": "2011-04-28T00:00:00", "published": "2011-04-19T00:00:00", "id": "ORACLE:CPUAPR2011-301950", "href": "", "type": "oracle", "title": "cpuapr2011", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:03", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3562", "CVE-2010-4475", "CVE-2011-0865", "CVE-2011-3557", "CVE-2010-4468", "CVE-2010-3557", "CVE-2011-3551", "CVE-2010-3563", "CVE-2011-3549", "CVE-2010-3551", "CVE-2011-0802", "CVE-2011-0868", "CVE-2010-3552", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-4452", "CVE-2011-3561", "CVE-2010-4462", "CVE-2010-3566", "CVE-2010-4448", "CVE-2010-4465", "CVE-2011-0869", "CVE-2010-3565", "CVE-2011-0863", "CVE-2010-4454", "CVE-2010-3572", "CVE-2010-4451", "CVE-2011-3548", "CVE-2010-4422", "CVE-2011-3547", "CVE-2010-4469", "CVE-2011-3521", "CVE-2011-3389", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-3574", "CVE-2011-3544", "CVE-2011-3553", "CVE-2010-4473", "CVE-2010-4474", "CVE-2011-3516", "CVE-2010-3541", "CVE-2011-3558", "CVE-2011-0873", "CVE-2010-3571", "CVE-2011-3555", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-3560", "CVE-2010-3559", "CVE-2011-0815", "CVE-2011-3546", "CVE-2010-3556", "CVE-2011-3554", "CVE-2011-0867", "CVE-2010-3561", "CVE-2010-4447", "CVE-2010-3549", "CVE-2011-3556", "CVE-2010-3554", "CVE-2010-4470", "CVE-2011-3560", "CVE-2010-3555", "CVE-2011-0864", "CVE-2010-3570", "CVE-2011-3545", "CVE-2011-3552", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-3548", "CVE-2011-3550", "CVE-2010-4467", "CVE-2010-3568", "CVE-2011-0862", "CVE-2010-3558", "CVE-2010-4466", "CVE-2010-3569", "CVE-2011-0871", "CVE-2011-0814", "CVE-2011-0872"], "description": "### Background\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). \n\n### Description\n\nMultiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. \n\n### Impact\n\nA remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jdk-1.6.0.29\"\n \n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jre-bin-1.6.0.29\"\n \n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/emul-linux-x86-java-1.6.0.29\"\n \n\nNOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.", "edition": 1, "modified": "2011-11-05T00:00:00", "published": "2011-11-05T00:00:00", "id": "GLSA-201111-02", "href": "https://security.gentoo.org/glsa/201111-02", "type": "gentoo", "title": "Oracle JRE/JDK: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:20", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5089", "CVE-2013-0426", "CVE-2013-2431", "CVE-2010-3562", "CVE-2013-2420", "CVE-2011-0865", "CVE-2013-2384", "CVE-2013-2415", "CVE-2012-1711", "CVE-2014-2397", "CVE-2013-1571", "CVE-2013-5782", "CVE-2011-3557", "CVE-2013-2417", "CVE-2013-1500", "CVE-2013-2448", "CVE-2010-3557", "CVE-2011-3551", "CVE-2013-4002", "CVE-2013-0401", "CVE-2012-5074", "CVE-2012-5073", "CVE-2013-0427", "CVE-2012-1725", "CVE-2013-2424", "CVE-2014-0457", "CVE-2013-5850", "CVE-2013-2407", "CVE-2013-5778", "CVE-2013-1478", "CVE-2013-2456", "CVE-2010-3551", "CVE-2011-0868", "CVE-2013-0428", "CVE-2014-0446", "CVE-2013-2436", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-1485", "CVE-2013-0169", "CVE-2010-3553", "CVE-2012-1719", "CVE-2014-1876", "CVE-2014-0458", "CVE-2013-0429", "CVE-2014-2427", "CVE-2011-3563", "CVE-2013-1475", "CVE-2013-2421", "CVE-2013-1518", "CVE-2013-0435", "CVE-2012-5087", "CVE-2013-0809", "CVE-2013-0442", "CVE-2010-3566", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-5842", "CVE-2010-4448", "CVE-2013-0431", "CVE-2010-4465", "CVE-2012-5085", "CVE-2012-4540", "CVE-2011-0869", "CVE-2010-3565", "CVE-2012-5076", "CVE-2013-5830", "CVE-2013-2473", "CVE-2013-6954", "CVE-2012-4416", "CVE-2012-5075", "CVE-2014-0453", "CVE-2013-1488", "CVE-2012-0424", "CVE-2013-0434", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2011-3548", "CVE-2012-5081", "CVE-2011-3547", "CVE-2013-5817", "CVE-2010-4469", "CVE-2012-0503", "CVE-2011-3521", "CVE-2013-0443", "CVE-2011-5035", "CVE-2013-2419", "CVE-2014-0461", "CVE-2012-1723", "CVE-2013-2463", "CVE-2011-3571", "CVE-2010-3860", "CVE-2011-3389", "CVE-2013-2469", "CVE-2014-0459", "CVE-2014-0456", "CVE-2010-4450", "CVE-2012-1726", "CVE-2013-2465", "CVE-2013-1537", "CVE-2014-0429", "CVE-2013-5806", "CVE-2010-3574", "CVE-2011-3544", "CVE-2013-5805", "CVE-2011-3553", "CVE-2013-0444", "CVE-2012-0506", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-5825", "CVE-2012-1717", "CVE-2013-2423", "CVE-2010-3541", "CVE-2013-5823", "CVE-2011-3558", "CVE-2014-2403", "CVE-2012-1713", "CVE-2013-2461", "CVE-2012-1716", "CVE-2009-3555", "CVE-2013-2429", "CVE-2013-5849", "CVE-2014-2412", "CVE-2010-2548", "CVE-2012-5086", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-5077", "CVE-2013-1486", "CVE-2013-1476", "CVE-2010-4476", "CVE-2010-4472", "CVE-2013-5780", "CVE-2010-4471", "CVE-2014-2421", "CVE-2012-5069", "CVE-2012-3216", "CVE-2014-0460", "CVE-2011-0870", "CVE-2011-0815", "CVE-2013-0432", "CVE-2012-0505", "CVE-2012-5084", "CVE-2012-1718", "CVE-2010-2783", "CVE-2013-2458", "CVE-2011-3554", "CVE-2013-0424", "CVE-2013-2459", "CVE-2013-0450", "CVE-2012-5071", "CVE-2013-5814", "CVE-2010-3561", "CVE-2011-0025", "CVE-2012-0501", "CVE-2010-3564", "CVE-2013-0440", "CVE-2013-2443", "CVE-2010-3549", "CVE-2012-3422", "CVE-2013-2446", "CVE-2011-3556", "CVE-2012-0547", "CVE-2013-5829", "CVE-2010-3554", "CVE-2013-5803", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2472", "CVE-2014-2423", "CVE-2010-4470", "CVE-2011-0822", "CVE-2011-3560", "CVE-2013-1493", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2010-4351", "CVE-2011-0864", "CVE-2013-2453", "CVE-2013-1557", "CVE-2013-2426", "CVE-2013-2455", "CVE-2013-2422", "CVE-2013-2383", "CVE-2013-0425", "CVE-2013-1484", "CVE-2011-3552", "CVE-2013-5774", "CVE-2012-1724", "CVE-2010-3567", "CVE-2010-3573", "CVE-2013-6629", "CVE-2012-5068", "CVE-2013-3829", "CVE-2013-0441", "CVE-2010-3548", "CVE-2011-0706", "CVE-2012-5979", "CVE-2012-0502", "CVE-2013-5783", "CVE-2010-4467", "CVE-2012-3423", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2014-2398", "CVE-2010-3568", "CVE-2014-0451", "CVE-2013-1569", "CVE-2013-2412", "CVE-2014-0452", "CVE-2011-0862", "CVE-2013-2445", "CVE-2013-2430", "CVE-2013-2460", "CVE-2013-5840", "CVE-2014-2414", "CVE-2010-3569", "CVE-2011-0871", "CVE-2013-2449", "CVE-2011-0872", "CVE-2012-5070", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "description": "### Background\n\nIcedTea is a distribution of the Java OpenJDK source code built with free build tools. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll IcedTea JDK users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-bin-6.1.13.3\"", "edition": 1, "modified": "2016-04-19T00:00:00", "published": "2014-06-29T00:00:00", "id": "GLSA-201406-32", "href": "https://security.gentoo.org/glsa/201406-32", "type": "gentoo", "title": "IcedTea JDK: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}