{"id": "OPENVAS:831354", "type": "openvas", "bulletinFamily": "scanner", "title": "Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk)", "description": "Check for the Version of java-1.6.0-openjdk", "published": "2011-04-01T00:00:00", "modified": "2017-07-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=831354", "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "references": ["2011:054", "http://lists.mandriva.com/security-announce/2011-03/msg00013.php"], "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2010-4351", "CVE-2011-0706"], "lastseen": "2017-07-24T12:55:40", "viewCount": 1, "enchantments": {"score": {"value": 7.4, "vector": "NONE", "modified": "2017-07-24T12:55:40", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:862854", "OPENVAS:1361412562310831354", "OPENVAS:136141256231069567", "OPENVAS:840607", "OPENVAS:1361412562310880559", "OPENVAS:69567", "OPENVAS:1361412562310862854", "OPENVAS:1361412562310840607", "OPENVAS:862853", "OPENVAS:1361412562310862853"]}, {"type": "nessus", "idList": ["FEDORA_2011-1631.NASL", "MANDRIVA_MDVSA-2011-054.NASL", "SUSE_11_2_JAVA-1_6_0-OPENJDK-110228.NASL", "ORACLELINUX_ELSA-2011-0281.NASL", "SUSE_11_3_JAVA-1_6_0-OPENJDK-110228.NASL", "UBUNTU_USN-1079-3.NASL", "DEBIAN_DSA-2224.NASL", "FEDORA_2011-1645.NASL", "UBUNTU_USN-1079-2.NASL", "UBUNTU_USN-1079-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-1079-1", "USN-1079-2", "USN-1079-3", "USN-1055-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2224-1:ECD2A"]}, {"type": "redhat", "idList": ["RHSA-2011:0364", "RHSA-2011:0282", "RHSA-2011:0281"]}, {"type": "centos", "idList": ["CESA-2011:0281"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0281"]}, {"type": "cve", "idList": ["CVE-2010-4469", "CVE-2010-4471", "CVE-2010-4465", "CVE-2010-4351", "CVE-2010-4448", "CVE-2010-4476", "CVE-2011-0706", "CVE-2010-4472", "CVE-2010-4450", "CVE-2010-4470"]}, {"type": "f5", "idList": ["SOL12826", "F5:K12826"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25592", "SECURITYVULNS:VULN:11443", "SECURITYVULNS:VULN:11393"]}, {"type": "suse", "idList": ["SUSE-SU-2011:0823-1", "SUSE-SA:2011:010"]}], "modified": "2017-07-24T12:55:40", "rev": 2}, "vulnersScore": 7.4}, "pluginID": "831354", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been identified and fixed in\n java-1.6.0-openjdk:\n\n The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7,\n 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from\n the checkPermission method instead of throwing an exception in certain\n circumstances, which might allow context-dependent attackers to bypass\n the intended security policy by creating instances of ClassLoader\n (CVE-2010-4351).\n \n Unspecified vulnerability in the Java Runtime Environment (JRE)\n in Oracle Java SE and Java for Business 6 Update 23 and earlier,\n 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote\n untrusted Java Web Start applications and untrusted Java applets to\n affect integrity via unknown vectors related to Networking. NOTE: the\n previous information was obtained from the February 2011 CPU. Oracle\n has not commented on claims from a downstream vendor that this issue\n involves DNS cache poisoning by untrusted applets. (CVE-2010-4448)\n \n Unspecified vulnerability in the Java Runtime Environment (JRE)\n in Oracle Java SE and Java for Business 6 Update 23 and earlier for\n Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux;\n and 1.4.2_29 and earlier for Solaris and Linux allows local standalone\n applications to affect confidentiality, integrity, and availability via\n unknown vectors related to Launcher. NOTE: the previous information was\n obtained from the February 2011 CPU. Oracle has not commented on claims\n from a downstream vendor that this issue is an untrusted search path\n vulnerability involving an empty LD_LIBRARY_PATH environment variable\n (CVE-2010-4450).\n \n Unspecified vulnerability in the Java Runtime Environment (JRE)\n in Oracle Java SE and Java for Business 6 Update 23 and earlier,\n 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote\n untrusted Java Web Start applications and untrusted Java applets to\n affect confidentiality, integrity, and availability via unknown vectors\n related to Swing. NOTE: the previous information was obtained from the\n February 2011 CPU. Oracle has not commented on claims from a downstream\n vendor that this issue is related to the lack of framework support by\n AWT event dispatch, and/or clipboard access in Applets. (CVE-2010-4465)\n \n Unspecified vulnerability in the Java Runtime Environment (JRE)\n in Oracle Java ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"java-1.6.0-openjdk on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-03/msg00013.php\");\n script_id(831354);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-01 15:34:04 +0200 (Fri, 01 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:054\");\n script_cve_id(\"CVE-2010-4351\", \"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0025\", \"CVE-2011-0706\");\n script_name(\"Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk)\");\n\n script_summary(\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-1.5.0.0\", rpm:\"java-1.5.0-gcj-1.5.0.0~17.1.7.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-devel\", rpm:\"java-1.5.0-gcj-devel~1.5.0.0~17.1.7.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-javadoc\", rpm:\"java-1.5.0-gcj-javadoc~1.5.0.0~17.1.7.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-src\", rpm:\"java-1.5.0-gcj-src~1.5.0.0~17.1.7.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~7.b18.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~7.b18.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~7.b18.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n \n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~7.b18.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~7.b18.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-1.5.0.0\", rpm:\"java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ava-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-1.6.0.0\", rpm:\"java-1.6.0-openjdk-1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-1.5.0.0\", rpm:\"java-1.5.0-gcj-1.5.0.0~17.1.7.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-devel\", rpm:\"java-1.5.0-gcj-devel~1.5.0.0~17.1.7.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-javadoc\", rpm:\"java-1.5.0-gcj-javadoc~1.5.0.0~17.1.7.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-src\", rpm:\"java-1.5.0-gcj-src~1.5.0.0~17.1.7.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Mandrake Local Security Checks"}

{"openvas": [{"lastseen": "2020-03-14T19:05:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2010-4351", "CVE-2011-0706"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2011-04-01T00:00:00", "id": "OPENVAS:1361412562310831354", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831354", "type": "openvas", "title": "Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk)", "sourceData": "# Copyright (C) 2011 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-03/msg00013.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831354\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-04-01 15:34:04 +0200 (Fri, 01 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:054\");\n script_cve_id(\"CVE-2010-4351\", \"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0025\", \"CVE-2011-0706\");\n script_name(\"Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2010\\.0|2009\\.0)\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been identified and fixed in\n java-1.6.0-openjdk:\n\n The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7,\n 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from\n the checkPermission method instead of throwing an exception in certain\n circumstances, which might allow context-dependent attackers to bypass\n the intended security policy by creating instances of ClassLoader\n (CVE-2010-4351).\n\n Unspecified vulnerability in the Java Runtime Environment (JRE)\n in Oracle Java SE and Java for Business 6 Update 23 and earlier,\n 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote\n untrusted Java Web Start applications and untrusted Java applets to\n affect integrity via unknown vectors related to Networking. NOTE: the\n previous information was obtained from the February 2011 CPU. Oracle\n has not commented on claims from a downstream vendor that this issue\n involves DNS cache poisoning by untrusted applets. (CVE-2010-4448)\n\n Unspecified vulnerability in the Java Runtime Environment (JRE)\n in Oracle Java SE and Java for Business 6 Update 23 and earlier for\n Solaris and Linux, 5.0 Update 27 and earlier for Solaris and Linux,\n and 1.4.2_29 and earlier for Solaris and Linux allows local standalone\n applications to affect confidentiality, integrity, and availability via\n unknown vectors related to Launcher. NOTE: the previous information was\n obtained from the February 2011 CPU. Oracle has not commented on claims\n from a downstream vendor that this issue is an untrusted search path\n vulnerability involving an empty LD_LIBRARY_PATH environment variable\n (CVE-2010-4450).\n\n Unspecified vulnerability in the Java Runtime Environment (JRE)\n in Oracle Java SE and Java for Business 6 Update 23 and earlier,\n 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote\n untrusted Java Web Start applications and untrusted Java applets to\n affect confidentiality, integrity, and availability via unknown vectors\n related to Swing. NOTE: the previous information was obtained from the\n February 2011 CPU. Oracle has not commented on claims from a downstream\n vendor that this issue is related to the lack of framework support by\n AWT event dispatch, and/or clipboard access in Applets. (CVE-2010-4465)\n\n Unspecified vulnerability in the Java Runtime Environment (JRE)\n in Oracle Java ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"MNDK_mes5\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.5.0-gcj\", rpm:\"java-1.5.0-gcj~1.5.0.0~17.1.7.1mdvmes5.2\", rls:\"MNDK_mes5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.5.0-gcj-devel\", rpm:\"java-1.5.0-gcj-devel~1.5.0.0~17.1.7.1mdvmes5.2\", rls:\"MNDK_mes5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.5.0-gcj-javadoc\", rpm:\"java-1.5.0-gcj-javadoc~1.5.0.0~17.1.7.1mdvmes5.2\", rls:\"MNDK_mes5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.5.0-gcj-src\", rpm:\"java-1.5.0-gcj-src~1.5.0.0~17.1.7.1mdvmes5.2\", rls:\"MNDK_mes5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~7.b18.5mdvmes5.2\", rls:\"MNDK_mes5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~7.b18.5mdvmes5.2\", rls:\"MNDK_mes5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~7.b18.5mdvmes5.2\", rls:\"MNDK_mes5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~7.b18.5mdvmes5.2\", rls:\"MNDK_mes5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~7.b18.5mdvmes5.2\", rls:\"MNDK_mes5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.5.0-gcj\", rpm:\"java-1.5.0-gcj~1.5.0.0~17.1.7.1mdv2009.0\", rls:\"MNDK_mes5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n\nif(release == \"MNDK_2010.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ava-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"MNDK_2009.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.5.0-gcj\", rpm:\"java-1.5.0-gcj~1.5.0.0~17.1.7.1mdv2009.0\", rls:\"MNDK_2009.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.5.0-gcj-devel\", rpm:\"java-1.5.0-gcj-devel~1.5.0.0~17.1.7.1mdv2009.0\", rls:\"MNDK_2009.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.5.0-gcj-javadoc\", rpm:\"java-1.5.0-gcj-javadoc~1.5.0.0~17.1.7.1mdv2009.0\", rls:\"MNDK_2009.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.5.0-gcj-src\", rpm:\"java-1.5.0-gcj-src~1.5.0.0~17.1.7.1mdv2009.0\", rls:\"MNDK_2009.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2010-4351", "CVE-2011-0706"], "description": "The remote host is missing an update to openjdk-6\nannounced via advisory DSA 2224-1.", "modified": "2019-03-18T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:136141256231069567", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069567", "type": "openvas", "title": "Debian Security Advisory DSA 2224-1 (openjdk-6)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2224_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2224-1 (openjdk-6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69567\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-4351\", \"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0025\", \"CVE-2011-0706\");\n script_name(\"Debian Security Advisory DSA 2224-1 (openjdk-6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202224-1\");\n script_tag(name:\"insight\", value:\"Several security vulnerabilities were discovered in OpenJDK, an\nimplementation of the Java platform.\n\nCVE-2010-4351\nThe JNLP SecurityManager returns from the checkPermission method\ninstead of throwing an exception in certain circumstances, which\nmight allow context-dependent attackers to bypass the intended\nsecurity policy by creating instances of ClassLoader.\n\nCVE-2010-4448\nMalicious applets can perform DNS cache poisoning.\n\nCVE-2010-4450\nAn empty (but set) LD_LIBRARY_PATH environment variable results in\na misconstructed library search path, resulting in code execution\nfrom possibly untrusted sources.\n\nCVE-2010-4465\nMalicious applets can extend their privileges by abusing Swing\ntimers.\n\nCVE-2010-4469\nThe Hotspot just-in-time compiler miscompiles crafted byte\nsequences, resulting in heap corruption.\n\nCVE-2010-4470\nJAXP can be exploited by untrusted code to elevate privileges.\n\nCVE-2010-4471\nJava2D can be exploited by untrusted code to elevate privileges.\n\nCVE-2010-4472\nUntrusted code can replace the XML DSIG implementation.\n\nCVE-2011-0025\nSignatures on JAR files are not properly verified, which allows\nremote attackers to trick users into executing code that appears\nto come from a trusted source.\n\nCVE-2011-0706\nThe JNLPClassLoader class allows remote attackers to gain\nprivileges via unknown vectors related to multiple signers and the\nassignment of an inappropriate security descriptor\n\nIn addition, this security update contains stability fixes, such as\nswitching to the recommended Hotspot version (hs14) for this\nparticular version of OpenJDK.\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 6b18-1.8.7-2~lenny1.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 6b18-1.8.7-2~squeeze1.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.8.7-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your openjdk-6 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to openjdk-6\nannounced via advisory DSA 2224-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"1.8.7-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"1.8.7-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"1.8.7-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"1.8.7-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"1.8.7-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"1.8.7-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"1.8.7-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"1.8.7-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"1.8.7-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"1.8.7-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"1.8.7-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2010-4351", "CVE-2011-0706"], "description": "The remote host is missing an update to openjdk-6\nannounced via advisory DSA 2224-1.", "modified": "2017-07-07T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:69567", "href": "http://plugins.openvas.org/nasl.php?oid=69567", "type": "openvas", "title": "Debian Security Advisory DSA 2224-1 (openjdk-6)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2224_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2224-1 (openjdk-6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several security vulnerabilities were discovered in OpenJDK, an\nimplementation of the Java platform.\n\nCVE-2010-4351\nThe JNLP SecurityManager returns from the checkPermission method\ninstead of throwing an exception in certain circumstances, which\nmight allow context-dependent attackers to bypass the intended\nsecurity policy by creating instances of ClassLoader.\n\nCVE-2010-4448\nMalicious applets can perform DNS cache poisoning.\n\nCVE-2010-4450\nAn empty (but set) LD_LIBRARY_PATH environment variable results in\na misconstructed library search path, resulting in code execution\nfrom possibly untrusted sources.\n\nCVE-2010-4465\nMalicious applets can extend their privileges by abusing Swing\ntimers.\n\nCVE-2010-4469\nThe Hotspot just-in-time compiler miscompiles crafted byte\nsequences, resulting in heap corruption.\n\nCVE-2010-4470\nJAXP can be exploited by untrusted code to elevate privileges.\n\nCVE-2010-4471\nJava2D can be exploited by untrusted code to elevate privileges.\n\nCVE-2010-4472\nUntrusted code can replace the XML DSIG implementation.\n\nCVE-2011-0025\nSignatures on JAR files are not properly verified, which allows\nremote attackers to trick users into executing code that appears\nto come from a trusted source.\n\nCVE-2011-0706\nThe JNLPClassLoader class allows remote attackers to gain\nprivileges via unknown vectors related to multiple signers and the\nassignment of an inappropriate security descriptor\n\nIn addition, this security update contains stability fixes, such as\nswitching to the recommended Hotspot version (hs14) for this\nparticular version of OpenJDK.\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 6b18-1.8.7-2~lenny1.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 6b18-1.8.7-2~squeeze1.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.8.7-1.\n\nWe recommend that you upgrade your openjdk-6 packages.\";\ntag_summary = \"The remote host is missing an update to openjdk-6\nannounced via advisory DSA 2224-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202224-1\";\n\n\nif(description)\n{\n script_id(69567);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-4351\", \"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0025\", \"CVE-2011-0706\");\n script_name(\"Debian Security Advisory DSA 2224-1 (openjdk-6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b18-1.8.7-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b18-1.8.7-2~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"1.8.7-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"1.8.7-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"1.8.7-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"1.8.7-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"1.8.7-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"1.8.7-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"1.8.7-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"1.8.7-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"1.8.7-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"1.8.7-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"1.8.7-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2011-0706"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-02-18T00:00:00", "id": "OPENVAS:1361412562310862854", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862854", "type": "openvas", "title": "Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862854\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-1645\");\n script_cve_id(\"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4448\",\n \"CVE-2010-4450\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\",\n \"CVE-2010-4476\", \"CVE-2011-0025\");\n script_name(\"Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~52.1.9.7.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2011-0706"], "description": "Check for the Version of java-1.6.0-openjdk", "modified": "2017-07-10T00:00:00", "published": "2011-02-18T00:00:00", "id": "OPENVAS:862853", "href": "http://plugins.openvas.org/nasl.php?oid=862853", "type": "openvas", "title": "Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"java-1.6.0-openjdk on Fedora 13\";\ntag_insight = \"The OpenJDK runtime environment.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html\");\n script_id(862853);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-1631\");\n script_cve_id(\"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4448\",\n \"CVE-2010-4450\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\",\n \"CVE-2010-4476\", \"CVE-2011-0025\");\n script_name(\"Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631\");\n\n script_summary(\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~50.1.8.7.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2011-0706"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-02-18T00:00:00", "id": "OPENVAS:1361412562310862853", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862853", "type": "openvas", "title": "Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862853\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-1631\");\n script_cve_id(\"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4448\",\n \"CVE-2010-4450\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\",\n \"CVE-2010-4476\", \"CVE-2011-0025\");\n script_name(\"Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~50.1.8.7.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2011-0706"], "description": "Check for the Version of java-1.6.0-openjdk", "modified": "2017-07-10T00:00:00", "published": "2011-02-18T00:00:00", "id": "OPENVAS:862854", "href": "http://plugins.openvas.org/nasl.php?oid=862854", "type": "openvas", "title": "Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"java-1.6.0-openjdk on Fedora 14\";\ntag_insight = \"The OpenJDK runtime environment.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html\");\n script_id(862854);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-1645\");\n script_cve_id(\"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4448\",\n \"CVE-2010-4450\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\",\n \"CVE-2010-4476\", \"CVE-2011-0025\");\n script_name(\"Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645\");\n\n script_summary(\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~52.1.9.7.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1079-1", "modified": "2019-03-13T00:00:00", "published": "2011-03-07T00:00:00", "id": "OPENVAS:1361412562310840607", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840607", "type": "openvas", "title": "Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1079_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1079-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840607\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 06:45:55 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1079-1\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0706\");\n script_name(\"Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(9\\.10|10\\.10|10\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1079-1\");\n script_tag(name:\"affected\", value:\"openjdk-6 vulnerabilities on Ubuntu 9.10,\n Ubuntu 10.04 LTS,\n Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that untrusted Java applets could create domain\n name resolution cache entries, allowing an attacker to manipulate\n name resolution within the JVM. (CVE-2010-4448)\n\n It was discovered that the Java launcher did not did not properly\n setup the LD_LIBRARY_PATH environment variable. A local attacker\n could exploit this to execute arbitrary code as the user invoking\n the program. (CVE-2010-4450)\n\n It was discovered that within the Swing library, forged timer events\n could allow bypass of SecurityManager checks. This could allow an\n attacker to access restricted resources. (CVE-2010-4465)\n\n It was discovered that certain bytecode combinations confused memory\n management within the HotSpot JVM. This could allow an attacker to\n cause a denial of service through an application crash or possibly\n inject code. (CVE-2010-4469)\n\n It was discovered that the way JAXP components were handled\n allowed them to be manipulated by untrusted applets. An attacker\n could use this to bypass XML processing restrictions and elevate\n privileges. (CVE-2010-4470)\n\n It was discovered that the Java2D subcomponent, when processing broken\n CFF fonts could leak system properties. (CVE-2010-4471)\n\n It was discovered that a flaw in the XML Digital Signature\n component could allow an attacker to cause untrusted code to\n replace the XML Digital Signature Transform or C14N algorithm\n implementations. (CVE-2010-4472)\n\n Konstantin Preisser and others discovered that specific double literals\n were improperly handled, allowing a remote attacker to cause a denial\n of service. (CVE-2010-4476)\n\n It was discovered that the JNLPClassLoader class when handling multiple\n signatures allowed remote attackers to gain privileges due to the\n assignment of an inappropriate security descriptor. (CVE-2011-0706)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:26:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1079-1", "modified": "2017-12-01T00:00:00", "published": "2011-03-07T00:00:00", "id": "OPENVAS:840607", "href": "http://plugins.openvas.org/nasl.php?oid=840607", "type": "openvas", "title": "Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1079_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that untrusted Java applets could create domain\n name resolution cache entries, allowing an attacker to manipulate\n name resolution within the JVM. (CVE-2010-4448)\n\n It was discovered that the Java launcher did not did not properly\n setup the LD_LIBRARY_PATH environment variable. A local attacker\n could exploit this to execute arbitrary code as the user invoking\n the program. (CVE-2010-4450)\n \n It was discovered that within the Swing library, forged timer events\n could allow bypass of SecurityManager checks. This could allow an\n attacker to access restricted resources. (CVE-2010-4465)\n \n It was discovered that certain bytecode combinations confused memory\n management within the HotSpot JVM. This could allow an attacker to\n cause a denial of service through an application crash or possibly\n inject code. (CVE-2010-4469)\n \n It was discovered that the way JAXP components were handled\n allowed them to be manipulated by untrusted applets. An attacker\n could use this to bypass XML processing restrictions and elevate\n privileges. (CVE-2010-4470)\n \n It was discovered that the Java2D subcomponent, when processing broken\n CFF fonts could leak system properties. (CVE-2010-4471)\n \n It was discovered that a flaw in the XML Digital Signature\n component could allow an attacker to cause untrusted code to\n replace the XML Digital Signature Transform or C14N algorithm\n implementations. (CVE-2010-4472)\n \n Konstantin Prei&#223;er and others discovered that specific double literals\n were improperly handled, allowing a remote attacker to cause a denial\n of service. (CVE-2010-4476)\n \n It was discovered that the JNLPClassLoader class when handling multiple\n signatures allowed remote attackers to gain privileges due to the\n assignment of an inappropriate security descriptor. (CVE-2011-0706)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1079-1\";\ntag_affected = \"openjdk-6 vulnerabilities on Ubuntu 9.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1079-1/\");\n script_id(840607);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 06:45:55 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1079-1\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0706\");\n script_name(\"Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2011-02-18T00:00:00", "id": "OPENVAS:1361412562310870394", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870394", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-February/msg00024.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870394\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0281-01\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n\n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n\n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n\n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n\n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n\n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the 'appletviewer' application.\n\n This update also provides one defense in depth patch. (BZ#676019)\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-07T11:53:08", "description": "Multiple vulnerabilities has been identified and fixed in\njava-1.6.0-openjdk :\n\nThe JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8\nbefore 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the\ncheckPermission method instead of throwing an exception in certain\ncircumstances, which might allow context-dependent attackers to bypass\nthe intended security policy by creating instances of ClassLoader\n(CVE-2010-4351).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23 and earlier, 5.0\nUpdate 27 and earlier, and 1.4.2_29 earlier allows remote untrusted\nJava Web Start applications and untrusted Java applets to affect\nintegrity via unknown vectors related to Networking. NOTE: the\nprevious information was obtained from the February 2011 CPU. Oracle\nhas not commented on claims from a downstream vendor that this issue\ninvolves DNS cache poisoning by untrusted applets. (CVE-2010-4448)\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23 and earlier for\nSolaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux;\nand 1.4.2_29 and earlier for Solaris and Linux allows local standalone\napplications to affect confidentiality, integrity, and availability\nvia unknown vectors related to Launcher. NOTE: the previous\ninformation was obtained from the February 2011 CPU. Oracle has not\ncommented on claims from a downstream vendor that this issue is an\nuntrusted search path vulnerability involving an empty LD_LIBRARY_PATH\nenvironment variable (CVE-2010-4450).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23 and earlier, 5.0\nUpdate 27 and earlier, and 1.4.2_29 and earlier allows remote\nuntrusted Java Web Start applications and untrusted Java applets to\naffect confidentiality, integrity, and availability via unknown\nvectors related to Swing. NOTE: the previous information was obtained\nfrom the February 2011 CPU. Oracle has not commented on claims from a\ndownstream vendor that this issue is related to the lack of framework\nsupport by AWT event dispatch, and/or clipboard access in Applets.\n(CVE-2010-4465)\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23 and earlier, 5.0\nUpdate 27 and earlier, and 1.4.2_29 and earlier allows remote\nuntrusted Java Web Start applications and untrusted Java applets to\naffect confidentiality, integrity, and availability via unknown\nvectors related to HotSpot. NOTE: the previous information was\nobtained from the February 2011 CPU. Oracle has not commented on\nclaims from a downstream vendor that this issue is heap corruption\nrelated to the Verifier and backward jsrs. (CVE-2010-4469)\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23, and, and earlier\nallows remote attackers to affect availability via unknown vectors\nrelated to JAXP and unspecified APIs. NOTE: the previous information\nwas obtained from the February 2011 CPU. Oracle has not commented on\nclaims from a downstream vendor that this issue is related to Features\nset on SchemaFactory not inherited by Validator. (CVE-2010-4470)\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0\nUpdate 27 and earlier allows remote untrusted Java Web Start\napplications and untrusted Java applets to affect confidentiality via\nunknown vectors related to 2D. NOTE: the previous information was\nobtained from the February 2011 CPU. Oracle has not commented on\nclaims from a downstream vendor that this issue is related to the\nexposure of system properties via vectors related to Font.createFont\nand exception text (CVE-2010-4471).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23 and earlier allows\nremote attackers to affect availability, related to XML Digital\nSignature and unspecified APIs. NOTE: the previous information was\nobtained from the February 2011 CPU. Oracle has not commented on\nclaims from a downstream vendor that this issue involves the\nreplacement of the XML DSig Transform or C14N algorithm\nimplementations. (CVE-2010-4472)\n\nThe Double.parseDouble method in Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23 and earlier, 5.0\nUpdate 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK,\nApache, JBossweb, and other products, allows remote attackers to cause\na denial of service via a crafted string that triggers an infinite\nloop of estimations during conversion to a double-precision binary\nfloating-point number, as demonstrated using 2.2250738585072012e-308\n(CVE-2010-4476).\n\nIcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does\nnot properly verify signatures for JAR files that (1) are partially\nsigned or (2) signed by multiple entities, which allows remote\nattackers to trick users into executing code that appears to come from\na trusted source (CVE-2011-0025).\n\nThe JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in\nOpenJDK Runtime Environment 1.6.0, allows remote attackers to gain\nprivileges via unknown vectors related to multiple signers and the\nassignment of an inappropriate security descriptor. (CVE-2011-0706)\n\nAdditionally the java-1.5.0-gcj packages were not rebuilt with the\nshipped version on GCC for 2009.0 and Enterprise Server 5 which caused\nproblems while building the java-1.6.0-openjdk updates, therefore\nrebuilt java-1.5.0-gcj packages are being provided with this advisory\nas well.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.", "edition": 26, "published": "2011-03-28T00:00:00", "title": "Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:054)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2010-4351", "CVE-2011-0706"], "modified": "2011-03-28T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:java-1.6.0-openjdk", "p-cpe:/a:mandriva:linux:java-1.5.0-gcj-javadoc", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-plugin", "p-cpe:/a:mandriva:linux:java-1.5.0-gcj", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:java-1.5.0-gcj-devel", "p-cpe:/a:mandriva:linux:java-1.5.0-gcj-src", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel"], "id": "MANDRIVA_MDVSA-2011-054.NASL", "href": "https://www.tenable.com/plugins/nessus/53001", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:054. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53001);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-4351\", \"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0025\", \"CVE-2011-0706\");\n script_bugtraq_id(45894, 46091, 46110, 46387, 46397, 46398, 46399, 46400, 46404, 46406, 46439);\n script_xref(name:\"MDVSA\", value:\"2011:054\");\n\n script_name(english:\"Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:054)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been identified and fixed in\njava-1.6.0-openjdk :\n\nThe JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8\nbefore 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the\ncheckPermission method instead of throwing an exception in certain\ncircumstances, which might allow context-dependent attackers to bypass\nthe intended security policy by creating instances of ClassLoader\n(CVE-2010-4351).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23 and earlier, 5.0\nUpdate 27 and earlier, and 1.4.2_29 earlier allows remote untrusted\nJava Web Start applications and untrusted Java applets to affect\nintegrity via unknown vectors related to Networking. NOTE: the\nprevious information was obtained from the February 2011 CPU. Oracle\nhas not commented on claims from a downstream vendor that this issue\ninvolves DNS cache poisoning by untrusted applets. (CVE-2010-4448)\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23 and earlier for\nSolaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux;\nand 1.4.2_29 and earlier for Solaris and Linux allows local standalone\napplications to affect confidentiality, integrity, and availability\nvia unknown vectors related to Launcher. NOTE: the previous\ninformation was obtained from the February 2011 CPU. Oracle has not\ncommented on claims from a downstream vendor that this issue is an\nuntrusted search path vulnerability involving an empty LD_LIBRARY_PATH\nenvironment variable (CVE-2010-4450).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23 and earlier, 5.0\nUpdate 27 and earlier, and 1.4.2_29 and earlier allows remote\nuntrusted Java Web Start applications and untrusted Java applets to\naffect confidentiality, integrity, and availability via unknown\nvectors related to Swing. NOTE: the previous information was obtained\nfrom the February 2011 CPU. Oracle has not commented on claims from a\ndownstream vendor that this issue is related to the lack of framework\nsupport by AWT event dispatch, and/or clipboard access in Applets.\n(CVE-2010-4465)\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23 and earlier, 5.0\nUpdate 27 and earlier, and 1.4.2_29 and earlier allows remote\nuntrusted Java Web Start applications and untrusted Java applets to\naffect confidentiality, integrity, and availability via unknown\nvectors related to HotSpot. NOTE: the previous information was\nobtained from the February 2011 CPU. Oracle has not commented on\nclaims from a downstream vendor that this issue is heap corruption\nrelated to the Verifier and backward jsrs. (CVE-2010-4469)\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23, and, and earlier\nallows remote attackers to affect availability via unknown vectors\nrelated to JAXP and unspecified APIs. NOTE: the previous information\nwas obtained from the February 2011 CPU. Oracle has not commented on\nclaims from a downstream vendor that this issue is related to Features\nset on SchemaFactory not inherited by Validator. (CVE-2010-4470)\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0\nUpdate 27 and earlier allows remote untrusted Java Web Start\napplications and untrusted Java applets to affect confidentiality via\nunknown vectors related to 2D. NOTE: the previous information was\nobtained from the February 2011 CPU. Oracle has not commented on\nclaims from a downstream vendor that this issue is related to the\nexposure of system properties via vectors related to Font.createFont\nand exception text (CVE-2010-4471).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23 and earlier allows\nremote attackers to affect availability, related to XML Digital\nSignature and unspecified APIs. NOTE: the previous information was\nobtained from the February 2011 CPU. Oracle has not commented on\nclaims from a downstream vendor that this issue involves the\nreplacement of the XML DSig Transform or C14N algorithm\nimplementations. (CVE-2010-4472)\n\nThe Double.parseDouble method in Java Runtime Environment (JRE) in\nOracle Java SE and Java for Business 6 Update 23 and earlier, 5.0\nUpdate 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK,\nApache, JBossweb, and other products, allows remote attackers to cause\na denial of service via a crafted string that triggers an infinite\nloop of estimations during conversion to a double-precision binary\nfloating-point number, as demonstrated using 2.2250738585072012e-308\n(CVE-2010-4476).\n\nIcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does\nnot properly verify signatures for JAR files that (1) are partially\nsigned or (2) signed by multiple entities, which allows remote\nattackers to trick users into executing code that appears to come from\na trusted source (CVE-2011-0025).\n\nThe JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in\nOpenJDK Runtime Environment 1.6.0, allows remote attackers to gain\nprivileges via unknown vectors related to multiple signers and the\nassignment of an inappropriate security descriptor. (CVE-2011-0706)\n\nAdditionally the java-1.5.0-gcj packages were not rebuilt with the\nshipped version on GCC for 2009.0 and Enterprise Server 5 which caused\nproblems while building the java-1.6.0-openjdk updates, therefore\nrebuilt java-1.5.0-gcj packages are being provided with this advisory\nas well.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.5.0-gcj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.5.0-gcj-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.5.0-gcj-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.5.0-gcj-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:46:27", "description": "Several security vulnerabilities were discovered in OpenJDK, an\nimplementation of the Java platform.\n\n - CVE-2010-4351\n The JNLP SecurityManager returns from the\n checkPermission method instead of throwing an exception\n in certain circumstances, which might allow\n context-dependent attackers to bypass the intended\n security policy by creating instances of ClassLoader.\n\n - CVE-2010-4448\n Malicious applets can perform DNS cache poisoning.\n\n - CVE-2010-4450\n An empty (but set) LD_LIBRARY_PATH environment variable\n results in a misconstructed library search path,\n resulting in code execution from possibly untrusted\n sources.\n\n - CVE-2010-4465\n Malicious applets can extend their privileges by abusing\n Swing timers.\n\n - CVE-2010-4469\n The Hotspot just-in-time compiler miscompiles crafted\n byte sequences, resulting in heap corruption.\n\n - CVE-2010-4470\n JAXP can be exploited by untrusted code to elevate\n privileges.\n\n - CVE-2010-4471\n Java2D can be exploited by untrusted code to elevate\n privileges.\n\n - CVE-2010-4472\n Untrusted code can replace the XML DSIG implementation.\n\n - CVE-2011-0025\n Signatures on JAR files are not properly verified, which\n allows remote attackers to trick users into executing\n code that appears to come from a trusted source.\n\n - CVE-2011-0706\n The JNLPClassLoader class allows remote attackers to\n gain privileges via unknown vectors related to multiple\n signers and the assignment of an inappropriate security\n descriptor.\n\nIn addition, this security update contains stability fixes, such as\nswitching to the recommended Hotspot version (hs14) for this\nparticular version of OpenJDK.", "edition": 18, "published": "2011-04-21T00:00:00", "title": "Debian DSA-2224-1 : openjdk-6 - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2010-4351", "CVE-2011-0706"], "modified": "2011-04-21T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:openjdk-6"], "id": "DEBIAN_DSA-2224.NASL", "href": "https://www.tenable.com/plugins/nessus/53507", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2224. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53507);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-4351\", \"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0025\", \"CVE-2011-0706\");\n script_bugtraq_id(45894, 46110, 46387, 46397, 46398, 46399, 46400, 46404, 46406, 46439);\n script_xref(name:\"DSA\", value:\"2224\");\n\n script_name(english:\"Debian DSA-2224-1 : openjdk-6 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security vulnerabilities were discovered in OpenJDK, an\nimplementation of the Java platform.\n\n - CVE-2010-4351\n The JNLP SecurityManager returns from the\n checkPermission method instead of throwing an exception\n in certain circumstances, which might allow\n context-dependent attackers to bypass the intended\n security policy by creating instances of ClassLoader.\n\n - CVE-2010-4448\n Malicious applets can perform DNS cache poisoning.\n\n - CVE-2010-4450\n An empty (but set) LD_LIBRARY_PATH environment variable\n results in a misconstructed library search path,\n resulting in code execution from possibly untrusted\n sources.\n\n - CVE-2010-4465\n Malicious applets can extend their privileges by abusing\n Swing timers.\n\n - CVE-2010-4469\n The Hotspot just-in-time compiler miscompiles crafted\n byte sequences, resulting in heap corruption.\n\n - CVE-2010-4470\n JAXP can be exploited by untrusted code to elevate\n privileges.\n\n - CVE-2010-4471\n Java2D can be exploited by untrusted code to elevate\n privileges.\n\n - CVE-2010-4472\n Untrusted code can replace the XML DSIG implementation.\n\n - CVE-2011-0025\n Signatures on JAR files are not properly verified, which\n allows remote attackers to trick users into executing\n code that appears to come from a trusted source.\n\n - CVE-2011-0706\n The JNLPClassLoader class allows remote attackers to\n gain privileges via unknown vectors related to multiple\n signers and the assignment of an inappropriate security\n descriptor.\n\nIn addition, this security update contains stability fixes, such as\nswitching to the recommended Hotspot version (hs14) for this\nparticular version of OpenJDK.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/openjdk-6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2224\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjdk-6 packages.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 6b18-1.8.7-2~lenny1.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 6b18-1.8.7-2~squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6\", reference:\"6b18-1.8.7-2~lenny1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icedtea-6-jre-cacao\", reference:\"6b18-1.8.7-2~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-dbg\", reference:\"6b18-1.8.7-2~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-demo\", reference:\"6b18-1.8.7-2~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-doc\", reference:\"6b18-1.8.7-2~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jdk\", reference:\"6b18-1.8.7-2~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre\", reference:\"6b18-1.8.7-2~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre-headless\", reference:\"6b18-1.8.7-2~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre-lib\", reference:\"6b18-1.8.7-2~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre-zero\", reference:\"6b18-1.8.7-2~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-source\", reference:\"6b18-1.8.7-2~squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:34:27", "description": "USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM)\narchitectures. This update provides the corresponding updates for\nOpenJDK 6 for use with the armel (ARM) architectures.\n\nIn order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04\nLTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu\n10.04 LTS updates.\n\nIt was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not\nproperly setup the LD_LIBRARY_PATH environment variable. A\nlocal attacker could exploit this to execute arbitrary code\nas the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged\ntimer events could allow bypass of SecurityManager checks.\nThis could allow an attacker to access restricted resources.\n(CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations\nconfused memory management within the HotSpot JVM. This\ncould allow an attacker to cause a denial of service through\nan application crash or possibly inject code.\n(CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled\nallowed them to be manipulated by untrusted applets. An\nattacker could use this to bypass XML processing\nrestrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when\nprocessing broken CFF fonts could leak system properties.\n(CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature\ncomponent could allow an attacker to cause untrusted code to\nreplace the XML Digital Signature Transform or C14N\nalgorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific\ndouble literals were improperly handled, allowing a remote\nattacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when\nhandling multiple signatures allowed remote attackers to\ngain privileges due to the assignment of an inappropriate\nsecurity descriptor. (CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2013-03-09T00:00:00", "title": "Ubuntu 9.10 / 10.04 LTS : openjdk-6b18 vulnerabilities (USN-1079-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless"], "id": "UBUNTU_USN-1079-2.NASL", "href": "https://www.tenable.com/plugins/nessus/65099", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1079-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65099);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0706\");\n script_bugtraq_id(46091, 46387, 46397, 46398, 46399, 46400, 46404, 46406, 46439);\n script_xref(name:\"USN\", value:\"1079-2\");\n\n script_name(english:\"Ubuntu 9.10 / 10.04 LTS : openjdk-6b18 vulnerabilities (USN-1079-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM)\narchitectures. This update provides the corresponding updates for\nOpenJDK 6 for use with the armel (ARM) architectures.\n\nIn order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04\nLTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu\n10.04 LTS updates.\n\nIt was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not\nproperly setup the LD_LIBRARY_PATH environment variable. A\nlocal attacker could exploit this to execute arbitrary code\nas the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged\ntimer events could allow bypass of SecurityManager checks.\nThis could allow an attacker to access restricted resources.\n(CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations\nconfused memory management within the HotSpot JVM. This\ncould allow an attacker to cause a denial of service through\nan application crash or possibly inject code.\n(CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled\nallowed them to be manipulated by untrusted applets. An\nattacker could use this to bypass XML processing\nrestrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when\nprocessing broken CFF fonts could leak system properties.\n(CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature\ncomponent could allow an attacker to cause untrusted code to\nreplace the XML Digital Signature Transform or C14N\nalgorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific\ndouble literals were improperly handled, allowing a remote\nattacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when\nhandling multiple signatures allowed remote attackers to\ngain privileges due to the assignment of an inappropriate\nsecurity descriptor. (CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1079-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected icedtea6-plugin, openjdk-6-jre and / or\nopenjdk-6-jre-headless packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b18-1.8.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b18-1.8.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b18-1.8.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea6-plugin\", pkgver:\"6b18-1.8.7-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b18-1.8.7-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b18-1.8.7-0ubuntu1~10.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea6-plugin / openjdk-6-jre / openjdk-6-jre-headless\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:34:27", "description": "USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM)\narchitectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes\nvulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu\n10.10.\n\nIt was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not\nproperly setup the LD_LIBRARY_PATH environment variable. A\nlocal attacker could exploit this to execute arbitrary code\nas the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged\ntimer events could allow bypass of SecurityManager checks.\nThis could allow an attacker to access restricted resources.\n(CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations\nconfused memory management within the HotSpot JVM. This\ncould allow an attacker to cause a denial of service through\nan application crash or possibly inject code.\n(CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled\nallowed them to be manipulated by untrusted applets. An\nattacker could use this to bypass XML processing\nrestrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when\nprocessing broken CFF fonts could leak system properties.\n(CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature\ncomponent could allow an attacker to cause untrusted code to\nreplace the XML Digital Signature Transform or C14N\nalgorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific\ndouble literals were improperly handled, allowing a remote\nattacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when\nhandling multiple signatures allowed remote attackers to\ngain privileges due to the assignment of an inappropriate\nsecurity descriptor. (CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2013-03-09T00:00:00", "title": "Ubuntu 10.10 : openjdk-6b18 vulnerabilities (USN-1079-3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless"], "id": "UBUNTU_USN-1079-3.NASL", "href": "https://www.tenable.com/plugins/nessus/65100", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1079-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65100);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0706\");\n script_bugtraq_id(46091, 46387, 46397, 46398, 46399, 46400, 46404, 46406, 46439);\n script_xref(name:\"USN\", value:\"1079-3\");\n\n script_name(english:\"Ubuntu 10.10 : openjdk-6b18 vulnerabilities (USN-1079-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM)\narchitectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes\nvulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu\n10.10.\n\nIt was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not\nproperly setup the LD_LIBRARY_PATH environment variable. A\nlocal attacker could exploit this to execute arbitrary code\nas the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged\ntimer events could allow bypass of SecurityManager checks.\nThis could allow an attacker to access restricted resources.\n(CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations\nconfused memory management within the HotSpot JVM. This\ncould allow an attacker to cause a denial of service through\nan application crash or possibly inject code.\n(CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled\nallowed them to be manipulated by untrusted applets. An\nattacker could use this to bypass XML processing\nrestrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when\nprocessing broken CFF fonts could leak system properties.\n(CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature\ncomponent could allow an attacker to cause untrusted code to\nreplace the XML Digital Signature Transform or C14N\nalgorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific\ndouble literals were improperly handled, allowing a remote\nattacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when\nhandling multiple signatures allowed remote attackers to\ngain privileges due to the assignment of an inappropriate\nsecurity descriptor. (CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1079-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected icedtea6-plugin, openjdk-6-jre and / or\nopenjdk-6-jre-headless packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b18-1.8.7-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b18-1.8.7-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b18-1.8.7-0ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea6-plugin / openjdk-6-jre / openjdk-6-jre-headless\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:34:25", "description": "It was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly\nsetup the LD_LIBRARY_PATH environment variable. A local attacker could\nexploit this to execute arbitrary code as the user invoking the\nprogram. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events\ncould allow bypass of SecurityManager checks. This could allow an\nattacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory\nmanagement within the HotSpot JVM. This could allow an attacker to\ncause a denial of service through an application crash or possibly\ninject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled allowed\nthem to be manipulated by untrusted applets. An attacker could use\nthis to bypass XML processing restrictions and elevate privileges.\n(CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken\nCFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature component\ncould allow an attacker to cause untrusted code to replace the XML\nDigital Signature Transform or C14N algorithm implementations.\n(CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double\nliterals were improperly handled, allowing a remote attacker to cause\na denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling\nmultiple signatures allowed remote attackers to gain privileges due to\nthe assignment of an inappropriate security descriptor.\n(CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-03-02T00:00:00", "title": "Ubuntu 9.10 / 10.04 LTS / 10.10 : openjdk-6 vulnerabilities (USN-1079-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk", "p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless"], "id": "UBUNTU_USN-1079-1.NASL", "href": "https://www.tenable.com/plugins/nessus/52498", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1079-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52498);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0706\");\n script_bugtraq_id(46091, 46387, 46397, 46398, 46399, 46400, 46404, 46406, 46439);\n script_xref(name:\"USN\", value:\"1079-1\");\n\n script_name(english:\"Ubuntu 9.10 / 10.04 LTS / 10.10 : openjdk-6 vulnerabilities (USN-1079-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly\nsetup the LD_LIBRARY_PATH environment variable. A local attacker could\nexploit this to execute arbitrary code as the user invoking the\nprogram. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events\ncould allow bypass of SecurityManager checks. This could allow an\nattacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory\nmanagement within the HotSpot JVM. This could allow an attacker to\ncause a denial of service through an application crash or possibly\ninject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled allowed\nthem to be manipulated by untrusted applets. An attacker could use\nthis to bypass XML processing restrictions and elevate privileges.\n(CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken\nCFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature component\ncould allow an attacker to cause untrusted code to replace the XML\nDigital Signature Transform or C14N algorithm implementations.\n(CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double\nliterals were improperly handled, allowing a remote attacker to cause\na denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling\nmultiple signatures allowed remote attackers to gain privileges due to\nthe assignment of an inappropriate security descriptor.\n(CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1079-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-dbg\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-demo\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-doc\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-source\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea6-plugin\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-dbg\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-demo\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-doc\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-source\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-dbg\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-demo\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-doc\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-source\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-6-jre-cacao / icedtea6-plugin / openjdk-6-dbg / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:55:01", "description": "Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)", "edition": 25, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_JAVA-1_6_0-OPENJDK-110228.NASL", "href": "https://www.tenable.com/plugins/nessus/75538", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-4038.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75538);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:41\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-4038 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:53:36", "description": "Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)", "edition": 25, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src"], "id": "SUSE_11_2_JAVA-1_6_0-OPENJDK-110228.NASL", "href": "https://www.tenable.com/plugins/nessus/53735", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-4038.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53735);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:40\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-4038 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:09:21", "description": "This update fixes the following security issues :\n\nS6378709, CVE-2010-4465: AWT event dispatch does not support framework\ncode \n\nS6854912, CVE-2010-4465: Security issue with the clipboard access in\nApplets \n\nS6878713, CVE-2010-4469: Verifier heap corruption, relating to\nbackward jsrs \n\nS6907662, CVE-2010-4465: System clipboard should ensure access\nrestrictions \n\nS6927050, CVE-2010-4470: Features set on SchemaFactory not inherited\nby Validator \n\nS6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets \n\nS6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH\nenvironment variable in the launcher \n\nS6985453, CVE-2010-4471: Font.createFont may expose some system\nproperties in exception text \n\nS6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig\nTransform or C14N algorithm implementations \n\nRH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2011-02-17T00:00:00", "title": "Fedora 14 : java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14 (2011-1645)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2011-02-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk"], "id": "FEDORA_2011-1645.NASL", "href": "https://www.tenable.com/plugins/nessus/52006", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-1645.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52006);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n script_xref(name:\"FEDORA\", value:\"2011-1645\");\n\n script_name(english:\"Fedora 14 : java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14 (2011-1645)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\nS6378709, CVE-2010-4465: AWT event dispatch does not support framework\ncode \n\nS6854912, CVE-2010-4465: Security issue with the clipboard access in\nApplets \n\nS6878713, CVE-2010-4469: Verifier heap corruption, relating to\nbackward jsrs \n\nS6907662, CVE-2010-4465: System clipboard should ensure access\nrestrictions \n\nS6927050, CVE-2010-4470: Features set on SchemaFactory not inherited\nby Validator \n\nS6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets \n\nS6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH\nenvironment variable in the launcher \n\nS6985453, CVE-2010-4471: Font.createFont may expose some system\nproperties in exception text \n\nS6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig\nTransform or C14N algorithm implementations \n\nRH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48fd0267\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:09:21", "description": "This update fixes the following security issues :\n\nS6378709, CVE-2010-4465: AWT event dispatch does not support framework\ncode \n\nS6854912, CVE-2010-4465: Security issue with the clipboard access in\nApplets \n\nS6878713, CVE-2010-4469: Verifier heap corruption, relating to\nbackward jsrs \n\nS6907662, CVE-2010-4465: System clipboard should ensure access\nrestrictions \n\nS6927050, CVE-2010-4470: Features set on SchemaFactory not inherited\nby Validator \n\nS6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets \n\nS6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH\nenvironment variable in the launcher \n\nS6985453, CVE-2010-4471: Font.createFont may expose some system\nproperties in exception text \n\nS6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig\nTransform or C14N algorithm implementations \n\nRH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2011-02-17T00:00:00", "title": "Fedora 13 : java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13 (2011-1631)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2011-02-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk"], "id": "FEDORA_2011-1631.NASL", "href": "https://www.tenable.com/plugins/nessus/52005", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-1631.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52005);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n script_xref(name:\"FEDORA\", value:\"2011-1631\");\n\n script_name(english:\"Fedora 13 : java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13 (2011-1631)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\nS6378709, CVE-2010-4465: AWT event dispatch does not support framework\ncode \n\nS6854912, CVE-2010-4465: Security issue with the clipboard access in\nApplets \n\nS6878713, CVE-2010-4469: Verifier heap corruption, relating to\nbackward jsrs \n\nS6907662, CVE-2010-4465: System clipboard should ensure access\nrestrictions \n\nS6927050, CVE-2010-4470: Features set on SchemaFactory not inherited\nby Validator \n\nS6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets \n\nS6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH\nenvironment variable in the launcher \n\nS6985453, CVE-2010-4471: Font.createFont may expose some system\nproperties in exception text \n\nS6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig\nTransform or C14N algorithm implementations \n\nRH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9a673f3e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:58:54", "description": "Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 28, "published": "2011-02-18T00:00:00", "title": "RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:0281)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "cpe:/o:redhat:enterprise_linux:5.6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "cpe:/o:redhat:enterprise_linux:6.0", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo"], "id": "REDHAT-RHSA-2011-0281.NASL", "href": "https://www.tenable.com/plugins/nessus/52020", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0281. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52020);\n script_version (\"1.24\");\n script_cvs_date(\"Date: 2019/10/25 13:36:15\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\");\n script_bugtraq_id(46387, 46397, 46398, 46400, 46404, 46406);\n script_xref(name:\"RHSA\", value:\"2011:0281\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:0281)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0281\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0281\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:20:00", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2010-4351", "CVE-2011-0706"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2224-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nApril 20, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-6\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2010-4351 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 \n CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472\n CVE-2011-0025 CVE-2011-0706\n\nSeveral security vulnerabilities were discovered in OpenJDK, an\nimplementation of the Java platform.\n\nCVE-2010-4351\n The JNLP SecurityManager returns from the checkPermission method\n instead of throwing an exception in certain circumstances, which\n might allow context-dependent attackers to bypass the intended\n security policy by creating instances of ClassLoader.\n\nCVE-2010-4448\n Malicious applets can perform DNS cache poisoning.\n\nCVE-2010-4450\n An empty (but set) LD_LIBRARY_PATH environment variable results in\n a misconstructed library search path, resulting in code execution\n from possibly untrusted sources.\n\nCVE-2010-4465\n Malicious applets can extend their privileges by abusing Swing\n timers.\n\nCVE-2010-4469\n The Hotspot just-in-time compiler miscompiles crafted byte\n sequences, resulting in heap corruption.\n\nCVE-2010-4470\n JAXP can be exploited by untrusted code to elevate privileges.\n\nCVE-2010-4471\n Java2D can be exploited by untrusted code to elevate privileges.\n\nCVE-2010-4472\n Untrusted code can replace the XML DSIG implementation.\n\nCVE-2011-0025\n Signatures on JAR files are not properly verified, which allows\n remote attackers to trick users into executing code that appears\n to come from a trusted source.\n\nCVE-2011-0706\n The JNLPClassLoader class allows remote attackers to gain\n privileges via unknown vectors related to multiple signers and the\n assignment of &quot;an inappropriate security descriptor\n\nIn addition, this security update contains stability fixes, such as\nswitching to the recommended Hotspot version (hs14) for this\nparticular version of OpenJDK.\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 6b18-1.8.7-2~lenny1.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 6b18-1.8.7-2~squeeze1.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.8.7-1.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2011-04-20T20:20:06", "published": "2011-04-20T20:20:06", "id": "DEBIAN:DSA-2224-1:ECD2A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00093.html", "title": "[SECURITY] [DSA 2224-1] openjdk-6 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706"], "description": "The OpenJDK runtime environment. ", "modified": "2011-02-16T19:20:33", "published": "2011-02-16T19:20:33", "id": "FEDORA:CA1BF110F53", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706"], "description": "The OpenJDK runtime environment. ", "modified": "2011-02-16T19:17:23", "published": "2011-02-16T19:17:23", "id": "FEDORA:35FB5110DCD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706", "CVE-2011-0815", "CVE-2011-0822", "CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0870", "CVE-2011-0871", "CVE-2011-0872"], "description": "The OpenJDK runtime environment. ", "modified": "2011-06-15T05:33:46", "published": "2011-06-15T05:33:46", "id": "FEDORA:3C16110F9D3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-51.1.8.8.fc13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706", "CVE-2011-0815", "CVE-2011-0822", "CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0870", "CVE-2011-0871", "CVE-2011-0872"], "description": "The OpenJDK runtime environment. ", "modified": "2011-06-11T04:18:13", "published": "2011-06-11T04:18:13", "id": "FEDORA:5BB2B10F988", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706", "CVE-2011-0815", "CVE-2011-0822", "CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0870", "CVE-2011-0871", "CVE-2011-0872", "CVE-2011-2513"], "description": "The OpenJDK runtime environment. ", "modified": "2011-08-02T01:56:23", "published": "2011-08-02T01:56:23", "id": "FEDORA:2EE9C110E14", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-54.1.9.9.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476", "CVE-2011-0025"], "description": "The OpenJDK runtime environment. ", "modified": "2011-02-13T08:49:15", "published": "2011-02-13T08:49:15", "id": "FEDORA:6D46710F95E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-50.1.8.6.fc13", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476", "CVE-2011-0025"], "description": "The OpenJDK runtime environment. ", "modified": "2011-02-13T08:50:21", "published": "2011-02-13T08:50:21", "id": "FEDORA:C903D110A27", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-52.1.9.6.fc14", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706", "CVE-2011-0815", "CVE-2011-0822", "CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0870", "CVE-2011-0871", "CVE-2011-0872", "CVE-2011-2513", "CVE-2011-3389", "CVE-2011-3521", "CVE-2011-3544", "CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3551", "CVE-2011-3552", "CVE-2011-3554", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3558", "CVE-2011-3560"], "description": "The OpenJDK runtime environment. ", "modified": "2011-10-20T09:53:34", "published": "2011-10-20T09:53:34", "id": "FEDORA:5DDA721219", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-55.1.9.10.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:29:06", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "description": "It was discovered that untrusted Java applets could create domain \nname resolution cache entries, allowing an attacker to manipulate \nname resolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly \nsetup the LD_LIBRARY_PATH environment variable. A local attacker \ncould exploit this to execute arbitrary code as the user invoking \nthe program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events \ncould allow bypass of SecurityManager checks. This could allow an \nattacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory \nmanagement within the HotSpot JVM. This could allow an attacker to \ncause a denial of service through an application crash or possibly \ninject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled \nallowed them to be manipulated by untrusted applets. An attacker \ncould use this to bypass XML processing restrictions and elevate \nprivileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken \nCFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature \ncomponent could allow an attacker to cause untrusted code to \nreplace the XML Digital Signature Transform or C14N algorithm \nimplementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double literals \nwere improperly handled, allowing a remote attacker to cause a denial \nof service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling multiple \nsignatures allowed remote attackers to gain privileges due to the \nassignment of an inappropriate security descriptor. (CVE-2011-0706)", "edition": 5, "modified": "2011-03-01T00:00:00", "published": "2011-03-01T00:00:00", "id": "USN-1079-1", "href": "https://ubuntu.com/security/notices/USN-1079-1", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:21:16", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "description": "USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM) \narchitectures. This update provides the corresponding updates for \nOpenJDK 6 for use with the armel (ARM) architectures.\n\nIn order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04 \nLTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu \n10.04 LTS updates.\n\nOriginal advisory details:\n\nIt was discovered that untrusted Java applets could create domain \nname resolution cache entries, allowing an attacker to manipulate \nname resolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly \nsetup the LD_LIBRARY_PATH environment variable. A local attacker \ncould exploit this to execute arbitrary code as the user invoking \nthe program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events \ncould allow bypass of SecurityManager checks. This could allow an \nattacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory \nmanagement within the HotSpot JVM. This could allow an attacker to \ncause a denial of service through an application crash or possibly \ninject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled \nallowed them to be manipulated by untrusted applets. An attacker \ncould use this to bypass XML processing restrictions and elevate \nprivileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken \nCFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature \ncomponent could allow an attacker to cause untrusted code to \nreplace the XML Digital Signature Transform or C14N algorithm \nimplementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double literals \nwere improperly handled, allowing a remote attacker to cause a denial \nof service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling multiple \nsignatures allowed remote attackers to gain privileges due to the \nassignment of an inappropriate security descriptor. (CVE-2011-0706)", "edition": 5, "modified": "2011-03-15T00:00:00", "published": "2011-03-15T00:00:00", "id": "USN-1079-2", "href": "https://ubuntu.com/security/notices/USN-1079-2", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T01:41:44", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "description": "USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM) \narchitectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes \nvulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu \n10.10.\n\nOriginal advisory details:\n\nIt was discovered that untrusted Java applets could create domain \nname resolution cache entries, allowing an attacker to manipulate \nname resolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly \nsetup the LD_LIBRARY_PATH environment variable. A local attacker \ncould exploit this to execute arbitrary code as the user invoking \nthe program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events \ncould allow bypass of SecurityManager checks. This could allow an \nattacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory \nmanagement within the HotSpot JVM. This could allow an attacker to \ncause a denial of service through an application crash or possibly \ninject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled \nallowed them to be manipulated by untrusted applets. An attacker \ncould use this to bypass XML processing restrictions and elevate \nprivileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken \nCFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature \ncomponent could allow an attacker to cause untrusted code to \nreplace the XML Digital Signature Transform or C14N algorithm \nimplementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double literals \nwere improperly handled, allowing a remote attacker to cause a denial \nof service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling multiple \nsignatures allowed remote attackers to gain privileges due to the \nassignment of an inappropriate security descriptor. (CVE-2011-0706)", "edition": 5, "modified": "2011-03-17T00:00:00", "published": "2011-03-17T00:00:00", "id": "USN-1079-3", "href": "https://ubuntu.com/security/notices/USN-1079-3", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:31:43", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0025", "CVE-2010-4351"], "description": "It was discovered that IcedTea for Java did not properly verify \nsignatures when handling multiply signed or partially signed JAR files, \nallowing an attacker to cause code to execute that appeared to come \nfrom a verified source. (CVE-2011-0025)\n\nUSN 1052-1 fixed a vulnerability in OpenJDK for Ubuntu 9.10 and Ubuntu \n10.04 LTS on all architectures, and Ubuntu 10.10 for all architectures \nexcept for the armel (ARM) architecture. This update provides the \ncorresponding update for Ubuntu 10.10 on the armel (ARM) architecture.\n\nOriginal advisory details:\n\nIt was discovered that the JNLP SecurityManager in IcedTea for Java \nOpenJDK in some instances failed to properly apply the intended \nscurity policy in its checkPermission method. This could allow \nan attacker to execute code with privileges that should have been \nprevented. (CVE-2010-4351)", "edition": 5, "modified": "2011-02-01T00:00:00", "published": "2011-02-01T00:00:00", "id": "USN-1055-1", "href": "https://ubuntu.com/security/notices/USN-1055-1", "title": "OpenJDK vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:26:42", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "description": "**CentOS Errata and Security Advisory** CESA-2011:0281\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be used to\nbypass SecurityManager checks, allowing access to otherwise blocked files\nand directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual Machine\n(JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing) components\nwere handled, allowing them to be manipulated by untrusted applets. This\ncould be used to elevate privileges and bypass secure XML processing\nrestrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache entries in\nthe name resolution cache. This could allow an attacker targeted\nmanipulation over name resolution until the OpenJDK VM is restarted.\n(CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check the\nLD_LIBRARY_PATH environment variable for insecure empty path elements. A\nlocal attacker able to trick a user into running the Java launcher while\nworking from an attacker-writable directory could use this flaw to load an\nuntrusted library, subverting the Java security model. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime Environment\n(JRE) XML Digital Signature Transform or C14N algorithm implementations to\nintercept digital signature operations. (CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK by\ncalling the \"appletviewer\" application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029351.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029352.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0281.html", "edition": 3, "modified": "2011-04-14T14:33:37", "published": "2011-04-14T14:33:37", "href": "http://lists.centos.org/pipermail/centos-announce/2011-April/029351.html", "id": "CESA-2011:0281", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4472"], "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be used to\nbypass SecurityManager checks, allowing access to otherwise blocked files\nand directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual Machine\n(JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing) components\nwere handled, allowing them to be manipulated by untrusted applets. This\ncould be used to elevate privileges and bypass secure XML processing\nrestrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache entries in\nthe name resolution cache. This could allow an attacker targeted\nmanipulation over name resolution until the OpenJDK VM is restarted.\n(CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check the\nLD_LIBRARY_PATH environment variable for insecure empty path elements. A\nlocal attacker able to trick a user into running the Java launcher while\nworking from an attacker-writable directory could use this flaw to load an\nuntrusted library, subverting the Java security model. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime Environment\n(JRE) XML Digital Signature Transform or C14N algorithm implementations to\nintercept digital signature operations. (CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK by\ncalling the \"appletviewer\" application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:25", "published": "2011-02-17T05:00:00", "id": "RHSA-2011:0281", "href": "https://access.redhat.com/errata/RHSA-2011:0281", "type": "redhat", "title": "(RHSA-2011:0281) Important: java-1.6.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:31", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4422", "CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4451", "CVE-2010-4452", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4463", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4467", "CVE-2010-4468", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4473", "CVE-2010-4475", "CVE-2010-4476"], "description": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. Further\ninformation about these flaws can be found on the \"Oracle Java SE and Java\nfor Business Critical Patch Update Advisory\" page, listed in the References\nsection. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450,\nCVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463,\nCVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469,\nCVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475,\nCVE-2010-4476)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of Sun Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:34", "published": "2011-02-17T05:00:00", "id": "RHSA-2011:0282", "href": "https://access.redhat.com/errata/RHSA-2011:0282", "type": "redhat", "title": "(RHSA-2011:0282) Critical: java-1.6.0-sun security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:44", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "description": "[1.6.0.0-1.39.b17]\n- respin of IcedTea6 1.7.10\n- Resolves: rhbz#676276\n[1.6.0.0-1.37.b17]\n- Updated to IcedTea6 1.7.10\n- Resolves: rhbz#676276", "edition": 4, "modified": "2011-02-17T00:00:00", "published": "2011-02-17T00:00:00", "id": "ELSA-2011-0281", "href": "http://linux.oracle.com/errata/ELSA-2011-0281.html", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T19:34:44", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and \"backward jsrs.\"", "edition": 5, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4469", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4469"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:sdk:1.4.2_27", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_28", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_26", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2010-4469", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4469", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.", "edition": 5, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4471", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4471"], "modified": "2017-12-22T02:29:00", "cpe": ["cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0"], "id": "CVE-2010-4471", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4471", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the \"XML DSig Transform or C14N algorithm implementations.\"", "edition": 5, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4472", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4472"], "modified": "2017-12-22T02:29:00", "cpe": ["cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.6.0"], "id": "CVE-2010-4472", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4472", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.", "edition": 5, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4450", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4450"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:sdk:1.4.2_27", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_28", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_26", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2010-4450", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4450", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.", "edition": 5, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4476", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4476"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:sdk:1.4.2_27", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_28", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_26", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2010-4476", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4476", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves \"DNS cache poisoning by untrusted applets.\"", "edition": 5, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4448", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4448"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:sdk:1.4.2_27", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_28", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_26", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2010-4448", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4448", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:57:31", "description": "The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.", "edition": 3, "cvss3": {}, "published": "2011-01-20T19:00:00", "title": "CVE-2010-4351", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4351"], "modified": "2017-08-17T01:33:00", "cpe": ["cpe:/a:redhat:icedtea:1.7.1", "cpe:/a:redhat:icedtea:1.9.3", "cpe:/a:redhat:icedtea:1.7.4", "cpe:/a:redhat:icedtea:1.7.3", "cpe:/a:redhat:icedtea:1.9.1", "cpe:/a:redhat:icedtea:1.8.2", "cpe:/a:redhat:icedtea:1.8", "cpe:/a:redhat:icedtea:1.7.5", "cpe:/a:redhat:icedtea:1.8.3", "cpe:/a:redhat:icedtea:1.7.2", "cpe:/a:redhat:icedtea:1.9", "cpe:/a:redhat:icedtea:1.8.1", "cpe:/a:redhat:icedtea:1.7", "cpe:/a:redhat:icedtea:1.7.6", "cpe:/a:redhat:icedtea:1.9.2"], "id": "CVE-2010-4351", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4351", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:redhat:icedtea:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.9.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or \"clipboard access in Applets.\"", "edition": 5, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4465", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4465"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:sdk:1.4.2_27", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_28", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_26", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2010-4465", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4465", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:39:24", "description": "The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\"", "edition": 3, "cvss3": {}, "published": "2011-02-19T01:00:00", "title": "CVE-2011-0706", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0706"], "modified": "2017-09-19T01:32:00", "cpe": ["cpe:/a:redhat:icedtea-web:1.0", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:redhat:icedtea-web:1.0.1"], "id": "CVE-2011-0706", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0706", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:redhat:icedtea-web:1.0.1:pre:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0:pre:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:39:22", "description": "IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are \"partially signed\" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.", "edition": 3, "cvss3": {}, "published": "2011-02-04T20:00:00", "title": "CVE-2011-0025", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0025"], "modified": "2017-08-17T01:33:00", "cpe": ["cpe:/a:redhat:icedtea:1.7.1", "cpe:/a:redhat:icedtea:1.8.4", "cpe:/a:redhat:icedtea:1.9.3", "cpe:/a:redhat:icedtea:1.7.4", "cpe:/a:redhat:icedtea:1.7.3", "cpe:/a:redhat:icedtea:1.9.1", "cpe:/a:redhat:icedtea:1.8.2", "cpe:/a:redhat:icedtea:1.8", "cpe:/a:redhat:icedtea:1.7.5", "cpe:/a:redhat:icedtea:1.7.7", "cpe:/a:redhat:icedtea:1.8.3", "cpe:/a:redhat:icedtea:1.9.4", "cpe:/a:redhat:icedtea:1.7.2", "cpe:/a:redhat:icedtea:1.9", "cpe:/a:redhat:icedtea:1.8.1", "cpe:/a:redhat:icedtea:1.7", "cpe:/a:redhat:icedtea:1.7.6", "cpe:/a:redhat:icedtea:1.9.2"], "id": "CVE-2011-0025", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0025", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:redhat:icedtea:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea:1.9.1:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2017-06-08T00:16:13", "bulletinFamily": "software", "cvelist": ["CVE-2010-4476"], "edition": 1, "description": "", "modified": "2017-03-14T00:49:00", "published": "2011-05-09T21:09:00", "href": "https://support.f5.com/csp/article/K12826", "id": "F5:K12826", "title": "Java Runtime Environment (JRE) vulnerability: CVE-2010-4476", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:27", "bulletinFamily": "software", "cvelist": ["CVE-2010-4476"], "edition": 1, "description": "* These F5 product versions use the affected Java function to manage traffic in the Configuration utility. However, the system filters the input value to the function so the value falls within an expected range before the system passes data to the function. These expected ranges of data do not include data that can trigger this JRE vulnerability, so the system can safely use this function, and these F5 product versions are not vulnerable.\n\nA JRE vulnerability could allow a remote attacker to cause a denial-of-service (DoS) by using a crafted string that triggers an infinite loop.\n\nNone of the F5 product versions listed in this article, including those marked with an asterisk (*), use Java for production traffic packet processing and, therefore, are not vulnerable to this issue for production traffic.\n\n**Information about this advisory is available at the following location:**\n\n[Common Vulnerabilities and Exposures (CVE-2010-4476)](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476>)\n\n**Note**: This link takes you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.\n", "modified": "2016-07-25T00:00:00", "published": "2011-05-09T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/12000/800/sol12826.html", "id": "SOL12826", "title": "SOL12826 - Java Runtime Environment (JRE) vulnerability: CVE-2010-4476", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:40", "bulletinFamily": "software", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2011-0706", "CVE-2010-4467", "CVE-2010-4466"], "description": "Over 20 of different vulnerabilities.", "edition": 1, "modified": "2011-02-17T00:00:00", "published": "2011-02-17T00:00:00", "id": "SECURITYVULNS:VULN:11443", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11443", "title": "Oracle Java multiple security vulnerabilities / OpenJDK", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:40", "bulletinFamily": "software", "cvelist": ["CVE-2011-0025", "CVE-2010-4351"], "description": "Protection bypass in JNLP SecurityManage, JAR files digital signature spoofing.", "edition": 1, "modified": "2011-02-02T00:00:00", "published": "2011-02-02T00:00:00", "id": "SECURITYVULNS:VULN:11393", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11393", "title": "IcedTea for Java OpenJDK protection bypass", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:38", "bulletinFamily": "software", "cvelist": ["CVE-2011-0025", "CVE-2010-4351"], "description": "===========================================================\r\nUbuntu Security Notice USN-1055-1 February 01, 2011\r\nopenjdk-6, openjdk-6b18 vulnerabilities\r\nCVE-2010-4351, CVE-2011-0025\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\nUbuntu 10.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 9.10:\r\n icedtea6-plugin 6b20-1.9.5-0ubuntu1~9.10.1\r\n\r\nUbuntu 10.04 LTS:\r\n icedtea6-plugin 6b20-1.9.5-0ubuntu1~10.04.1\r\n\r\nUbuntu 10.10:\r\n icedtea6-plugin 6b20-1.9.5-0ubuntu1\r\n\r\nAfter a standard system update you need to restart any Java services,\r\napplications or applets to make all the necessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that IcedTea for Java did not properly verify\r\nsignatures when handling multiply signed or partially signed JAR files,\r\nallowing an attacker to cause code to execute that appeared to come\r\nfrom a verified source. &#40;CVE-2011-0025&#41;\r\n\r\nUSN 1052-1 fixed a vulnerability in OpenJDK for Ubuntu 9.10 and Ubuntu\r\n10.04 LTS on all architectures, and Ubuntu 10.10 for all architectures\r\nexcept for the armel &#40;ARM&#41; architecture. This update provides the\r\ncorresponding update for Ubuntu 10.10 on the armel &#40;ARM&#41; architecture.\r\n\r\nOriginal advisory details:\r\n\r\n It was discovered that the JNLP SecurityManager in IcedTea for Java\r\n OpenJDK in some instances failed to properly apply the intended\r\n scurity policy in its checkPermission method. This could allow\r\n an attacker to execute code with privileges that should have been\r\n prevented. &#40;CVE-2010-4351&#41;\r\n\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.5-0ubuntu1~9.10.1.diff.gz\r\n Size/MD5: 130663 07167b8caf223fe920ac0c361e42344c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.5-0ubuntu1~9.10.1.dsc\r\n Size/MD5: 3018 d3cc6e1842be3094f39ef33e7de3f353\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.5.orig.tar.gz\r\n Size/MD5: 73242981 a46692c197b9d63625a0593f0f5261a1\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.5-0ubuntu1~9.10.1.diff.gz\r\n Size/MD5: 131802 6e88eb789ee0d06c18b07194af10bb93\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.5-0ubuntu1~9.10.1.dsc\r\n Size/MD5: 2997 595fc33270e578ea4b81d23e557c53ec\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.5.orig.tar.gz\r\n Size/MD5: 71411043 bd54d036357114075c6d4cfb162cb3ad\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b20-1.9.5-0ubuntu1~9.10.1_all.deb\r\n Size/MD5: 20569646 0263c3295e00ffd691559e93a926b89c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b20-1.9.5-0ubuntu1~9.10.1_all.deb\r\n Size/MD5: 6211712 8cf32f132d7249d3b8c293502eb64bac\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b20-1.9.5-0ubuntu1~9.10.1_all.deb\r\n Size/MD5: 26919048 66c7073fd00bdace7d5f515d875fbcbb\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.5-0ubuntu1~9.10.1_amd64.deb\r\n Size/MD5: 436014 2034a505f2c4e922b445256bd5f80f49\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.5-0ubuntu1~9.10.1_amd64.deb\r\n Size/MD5: 83640 3683906aaf32d462fa577675c441acac\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.5-0ubuntu1~9.10.1_amd64.deb\r\n Size/MD5: 119563714 4660ba7c5fb8aac316377c576459a638\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.5-0ubuntu1~9.10.1_amd64.deb\r\n Size/MD5: 2385194 0ea219022e6aea6c1159897d9e34088f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.5-0ubuntu1~9.10.1_amd64.deb\r\n Size/MD5: 11087968 357e95538a652ff16a499bdef84ffba5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.5-0ubuntu1~9.10.1_amd64.deb\r\n Size/MD5: 25600282 746ff952e9c2f2bc4f0f64b07014f409\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.5-0ubuntu1~9.10.1_amd64.deb\r\n Size/MD5: 270666 68ac2c4181b549c79eedca8794650509\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.5-0ubuntu1~9.10.1_amd64.deb\r\n Size/MD5: 5569254 c0077d670243fea709d4f199dda088ca\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.5-0ubuntu1~9.10.1_i386.deb\r\n Size/MD5: 418096 c0141822eb47c8c6e06f9af23feef5c5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.5-0ubuntu1~9.10.1_i386.deb\r\n Size/MD5: 79234 8fe9ef03b9f35e52de8eb511f4e8b351\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.5-0ubuntu1~9.10.1_i386.deb\r\n Size/MD5: 172937158 2bff76e2c638d5e901c81d11d4a2f742\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.5-0ubuntu1~9.10.1_i386.deb\r\n Size/MD5: 2359054 84866ae7005e7bf7690365e2e6a97f6d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.5-0ubuntu1~9.10.1_i386.deb\r\n Size/MD5: 11078062 831332cccf805cded7f87fef3acffd62\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.5-0ubuntu1~9.10.1_i386.deb\r\n Size/MD5: 27416614 585c7631a061b70308275dccc6f88beb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.5-0ubuntu1~9.10.1_i386.deb\r\n Size/MD5: 255898 1f8861dddfa2a12615d430f555ff6a2a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.5-0ubuntu1~9.10.1_i386.deb\r\n Size/MD5: 5065908 d2d4f9e1f3eb25b041a5d8d20f2bafdc\r\n\r\n armel architecture &#40;ARM Architecture&#41;:\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.5-0ubuntu1~9.10.1_armel.deb\r\n Size/MD5: 370544 7ac9b2f6654f8ed4c22af43d3cb1f196\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.5-0ubuntu1~9.10.1_armel.deb\r\n Size/MD5: 75722 4ec1c942786d2320978ee4ba9b5ce39b\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.5-0ubuntu1~9.10.1_armel.deb\r\n Size/MD5: 84865932 a7427134161ba5f5a67b1cc5207cdef2\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.5-0ubuntu1~9.10.1_armel.deb\r\n Size/MD5: 1543030 2793d682bc50d814bb2cfae0536fb658\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.5-0ubuntu1~9.10.1_armel.deb\r\n Size/MD5: 9111184 2f44a1d000994c887864a2226fa9ab03\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.5-0ubuntu1~9.10.1_armel.deb\r\n Size/MD5: 29699956 0b3e36d03c7274de90d85df81eea4642\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.5-0ubuntu1~9.10.1_armel.deb\r\n Size/MD5: 255472 8604ce64204f8b093045e8fa0ddaf429\r\n \r\nhttp://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.5-0ubuntu1~9.10.1_armel.deb\r\n Size/MD5: 4829218 d29ac1eb4ae4f61e24d21d6b3e774f2c\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.5-0ubuntu1~9.10.1_lpia.deb\r\n Size/MD5: 421918 60b982dbad33961f268850d3a1570121\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.5-0ubuntu1~9.10.1_lpia.deb\r\n Size/MD5: 81886 582799620b965b23b98782aa6b817784\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.5-0ubuntu1~9.10.1_lpia.deb\r\n Size/MD5: 173092778 eeb9c9a0975fff57e79af148959ef951\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.5-0ubuntu1~9.10.1_lpia.deb\r\n Size/MD5: 2348226 abac188c5fdd7b16e59021795328e388\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.5-0ubuntu1~9.10.1_lpia.deb\r\n Size/MD5: 10854010 d46469e4a0b30b664e7d76aed8d2a2d4\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.5-0ubuntu1~9.10.1_lpia.deb\r\n Size/MD5: 27472744 7cac2be8f882e3f8972d2ae8de4346c4\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.5-0ubuntu1~9.10.1_lpia.deb\r\n Size/MD5: 251924 46789f33a116717c035e0494d9123746\r\n \r\nhttp://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.5-0ubuntu1~9.10.1_lpia.deb\r\n Size/MD5: 5056662 e9cab7f8ff4f8557ec354fcfe064cbf9\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.5-0ubuntu1~9.10.1_powerpc.deb\r\n Size/MD5: 447846 57f7bde6423b881f5c9b6b854805068e\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.5-0ubuntu1~9.10.1_powerpc.deb\r\n Size/MD5: 82936 fd89da745cf94b5f621d381cf3ac62ae\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.5-0ubuntu1~9.10.1_powerpc.deb\r\n Size/MD5: 103589468 4535c791fb31dcb30860d2fa8b930d7d\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.5-0ubuntu1~9.10.1_powerpc.deb\r\n Size/MD5: 2365432 332cb4807360bce84a081f7c30ba7e34\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.5-0ubuntu1~9.10.1_powerpc.deb\r\n Size/MD5: 8794604 999261245213227cf9a0e7a67805eb08\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.5-0ubuntu1~9.10.1_powerpc.deb\r\n Size/MD5: 23939918 8052f0eaba58e09a0322214bd6843799\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.5-0ubuntu1~9.10.1_powerpc.deb\r\n Size/MD5: 275120 4f501d44f7670786c6198e7e5e260e8d\r\n \r\nhttp://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.5-0ubuntu1~9.10.1_powerpc.deb\r\n Size/MD5: 4885644 dda65b396c0ba1c9359eca7eba34c6a7\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.5-0ubuntu1~9.10.1_sparc.deb\r\n Size/MD5: 79624 84e39fa6449346c08a18a2e00e8c7b55\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.5-0ubuntu1~9.10.1_sparc.deb\r\n Size/MD5: 119175958 f0a49dced0b3f12587cddf06b67f31b4\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.5-0ubuntu1~9.10.1_sparc.deb\r\n Size/MD5: 2364788 5f5d845ba1fe16e729df1625d424a396\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.5-0ubuntu1~9.10.1_sparc.deb\r\n Size/MD5: 10833222 2c4adc800d965b1f309ac12204d4813f\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.5-0ubuntu1~9.10.1_sparc.deb\r\n Size/MD5: 27295668 c28ce5653bee2fec182370c91f92ce43\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.5-0ubuntu1~9.10.1_sparc.deb\r\n Size/MD5: 256824 f7b5dc979cfc27d0f3f28340a6afdddb\r\n\r\nUpdated packages for Ubuntu 10.04 LTS:\r\n\r\n Source archives:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.5-0ubuntu1~10.04.1.diff.gz\r\n Size/MD5: 130653 4250574bc50a42af16707919a2c09791\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.5-0ubuntu1~10.04.1.dsc\r\n Size/MD5: 3077 40a56a96db71060b96816204590f877f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.5.orig.tar.gz\r\n Size/MD5: 73242981 a46692c197b9d63625a0593f0f5261a1\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.5-0ubuntu1~10.04.1.diff.gz\r\n Size/MD5: 131798 93e1c17619a492d6d98d4c93d088a9f3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.5-0ubuntu1~10.04.1.dsc\r\n Size/MD5: 3056 1df0b04c982b3bf22c1dbe70fe59ea32\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.5.orig.tar.gz\r\n Size/MD5: 71411043 bd54d036357114075c6d4cfb162cb3ad\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b20-1.9.5-0ubuntu1~10.04.1_all.deb\r\n Size/MD5: 19979664 2b95fe28f2136a5394648b619300824b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b20-1.9.5-0ubuntu1~10.04.1_all.deb\r\n Size/MD5: 6155850 ef8366a2a9a0867cd531e3dd5a7ef92a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b20-1.9.5-0ubuntu1~10.04.1_all.deb\r\n Size/MD5: 26858938 a90e2edef3fa37f49daa82fd92593c23\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.5-0ubuntu1~10.04.1_amd64.deb\r\n Size/MD5: 431074 3e50491a84259f5edaa622f9c05f7f8c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.5-0ubuntu1~10.04.1_amd64.deb\r\n Size/MD5: 84126 ce3e9b4cc3e6bb3964dfcfca6fa73fba\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.5-0ubuntu1~10.04.1_amd64.deb\r\n Size/MD5: 119261780 69383042a5bee649035dded1de7ae47c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.5-0ubuntu1~10.04.1_amd64.deb\r\n Size/MD5: 2364506 94bc6c9156e97a1036841ee1175a2814\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.5-0ubuntu1~10.04.1_amd64.deb\r\n Size/MD5: 10865770 52ff5af54da76d8abedfdac3e9f3a702\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.5-0ubuntu1~10.04.1_amd64.deb\r\n Size/MD5: 25622574 019c4cb665e4f44f0f2f6f822f54f6c4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.5-0ubuntu1~10.04.1_amd64.deb\r\n Size/MD5: 270644 d441fd3a49ab376cdd4758720456b6fb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.5-0ubuntu1~10.04.1_amd64.deb\r\n Size/MD5: 2241004 ecd39a0cac4615acdb3ed5f2c8047b87\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.5-0ubuntu1~10.04.1_i386.deb\r\n Size/MD5: 415050 c2bed7d245921db1e01c5dc256a8455c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.5-0ubuntu1~10.04.1_i386.deb\r\n Size/MD5: 79608 d6bd3a3e64a8315591d7ef9e8bed071a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.5-0ubuntu1~10.04.1_i386.deb\r\n Size/MD5: 172626028 56b1dbbc185b452ec4684c574f78b5a9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.5-0ubuntu1~10.04.1_i386.deb\r\n Size/MD5: 2351292 33026e2e70a4f60a7059dd97e8291526\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.5-0ubuntu1~10.04.1_i386.deb\r\n Size/MD5: 10861822 09d8359fb3120858cc8b253cb15fbfe9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.5-0ubuntu1~10.04.1_i386.deb\r\n Size/MD5: 27449440 3fb4c45554543b094e7d9c4022ca3723\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.5-0ubuntu1~10.04.1_i386.deb\r\n Size/MD5: 255880 a374fc32fab614cecafbbd9eba325e80\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.5-0ubuntu1~10.04.1_i386.deb\r\n Size/MD5: 1924642 a4ae4868248ece9b2189e4f959c26562\r\n\r\n armel architecture &#40;ARM Architecture&#41;:\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.5-0ubuntu1~10.04.1_armel.deb\r\n Size/MD5: 346348 eec80fa6f8d42acbe5c7e9cedd06a9dd\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.5-0ubuntu1~10.04.1_armel.deb\r\n Size/MD5: 73844 385da24b16e9eb32bf122b8c0c4490a0\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.5-0ubuntu1~10.04.1_armel.deb\r\n Size/MD5: 41164556 20315ff718c4716aec70c4aacc452155\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.5-0ubuntu1~10.04.1_armel.deb\r\n Size/MD5: 1528746 cada79c5cf6af17cea69a303f626bcd0\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.5-0ubuntu1~10.04.1_armel.deb\r\n Size/MD5: 9100456 c146812c22adeb933b95e90accbd8a84\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.5-0ubuntu1~10.04.1_armel.deb\r\n Size/MD5: 29493160 eccd808680771c0d9539037f0fee854f\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.5-0ubuntu1~10.04.1_armel.deb\r\n Size/MD5: 245326 35b9b8d4341e8b35fcf597366dd0dece\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.5-0ubuntu1~10.04.1_powerpc.deb\r\n Size/MD5: 445258 96272182cf8ee75a20db7a9b6856b7af\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.5-0ubuntu1~10.04.1_powerpc.deb\r\n Size/MD5: 83634 d8661c9bf1493ed6a9bd19ce2d15aa79\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.5-0ubuntu1~10.04.1_powerpc.deb\r\n Size/MD5: 103315722 a329acc7a98aa95b79fe1124010fb16e\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.5-0ubuntu1~10.04.1_powerpc.deb\r\n Size/MD5: 2365524 af78e46c00b46e02575a7125c79716b9\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.5-0ubuntu1~10.04.1_powerpc.deb\r\n Size/MD5: 8798846 79eccba98411a7a54cfac99215386a69\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.5-0ubuntu1~10.04.1_powerpc.deb\r\n Size/MD5: 23945544 77dea4b31222a9016bbf9e9d86bc33c4\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.5-0ubuntu1~10.04.1_powerpc.deb\r\n Size/MD5: 275052 803eac93ad819a9ae31b567dabe549c3\r\n \r\nhttp://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.5-0ubuntu1~10.04.1_powerpc.deb\r\n Size/MD5: 2052776 44d1860ca58421b5169bd0b4a8993a9d\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.5-0ubuntu1~10.04.1_sparc.deb\r\n Size/MD5: 77770 ead7daf2c17881f6b39e2c9a82e9367c\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.5-0ubuntu1~10.04.1_sparc.deb\r\n Size/MD5: 119149298 cf83e170d0f3b6e11cbf10132f2d050c\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.5-0ubuntu1~10.04.1_sparc.deb\r\n Size/MD5: 2365960 cc1c774bcd0e8f98a1d285770ae4c927\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.5-0ubuntu1~10.04.1_sparc.deb\r\n Size/MD5: 10888370 fa5aa1c149df190e0ebb97d9289f56ce\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.5-0ubuntu1~10.04.1_sparc.deb\r\n Size/MD5: 27222494 6e30b3ad57e76d67e936ad56a46d0a8d\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.5-0ubuntu1~10.04.1_sparc.deb\r\n Size/MD5: 257382 a79aab3812e968abe4c0824c1146173f\r\n\r\nUpdated packages for Ubuntu 10.10:\r\n\r\n Source archives:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.5-0ubuntu1.diff.gz\r\n Size/MD5: 133456 976146aaa409e498d5addf8a241f573d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.5-0ubuntu1.dsc\r\n Size/MD5: 3004 6d022956f9cea371fbf2d9765ca4f040\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.5.orig.tar.gz\r\n Size/MD5: 73242981 a46692c197b9d63625a0593f0f5261a1\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.5-0ubuntu1.diff.gz\r\n Size/MD5: 134008 8fbdae65e6e519e9a831778b074a9952\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.5-0ubuntu1.dsc\r\n Size/MD5: 2995 e131f7ebfa161d10f70a8b436a38f374\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.5.orig.tar.gz\r\n Size/MD5: 71411043 bd54d036357114075c6d4cfb162cb3ad\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b20-1.9.5-0ubuntu1_all.deb\r\n Size/MD5: 19977298 2ccad59d057cb4419dbebf48b4ff67fd\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b20-1.9.5-0ubuntu1_all.deb\r\n Size/MD5: 6155616 d716162e8cf6d5118ce1341e9c1e5be9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b20-1.9.5-0ubuntu1_all.deb\r\n Size/MD5: 26858902 732bc0cc09aec245d11621c640272bdb\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.5-0ubuntu1_amd64.deb\r\n Size/MD5: 433260 169a9df6ecc86117d3097bf138e14ce7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.5-0ubuntu1_amd64.deb\r\n Size/MD5: 83386 edb225c4df6678209cc7ee788bbf519f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.5-0ubuntu1_amd64.deb\r\n Size/MD5: 119321318 16318a9a971f46bdebc31ba39820ee50\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.5-0ubuntu1_amd64.deb\r\n Size/MD5: 2380136 5e0ee63978bf2c820713c464124ff604\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.5-0ubuntu1_amd64.deb\r\n Size/MD5: 11085698 c1a5a9cbe650581246308df73a7da6f7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.5-0ubuntu1_amd64.deb\r\n Size/MD5: 25605350 9b9925e2a9aa812a9a874c02d541fa2e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.5-0ubuntu1_amd64.deb\r\n Size/MD5: 266966 a40154ae4665ba835052633157172cfb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.5-0ubuntu1_amd64.deb\r\n Size/MD5: 2242486 387b2e80b57e70220cb210a0512654d6\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.5-0ubuntu1_i386.deb\r\n Size/MD5: 416138 97dde39884b356a51137bf7c687c0ffe\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.5-0ubuntu1_i386.deb\r\n Size/MD5: 78706 d2e6ac9590739d9ad1e9e5b057deaf6e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.5-0ubuntu1_i386.deb\r\n Size/MD5: 172665522 b8821c7db8364dab48f5f265bcd4ba8b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.5-0ubuntu1_i386.deb\r\n Size/MD5: 2348308 40e5394c73299ff41564b9cbbae8f0f7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.5-0ubuntu1_i386.deb\r\n Size/MD5: 10856962 2cf7749b00e3c43a7ece05bc538c100a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.5-0ubuntu1_i386.deb\r\n Size/MD5: 27433792 b8ac656156b0a95f7276114697dd5c31\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.5-0ubuntu1_i386.deb\r\n Size/MD5: 251308 f93c8309886bf4f7d2976046db3feb6b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.5-0ubuntu1_i386.deb\r\n Size/MD5: 1922642 92f1697157a2a972cdc1a8b52e13bf59\r\n\r\n armel architecture &#40;ARM Architecture&#41;:\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.5-0ubuntu1_armel.deb\r\n Size/MD5: 376854 c33095d01084b54d2640d8151fa613c5\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.5-0ubuntu1_armel.deb\r\n Size/MD5: 78308 97134fdfee5d81dc060703bb39b1fb91\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.5-0ubuntu1_armel.deb\r\n Size/MD5: 85427758 d9390442c09f18cb8cdcaff08590540a\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.5-0ubuntu1_armel.deb\r\n Size/MD5: 1544594 fdecd521952176cca16e79fe22230f46\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.5-0ubuntu1_armel.deb\r\n Size/MD5: 9129948 3e6dfdc2c08d922aec22a4763efed391\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.5-0ubuntu1_armel.deb\r\n Size/MD5: 30066646 138f631ff444aa1480e41e7a89f1086d\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.5-0ubuntu1_armel.deb\r\n Size/MD5: 266356 2dbbb74cd81c3480f3d2c3efda8938ee\r\n \r\nhttp://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.5-0ubuntu1_armel.deb\r\n Size/MD5: 1937244 d3528603fb40a730ea9a662c088e15ee\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.5-0ubuntu1_powerpc.deb\r\n Size/MD5: 444520 04f8e4b8b91f55f2ef9883194769f42e\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.5-0ubuntu1_powerpc.deb\r\n Size/MD5: 82774 34dae3adc1d09655e3deb9da1dbcd50c\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.5-0ubuntu1_powerpc.deb\r\n Size/MD5: 103361572 ada4b0b7a9abbbbf29fe9caa2c47bc8d\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.5-0ubuntu1_powerpc.deb\r\n Size/MD5: 2363378 3a7b763b526db96cad9eb48e9fcfaddf\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.5-0ubuntu1_powerpc.deb\r\n Size/MD5: 8792836 b36a1676f0e3da23b8ca9d3a3be8bbe4\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.5-0ubuntu1_powerpc.deb\r\n Size/MD5: 23929684 f7a6bf07a9058158ade47e820fdd3ca5\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.5-0ubuntu1_powerpc.deb\r\n Size/MD5: 270452 a9914789c79be1910b64109109fb3ef7\r\n \r\nhttp://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.5-0ubuntu1_powerpc.deb\r\n Size/MD5: 2052602 bb5f0f52c1d3906fae956725fb1f1cc4\r\n", "edition": 1, "modified": "2011-02-02T00:00:00", "published": "2011-02-02T00:00:00", "id": "SECURITYVULNS:DOC:25592", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25592", "title": "[USN-1055-1] OpenJDK vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:41:42", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2010-4467", "CVE-2010-4466"], "description": "Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-02-22T14:41:11", "published": "2011-02-22T14:41:11", "id": "SUSE-SA:2011:010", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00005.html", "title": "remote code execution in java-1_6_0-sun", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}