Java Runtime Environment Multiple Vulnerabilities (MAC OS X)

Java Runtime Environment Multiple Vulnerabilities on MAC OS X. Vulnerabilities could lead to denial of service and arbitrary code execution

Reporter	Title	Published	Views	Family All 449
0day.today	Sun Java Web Start Plugin Command Line Argument Injection (2012)	24 Feb 201200:00	–	zdt
0day.today	Java AtomicReferenceArray Type Violation Vulnerability	30 Mar 201200:00	–	zdt
0day.today	Sun Java Web Start Double Quote Injection Vulnerability	10 Jun 201300:00	–	zdt
0day.today	Java Web Start Double Quote Injection Remote Code Execution	11 Jun 201300:00	–	zdt
IBM Security Bulletins	Security Bulletin: Tivoli Storage Productivity Center - Oracle CPU February 2012, June 2012	19 Aug 202218:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Cognos BI 8.4.1,10.1, 10.1.1 and 10.2 (CVE-2011-3026, CVE-2011-4858, CVE-2012-0498, CVE-2012-2177, CVE-2012-2193, CVE-2012-4835, CVE-2012-4836, CVE-2012-4837, CVE-2012-4840, CVE-2012-4858, CVE-2012-5081)	28 Nov 202219:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in the IBM InfoSphere Information Server Suite.	25 Sep 202220:45	–	ibm
IBM Security Bulletins	Security Bulletin: Unspecified Vulnerabilities in Rational Synergy (CVE-2012-0502,CVE-2012-0503,CVE-2012-0506,CVE-2012-0507,CVE-2011-3563,CVE-2012-0500,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0501,CVE-2012-0505,CVE-2011-5035)	22 Dec 202017:41	–	ibm
IBM Security Bulletins	Security Bulletin: The Java version bundled with IBM Cognos Express is susceptible to unspecified vulnerabilities in the Java Runtime Environment (JRE) (CVE-2012-0498 and CVE-2012-5081)	10 Nov 202212:06	–	ibm
IBM Security Bulletins	Potential Security Vulnerabilities With JavaTM SDKs	17 Jun 201814:05	–	ibm

Source	Link
support	www.support.apple.com/kb/HT1222
packetstormsecurity	www.packetstormsecurity.org/files/111594/Apple-Security-Advisory-2012-04-03-1.html
support	www.support.apple.com/kb/HT5228

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_jre_mult_vuln_macosx.nasl 5977 2017-04-19 09:02:22Z teissa $
#
# Java Runtime Environment Multiple Vulnerabilities (MAC OS X)
#
# Authors:
# Madhuri D <[email protected]>
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation could allow attackers to cause a denial of service or
  possibly execute arbitrary code.
  Impact Level: System/Application";
tag_affected = "Java Runtime Environment (JRE) version 1.6.0_29";
tag_insight = "The flaws are due to multiple unspecified errors in th application.";
tag_solution = "Upgrade to Java Runtime Environment (JRE) version 1.6.0_31 or later
  For updates refer to http://www.oracle.com/technetwork/java/javase/overview/index.html";
tag_summary = "The host is installed with Java Runtime Environment and is prone to
  multiple vulnerabilities.";

if(description)
{
  script_id(802738);
  script_version("$Revision: 5977 $");
  script_cve_id("CVE-2011-3563", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0498",
                "CVE-2012-0499", "CVE-2012-0500", "CVE-2012-0501", "CVE-2012-0502",
                "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507");
  script_bugtraq_id(52012, 51194, 52009, 52019, 52016, 52015, 52013, 52018,
                    52013, 52017, 52014, 52161);
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"$Date: 2017-04-19 11:02:22 +0200 (Wed, 19 Apr 2017) $");
  script_tag(name:"creation_date", value:"2012-04-09 17:06:23 +0530 (Mon, 09 Apr 2012)");
  script_name("Java Runtime Environment Multiple Vulnerabilities (MAC OS X)");
  script_xref(name : "URL" , value : "http://support.apple.com/kb/HT5228");
  script_xref(name : "URL" , value : "http://support.apple.com/kb/HT1222");
  script_xref(name : "URL" , value : "http://packetstormsecurity.org/files/111594/Apple-Security-Advisory-2012-04-03-1.html");

  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_category(ACT_GATHER_INFO);
  script_family("General");
  script_dependencies("gb_jre_detect_macosx.nasl");
  script_require_keys("JRE/MacOSX/Version");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("version_func.inc");

## Variable Initialization
javaVer = "";

## Get the version from KB
javaVer = get_kb_item("JRE/MacOSX/Version");
if(!javaVer){
  exit(0);
}

javaVer = ereg_replace(pattern:"_", string:javaVer, replace: ".");

## Check for Java Version 1.6.0_29
if(version_is_equal(version:javaVer, test_version:"1.6.0.29")){
  security_message(0);
}

19 Apr 2017 00:00Current

0.8Low risk

Vulners AI Score0.8

EPSS0.9358