Ubuntu Update for openjdk-6 USN-2191-1

2014-05-05T00:00:00

Description

Check for the Version of openjdk-6

{"id": "OPENVAS:841796", "type": "openvas", "bulletinFamily": "scanner", "title": "Ubuntu Update for openjdk-6 USN-2191-1", "description": "Check for the Version of openjdk-6", "published": "2014-05-05T00:00:00", "modified": "2017-12-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=841796", "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "references": ["2191-1", "http://www.ubuntu.com/usn/usn-2191-1/"], "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0462", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-2405", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414"], "lastseen": "2017-12-04T11:17:04", "viewCount": 2, "enchantments": {"score": {"value": 8.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "aix", "idList": ["JAVA_APR2014_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2014-326", "ALAS-2014-327"]}, {"type": "centos", "idList": ["CESA-2014:0406", "CESA-2014:0407", "CESA-2014:0408"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1514", "CPAI-2014-1651", "CPAI-2014-1697"]}, {"type": "cve", "idList": ["CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-0462", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2403", "CVE-2014-2405", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2912-1:45039", "DEBIAN:DSA-2923-1:294D2"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-0459"]}, {"type": "f5", "idList": ["F5:K15313", "F5:K15315", "SOL15313", "SOL15315"]}, {"type": "gentoo", "idList": ["GLSA-201406-32", "GLSA-201412-46", "GLSA-201502-12"]}, {"type": "ibm", "idList": ["14A4DBFF7848D6F616B311EFF6A45FB798F1EFB4CAE8AF660F608507022BE82F", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "3FAD15020FF819DC9DAA69636CE85B02A052EB8B736186B28AD62C395DFE49B1", "44F187F05C892898B777005FF5C7F77F37A793DA9DF4D8698EE98F082ED2F4EF", "5D0CC6456D2278646647F1A4FEFECEB673F2B5D1F99FBBC5755735CEF5AA6268", "65C31E6929CA1BEA63D84DCB5E9B3FCB79839C2532F4100275ED593717CB48C0", "6CA8FBEF6881F95B35AEC18883592CFDD73B95C207E48F5F4E4D21582F66CFAA", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "BF015CFBF642FCA687A86A4567322CCD9A91990080918C0D2054CAA919FCEA4A", "C78F41FC95BFEC69FC0C51F5B2786A149C9BA83C4E3813B26A97DB849CB8C5BF", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D8DA116B2D4493562BEA31A018D27CE43F1BE426379E1BC96AE3D277712CF0E4", "F042C154A33D0D393D081D91E4DC1096D32EE22AAF1251371340C8876597E965"]}, {"type": "kaspersky", "idList": ["KLA10001"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2014-0452/", "MSF:ILITIES/CENTOS_LINUX-CVE-2014-0458/", "MSF:ILITIES/CENTOS_LINUX-CVE-2014-2423/", "MSF:ILITIES/GENTOO-LINUX-CVE-2014-0452/", "MSF:ILITIES/GENTOO-LINUX-CVE-2014-0458/", "MSF:ILITIES/GENTOO-LINUX-CVE-2014-2423/", "MSF:ILITIES/IBM-AIX-CVE-2014-0429/", "MSF:ILITIES/IBM-AIX-CVE-2014-0446/", "MSF:ILITIES/IBM-AIX-CVE-2014-0451/", "MSF:ILITIES/IBM-AIX-CVE-2014-0452/", "MSF:ILITIES/IBM-AIX-CVE-2014-0453/", "MSF:ILITIES/IBM-AIX-CVE-2014-0457/", "MSF:ILITIES/IBM-AIX-CVE-2014-0458/", "MSF:ILITIES/IBM-AIX-CVE-2014-0459/", "MSF:ILITIES/IBM-AIX-CVE-2014-0460/", "MSF:ILITIES/IBM-AIX-CVE-2014-2398/", "MSF:ILITIES/IBM-AIX-CVE-2014-2412/", "MSF:ILITIES/IBM-AIX-CVE-2014-2414/", "MSF:ILITIES/IBM-AIX-CVE-2014-2421/", "MSF:ILITIES/IBM-AIX-CVE-2014-2423/", "MSF:ILITIES/IBM-AIX-CVE-2014-2427/", "MSF:ILITIES/JRE-VULN-CVE-2014-0452/", "MSF:ILITIES/JRE-VULN-CVE-2014-0458/", "MSF:ILITIES/LINUXRPM-RHSA-2014-0407/", "MSF:ILITIES/LINUXRPM-RHSA-2014-0412/", "MSF:ILITIES/LINUXRPM-RHSA-2014-0413/", "MSF:ILITIES/LINUXRPM-RHSA-2014-0414/", "MSF:ILITIES/LINUXRPM-RHSA-2014-0486/", "MSF:ILITIES/LINUXRPM-RHSA-2014-0508/", "MSF:ILITIES/LINUXRPM-RHSA-2014-0675/", "MSF:ILITIES/LINUXRPM-RHSA-2014-0685/", "MSF:ILITIES/LINUXRPM-RHSA-2014-0982/", "MSF:ILITIES/SUSE-CVE-2014-2423/"]}, {"type": "nessus", "idList": ["9699.PRM", "AIX_JAVA_APR2014_ADVISORY.NASL", "ALA_ALAS-2014-326.NASL", "ALA_ALAS-2014-327.NASL", "CENTOS_RHSA-2014-0406.NASL", "CENTOS_RHSA-2014-0407.NASL", "CENTOS_RHSA-2014-0408.NASL", "DEBIAN_DSA-2912.NASL", "DEBIAN_DSA-2923.NASL", "DOMINO_9_0_1_FP2.NASL", "GENTOO_GLSA-201406-32.NASL", "GENTOO_GLSA-201412-46.NASL", "GENTOO_GLSA-201502-12.NASL", "IBM_DOMINO_9_0_1_FP2.NASL", "IBM_NOTES_9_0_1_FP2.NASL", "JUNIPER_NSM_JSA10642.NASL", "JUNIPER_SPACE_JSA10659.NASL", "JUNIPER_SPACE_JSA10698.NASL", "MANDRIVA_MDVSA-2014-100.NASL", "MANDRIVA_MDVSA-2015-107.NASL", "OPENSUSE-2014-772.NASL", "OPENSUSE-2014-773.NASL", "ORACLELINUX_ELSA-2014-0406.NASL", "ORACLELINUX_ELSA-2014-0407.NASL", "ORACLELINUX_ELSA-2014-0408.NASL", "ORACLELINUX_ELSA-2014-0675.NASL", "ORACLELINUX_ELSA-2014-0685.NASL", "ORACLE_JAVA_CPU_APR_2014.NASL", "ORACLE_JAVA_CPU_APR_2014_UNIX.NASL", "ORACLE_JROCKIT_CPU_APR_2014.NASL", "REDHAT-RHSA-2014-0406.NASL", "REDHAT-RHSA-2014-0407.NASL", "REDHAT-RHSA-2014-0408.NASL", "REDHAT-RHSA-2014-0412.NASL", "REDHAT-RHSA-2014-0413.NASL", "REDHAT-RHSA-2014-0414.NASL", "REDHAT-RHSA-2014-0486.NASL", "REDHAT-RHSA-2014-0508.NASL", "REDHAT-RHSA-2014-0509.NASL", "REDHAT-RHSA-2014-0675.NASL", "REDHAT-RHSA-2014-0685.NASL", "REDHAT-RHSA-2014-0705.NASL", "REDHAT-RHSA-2014-0982.NASL", "SL_20140416_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20140416_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20140416_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SOLARIS10_118666.NASL", "SOLARIS10_118667.NASL", "SOLARIS10_125136.NASL", "SOLARIS10_125137.NASL", "SOLARIS10_X86_118668.NASL", "SOLARIS10_X86_118669.NASL", "SOLARIS10_X86_125138.NASL", "SOLARIS10_X86_125139.NASL", "SOLARIS8_118666.NASL", "SOLARIS8_118667.NASL", "SOLARIS8_125136.NASL", "SOLARIS8_125137.NASL", "SOLARIS8_X86_118668.NASL", "SOLARIS8_X86_118669.NASL", "SOLARIS8_X86_125138.NASL", "SOLARIS8_X86_125139.NASL", "SOLARIS9_118666.NASL", "SOLARIS9_118667.NASL", "SOLARIS9_125136.NASL", "SOLARIS9_125137.NASL", "SOLARIS9_X86_118668.NASL", "SOLARIS9_X86_118669.NASL", "SOLARIS9_X86_125138.NASL", "SOLARIS9_X86_125139.NASL", "SUSE_11_JAVA-1_6_0-IBM-140514.NASL", "SUSE_11_JAVA-1_7_0-IBM-140515.NASL", "SUSE_11_JAVA-1_7_0-OPENJDK-140508.NASL", "SUSE_SU-2014-0732-1.NASL", "UBUNTU_USN-2187-1.NASL", "UBUNTU_USN-2191-1.NASL", "VMWARE_VCENTER_UPDATE_MGR_VMSA-2014-0008.NASL", "VMWARE_VCENTER_VMSA-2014-0008.NASL", "WEBSPHERE_7_0_0_33.NASL", "WEBSPHERE_8_0_0_9.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105408", "OPENVAS:1361412562310105413", "OPENVAS:1361412562310108420", "OPENVAS:1361412562310108421", "OPENVAS:1361412562310108422", "OPENVAS:1361412562310108424", "OPENVAS:1361412562310120211", "OPENVAS:1361412562310120212", "OPENVAS:1361412562310121235", "OPENVAS:1361412562310121332", "OPENVAS:1361412562310121351", "OPENVAS:1361412562310123376", "OPENVAS:1361412562310123377", "OPENVAS:1361412562310123424", "OPENVAS:1361412562310123426", "OPENVAS:1361412562310123427", "OPENVAS:1361412562310702912", "OPENVAS:1361412562310702923", "OPENVAS:1361412562310804313", "OPENVAS:1361412562310804544", "OPENVAS:1361412562310804545", "OPENVAS:1361412562310804546", "OPENVAS:1361412562310841791", "OPENVAS:1361412562310841796", "OPENVAS:1361412562310850798", "OPENVAS:1361412562310850811", "OPENVAS:1361412562310850921", "OPENVAS:1361412562310851093", "OPENVAS:1361412562310851107", "OPENVAS:1361412562310871156", "OPENVAS:1361412562310871157", "OPENVAS:1361412562310871158", "OPENVAS:1361412562310871187", "OPENVAS:1361412562310871191", "OPENVAS:1361412562310881921", "OPENVAS:1361412562310881922", "OPENVAS:1361412562310881923", "OPENVAS:1361412562310881924", "OPENVAS:702912", "OPENVAS:702923", "OPENVAS:841791", "OPENVAS:871156", "OPENVAS:871157", "OPENVAS:871158", "OPENVAS:881921", "OPENVAS:881922", "OPENVAS:881923", "OPENVAS:881924"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2014-1972952"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0406", "ELSA-2014-0407", "ELSA-2014-0408", "ELSA-2014-0675", "ELSA-2014-0685"]}, {"type": "redhat", "idList": ["RHSA-2014:0406", "RHSA-2014:0407", "RHSA-2014:0408", "RHSA-2014:0412", "RHSA-2014:0413", "RHSA-2014:0414", "RHSA-2014:0486", "RHSA-2014:0508", "RHSA-2014:0509", "RHSA-2014:0675", "RHSA-2014:0685", "RHSA-2014:0705", "RHSA-2014:0982"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31682", "SECURITYVULNS:VULN:13697"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0639-1", "SUSE-SU-2014:0728-1", "SUSE-SU-2014:0728-2", "SUSE-SU-2014:0728-3", "SUSE-SU-2014:0733-1", "SUSE-SU-2014:0733-2"]}, {"type": "thn", "idList": ["THN:F163E519BC7D66DC74B0794EF8746E50"]}, {"type": "threatpost", "idList": ["THREATPOST:C6DD041BAAC1DCF6C44CCBD19C9F1F13"]}, {"type": "ubuntu", "idList": ["USN-2187-1", "USN-2191-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-0429", "UB:CVE-2014-0446", "UB:CVE-2014-0451", "UB:CVE-2014-0452", "UB:CVE-2014-0453", "UB:CVE-2014-0456", "UB:CVE-2014-0457", "UB:CVE-2014-0458", "UB:CVE-2014-0459", "UB:CVE-2014-0460", "UB:CVE-2014-0461", "UB:CVE-2014-0462", "UB:CVE-2014-1876", "UB:CVE-2014-2397", "UB:CVE-2014-2398", "UB:CVE-2014-2403", "UB:CVE-2014-2405", "UB:CVE-2014-2412", "UB:CVE-2014-2414", "UB:CVE-2014-2421", "UB:CVE-2014-2423", "UB:CVE-2014-2427"]}, {"type": "zdi", "idList": ["ZDI-14-102", "ZDI-14-105", "ZDI-14-114"]}]}, "backreferences": {"references": [{"type": "aix", "idList": ["JAVA_APR2014_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2014-326"]}, {"type": "centos", "idList": ["CESA-2014:0406", "CESA-2014:0407", "CESA-2014:0408"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1514", "CPAI-2014-1697"]}, {"type": "cve", "idList": ["CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-0462"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2912-1:45039"]}, {"type": "f5", "idList": ["F5:K15313", "SOL15315"]}, {"type": "gentoo", "idList": ["GLSA-201412-46"]}, {"type": "ibm", "idList": ["D8DA116B2D4493562BEA31A018D27CE43F1BE426379E1BC96AE3D277712CF0E4"]}, {"type": "kaspersky", "idList": ["KLA10001"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/IBM-AIX-CVE-2014-0446/", "MSF:ILITIES/IBM-AIX-CVE-2014-0453/", "MSF:ILITIES/IBM-AIX-CVE-2014-0457/", "MSF:ILITIES/IBM-AIX-CVE-2014-0460/"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2015-107.NASL", "ORACLELINUX_ELSA-2014-0408.NASL", "ORACLELINUX_ELSA-2014-0675.NASL", "REDHAT-RHSA-2014-0486.NASL", "SOLARIS10_125136.NASL", "SOLARIS10_X86_125138.NASL", "SOLARIS9_X86_118669.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:702912", "OPENVAS:702923", "OPENVAS:881923"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0406"]}, {"type": "redhat", "idList": ["RHSA-2014:0509"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0728-1"]}, {"type": "threatpost", "idList": ["THREATPOST:C6DD041BAAC1DCF6C44CCBD19C9F1F13"]}, {"type": "ubuntu", "idList": ["USN-2191-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-0446", "UB:CVE-2014-0453", "UB:CVE-2014-0460", "UB:CVE-2014-0461"]}, {"type": "zdi", "idList": ["ZDI-14-105", "ZDI-14-114"]}]}, "exploitation": null, "vulnersScore": 8.5}, "pluginID": "841796", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2191_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for openjdk-6 USN-2191-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841796);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:24:25 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0461\",\n \"CVE-2014-0462\", \"CVE-2014-2397\", \"CVE-2014-2405\", \"CVE-2014-2412\",\n \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\",\n \"CVE-2014-0453\", \"CVE-2014-0460\", \"CVE-2014-0459\", \"CVE-2014-1876\",\n \"CVE-2014-2398\", \"CVE-2014-2403\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for openjdk-6 USN-2191-1\");\n\n tag_insight = \"Several vulnerabilities were discovered in the OpenJDK JRE\nrelated to information disclosure, data integrity and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive data over\nthe network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,\nCVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-0462,\nCVE-2014-2397, CVE-2014-2405, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421,\nCVE-2014-2423, CVE-2014-2427)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit these\nto expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability.\nAn attacker could exploit this to cause a denial of service.\n(CVE-2014-0459)\n\nJakub Wilk discovered that the OpenJDK JRE incorrectly handled temporary\nfiles. A local attacker could possibly use this issue to overwrite\narbitrary files. In the default installation of Ubuntu, this should be\nprevented by the Yama link restrictions. (CVE-2014-1876)\n\nA vulnerability was discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2014-2398)\n\nA vulnerability was discovered in the OpenJDK JRE related to information\ndisclosure. An attacker could exploit this to expose sensitive data over\nthe network. (CVE-2014-2403)\";\n\n tag_affected = \"openjdk-6 on Ubuntu 12.04 LTS ,\n Ubuntu 10.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2191-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2191-1/\");\n script_summary(\"Check for the Version of openjdk-6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b31-1.13.3-1ubuntu1~0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b31-1.13.3-1ubuntu1~0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b31-1.13.3-1ubuntu1~0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b31-1.13.3-1ubuntu1~0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b31-1.13.3-1ubuntu1~0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{"openvas": [{"lastseen": "2019-05-29T18:37:29", "description": "Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.", "cvss3": {}, "published": "2014-04-24T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2912-1 (openjdk-6 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0462", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-2405", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310702912", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702912", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2912.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2912-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702912\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-0462\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2405\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_name(\"Debian Security Advisory DSA 2912-1 (openjdk-6 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-24 00:00:00 +0200 (Thu, 24 Apr 2014)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2912.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"openjdk-6 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), these problems have been fixed\nin version 6b31-1.13.3-1~deb6u1.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6b31-1.13.3-1~deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 6b31-1.13.3-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6b31-1.13.3-1.\n\nWe recommend that you upgrade your openjdk-6 packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-31T10:48:54", "description": "Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.", "cvss3": {}, "published": "2014-04-24T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2912-1 (openjdk-6 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0462", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-2405", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414"], "modified": "2017-07-14T00:00:00", "id": "OPENVAS:702912", "href": "http://plugins.openvas.org/nasl.php?oid=702912", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2912.nasl 6724 2017-07-14 09:57:17Z teissa $\n# Auto-generated from advisory DSA 2912-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"openjdk-6 on Debian Linux\";\ntag_insight = \"OpenJDK is a development environment for building applications,\napplets, and components using the Java programming language.\";\ntag_solution = \"For the oldstable distribution (squeeze), these problems have been fixed\nin version 6b31-1.13.3-1~deb6u1.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6b31-1.13.3-1~deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 6b31-1.13.3-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6b31-1.13.3-1.\n\nWe recommend that you upgrade your openjdk-6 packages.\";\ntag_summary = \"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702912);\n script_version(\"$Revision: 6724 $\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-0462\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2405\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_name(\"Debian Security Advisory DSA 2912-1 (openjdk-6 - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-14 11:57:17 +0200 (Fri, 14 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-04-24 00:00:00 +0200 (Thu, 24 Apr 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2912.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b31-1.13.3-1~deb6u1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b31-1.13.3-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-05-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for openjdk-6 USN-2191-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0462", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-2405", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841796", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841796", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2191_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for openjdk-6 USN-2191-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841796\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:24:25 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0461\",\n \"CVE-2014-0462\", \"CVE-2014-2397\", \"CVE-2014-2405\", \"CVE-2014-2412\",\n \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\",\n \"CVE-2014-0453\", \"CVE-2014-0460\", \"CVE-2014-0459\", \"CVE-2014-1876\",\n \"CVE-2014-2398\", \"CVE-2014-2403\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for openjdk-6 USN-2191-1\");\n\n script_tag(name:\"affected\", value:\"openjdk-6 on Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in the OpenJDK JRE\nrelated to information disclosure, data integrity and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive data over\nthe network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,\nCVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-0462,\nCVE-2014-2397, CVE-2014-2405, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421,\nCVE-2014-2423, CVE-2014-2427)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit these\nto expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability.\nAn attacker could exploit this to cause a denial of service.\n(CVE-2014-0459)\n\nJakub Wilk discovered that the OpenJDK JRE incorrectly handled temporary\nfiles. A local attacker could possibly use this issue to overwrite\narbitrary files. In the default installation of Ubuntu, this should be\nprevented by the Yama link restrictions. (CVE-2014-1876)\n\nA vulnerability was discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2014-2398)\n\nA vulnerability was discovered in the OpenJDK JRE related to information\ndisclosure. An attacker could exploit this to expose sensitive data over\nthe network. (CVE-2014-2403)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2191-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2191-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjdk-6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|10\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b31-1.13.3-1ubuntu1~0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b31-1.13.3-1ubuntu1~0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b31-1.13.3-1ubuntu1~0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b31-1.13.3-1ubuntu1~0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b31-1.13.3-1ubuntu1~0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:58", "description": "Oracle Linux Local Security Checks ELSA-2014-0408", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0408", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123426", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123426", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0408.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123426\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:39 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0408\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0408 - java-1.6.0-openjdk security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0408\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0408.html\");\n script_cve_id(\"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~5.1.13.3.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~5.1.13.3.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~5.1.13.3.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~5.1.13.3.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~5.1.13.3.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~5.1.13.3.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~5.1.13.3.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~5.1.13.3.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~5.1.13.3.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~5.1.13.3.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:05", "description": "Oracle Linux Local Security Checks ELSA-2014-0685", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0685", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123376", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0685.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123376\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:58 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0685\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0685 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0685\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0685.html\");\n script_cve_id(\"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~6.1.13.3.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~6.1.13.3.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~6.1.13.3.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~6.1.13.3.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~6.1.13.3.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2014:0408-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871158", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871158", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2014:0408-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871158\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:05:46 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\",\n \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\",\n \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\",\n \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2014:0408-01\");\n\n\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass certain Java sandbox\nrestrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423,\nCVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0408-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-April/msg00029.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~5.1.13.3.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~5.1.13.3.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~5.1.13.3.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~5.1.13.3.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~5.1.13.3.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~5.1.13.3.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~5.1.13.3.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~5.1.13.3.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~5.1.13.3.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~5.1.13.3.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:48:46", "description": "Check for the Version of java-1.6.0-openjdk", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2014:0408-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:871158", "href": "http://plugins.openvas.org/nasl.php?oid=871158", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2014:0408-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871158);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:05:46 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\",\n \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\",\n \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\",\n \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2014:0408-01\");\n\n tag_insight = \"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass certain Java sandbox\nrestrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423,\nCVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2014:0408-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2014-April/msg00029.html\");\n script_summary(\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~5.1.13.3.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~5.1.13.3.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~5.1.13.3.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~5.1.13.3.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~5.1.13.3.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~5.1.13.3.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~5.1.13.3.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~5.1.13.3.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~5.1.13.3.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~5.1.13.3.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:49:02", "description": "Check for the Version of java", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2014:0408 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:881924", "href": "http://plugins.openvas.org/nasl.php?oid=881924", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2014:0408 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881924);\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:03:20 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\",\n \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\",\n \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\",\n \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2014:0408 centos6 \");\n\n tag_insight = \"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java\nRuntime Environment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass certain Java sandbox\nrestrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423,\nCVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this flaw to\nperform a symbolic link attack and overwrite arbitrary files wit ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0408\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-April/020257.html\");\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~5.1.13.3.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~5.1.13.3.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~5.1.13.3.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~5.1.13.3.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~5.1.13.3.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2014:0408 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797"], "modified": "2019-05-24T00:00:00", "id": "OPENVAS:1361412562310881924", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881924", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2014:0408 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881924\");\n script_version(\"2019-05-24T11:20:30+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-24 11:20:30 +0000 (Fri, 24 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:03:20 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\",\n \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\",\n \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\",\n \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2014:0408 centos6\");\n\n script_tag(name:\"affected\", value:\"java on CentOS 6\");\n script_tag(name:\"insight\", value:\"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java\nRuntime Environment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass certain Java sandbox\nrestrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423,\nCVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this flaw to\nperform a symbolic link attack and overwrite arbitrary files with ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0408\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-April/020257.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~5.1.13.3.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~5.1.13.3.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~5.1.13.3.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~5.1.13.3.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~5.1.13.3.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:48:38", "description": "Check for the Version of java", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2014:0408 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:881923", "href": "http://plugins.openvas.org/nasl.php?oid=881923", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2014:0408 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881923);\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:02:45 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\",\n \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\",\n \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\",\n \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2014:0408 centos5 \");\n\n tag_insight = \"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java\nRuntime Environment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass certain Java sandbox\nrestrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423,\nCVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this flaw to\nperform a symbolic link attack and overwrite arbitrary files wit ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0408\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-April/020258.html\");\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~5.1.13.3.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~5.1.13.3.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~5.1.13.3.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~5.1.13.3.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~5.1.13.3.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2014:0408 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797"], "modified": "2019-05-24T00:00:00", "id": "OPENVAS:1361412562310881923", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881923", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2014:0408 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881923\");\n script_version(\"2019-05-24T11:20:30+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-24 11:20:30 +0000 (Fri, 24 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:02:45 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\",\n \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\",\n \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\",\n \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2014:0408 centos5\");\n\n script_tag(name:\"affected\", value:\"java on CentOS 5\");\n script_tag(name:\"insight\", value:\"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java\nRuntime Environment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass certain Java sandbox\nrestrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423,\nCVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this flaw to\nperform a symbolic link attack and overwrite arbitrary files with ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0408\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-April/020258.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~5.1.13.3.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~5.1.13.3.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~5.1.13.3.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~5.1.13.3.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~5.1.13.3.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-04T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2014:0685-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871191", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871191", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2014:0685-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871191\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-04 16:48:51 +0530 (Fri, 04 Jul 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\",\n \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\",\n \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\",\n \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2014:0685-01\");\n\n\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"insight\", value:\"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass certain Java sandbox\nrestrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423,\nCVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this flaw to\nperform a symbolic l ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0685-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00023.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~6.1.13.3.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~6.1.13.3.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~6.1.13.3.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:01:18", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-326)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120211", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120211", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120211\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:20:15 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-326)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenJDK. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update java-1.6.0-openjdk to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-326.html\");\n script_cve_id(\"CVE-2014-0451\", \"CVE-2013-5797\", \"CVE-2014-2427\", \"CVE-2014-2421\", \"CVE-2014-0429\", \"CVE-2014-2414\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2423\", \"CVE-2014-2397\", \"CVE-2014-1876\", \"CVE-2014-2398\", \"CVE-2014-0457\", \"CVE-2014-0456\", \"CVE-2014-0453\", \"CVE-2014-0452\", \"CVE-2014-0446\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-0458\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~67.1.13.3.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~67.1.13.3.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~67.1.13.3.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~67.1.13.3.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~67.1.13.3.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~67.1.13.3.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2014:0407-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797", "CVE-2014-2402"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871156", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871156", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2014:0407-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871156\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:04:24 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\",\n \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\",\n \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\",\n \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\",\n \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\",\n \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2014:0407-01\");\n\n\n script_tag(name:\"affected\", value:\"java-1.7.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,\nCVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0407-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-April/msg00028.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.7.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.55~2.4.7.1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.55~2.4.7.1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.55~2.4.7.1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.55~2.4.7.1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.55~2.4.7.1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.55~2.4.7.1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2014:0406 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797", "CVE-2014-2402"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881922", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881922", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2014:0406 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881922\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:01:55 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\",\n \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\",\n \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\",\n \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\",\n \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\",\n \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2014:0406 centos6\");\n\n script_tag(name:\"affected\", value:\"java on CentOS 6\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide the OpenJDK 7 Java\nRuntime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,\nCVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could p ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0406\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-April/020256.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.55~2.4.7.1.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.55~2.4.7.1.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.55~2.4.7.1.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.55~2.4.7.1.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.55~2.4.7.1.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-04T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2014:0675-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797", "CVE-2014-2402"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871187", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871187", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2014:0675-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871187\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-04 16:48:43 +0530 (Fri, 04 Jul 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\",\n \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\",\n \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\",\n \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\",\n \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\",\n \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2014:0675-01\");\n\n\n script_tag(name:\"affected\", value:\"java-1.7.0-openjdk on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,\nCVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0675-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00018.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.7.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.55~2.4.7.2.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.55~2.4.7.2.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.55~2.4.7.2.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-headless\", rpm:\"java-1.7.0-openjdk-headless~1.7.0.55~2.4.7.2.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:56", "description": "Oracle Linux Local Security Checks ELSA-2014-0407", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0407", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2014-2402"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123427", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0407.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123427\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:40 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0407\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0407 - java-1.7.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0407\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0407.html\");\n script_cve_id(\"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.55~2.4.7.1.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.55~2.4.7.1.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.55~2.4.7.1.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.55~2.4.7.1.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.55~2.4.7.1.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-05-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for openjdk-7 USN-2187-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2014-2402"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841791", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841791", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2187_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for openjdk-7 USN-2187-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841791\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:23:19 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\",\n \"CVE-2014-0458\", \"CVE-2014-0461\", \"CVE-2014-2397\", \"CVE-2014-2402\",\n \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\",\n \"CVE-2014-2427\", \"CVE-2014-0453\", \"CVE-2014-0460\", \"CVE-2014-0459\",\n \"CVE-2014-1876\", \"CVE-2014-2398\", \"CVE-2014-2413\", \"CVE-2014-2403\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for openjdk-7 USN-2187-1\");\n\n script_tag(name:\"affected\", value:\"openjdk-7 on Ubuntu 14.04 LTS,\n Ubuntu 13.10,\n Ubuntu 12.10\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in the OpenJDK JRE\nrelated to information disclosure, data integrity and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive data over\nthe network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,\nCVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458,\nCVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414,\nCVE-2014-2421, CVE-2014-2423, CVE-2014-2427)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit these\nto expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability.\nAn attacker could exploit this to cause a denial of service.\n(CVE-2014-0459)\n\nJakub Wilk discovered that the OpenJDK JRE incorrectly handled temporary\nfiles. A local attacker could possibly use this issue to overwrite\narbitrary files. In the default installation of Ubuntu, this should be\nprevented by the Yama link restrictions. (CVE-2014-1876)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2014-2398, CVE-2014-2413)\n\nA vulnerability was discovered in the OpenJDK JRE related to information\ndisclosure. An attacker could exploit this to expose sensitive data over\nthe network. (CVE-2014-2403)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2187-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2187-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjdk-7'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|13\\.10|12\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:i386\", ver:\"7u55-2.4.7-1ubuntu1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:i386\", ver:\"7u55-2.4.7-1ubuntu1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:i386\", ver:\"7u55-2.4.7-1ubuntu1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u55-2.4.7-1ubuntu1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:i386\", ver:\"7u55-2.4.7-1ubuntu1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:i386\", ver:\"7u55-2.4.7-1ubuntu1~0.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:i386\", ver:\"7u55-2.4.7-1ubuntu1~0.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:i386\", ver:\"7u55-2.4.7-1ubuntu1~0.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u55-2.4.7-1ubuntu1~0.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:i386\", ver:\"7u55-2.4.7-1ubuntu1~0.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-cacao\", ver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm\", ver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre\", ver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless\", ver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero\", ver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2014:0407 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797", "CVE-2014-2402"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881921", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881921", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2014:0407 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881921\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:01:13 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\",\n \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\",\n \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\",\n \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\",\n \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\",\n \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2014:0407 centos5\");\n\n script_tag(name:\"affected\", value:\"java on CentOS 5\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide the OpenJDK 7 Java\nRuntime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,\nCVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could p ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0407\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-April/020259.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.55~2.4.7.1.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.55~2.4.7.1.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.55~2.4.7.1.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.55~2.4.7.1.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.55~2.4.7.1.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:00:45", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-327)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797", "CVE-2014-2402"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120212", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120212", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120212\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:20:23 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-327)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenJDK. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update java-1.7.0-openjdk to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-327.html\");\n script_cve_id(\"CVE-2014-0446\", \"CVE-2013-5797\", \"CVE-2014-2427\", \"CVE-2014-2421\", \"CVE-2014-0429\", \"CVE-2014-2414\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2413\", \"CVE-2014-2412\", \"CVE-2014-2423\", \"CVE-2014-2397\", \"CVE-2014-1876\", \"CVE-2014-2398\", \"CVE-2014-0457\", \"CVE-2014-0456\", \"CVE-2014-0455\", \"CVE-2014-0454\", \"CVE-2014-0453\", \"CVE-2014-0452\", \"CVE-2014-0451\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-0459\", \"CVE-2014-0458\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.55~2.4.7.1.40.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.55~2.4.7.1.40.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.55~2.4.7.1.40.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.55~2.4.7.1.40.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.55~2.4.7.1.40.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.55~2.4.7.1.40.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:48:59", "description": "Check for the Version of java", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2014:0406 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797", "CVE-2014-2402"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:881922", "href": "http://plugins.openvas.org/nasl.php?oid=881922", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2014:0406 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881922);\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:01:55 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\",\n \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\",\n \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\",\n \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\",\n \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\",\n \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2014:0406 centos6 \");\n\n tag_insight = \"The java-1.7.0-openjdk packages provide the OpenJDK 7 Java\nRuntime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,\nCVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could p ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0406\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-April/020256.html\");\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.55~2.4.7.1.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.55~2.4.7.1.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.55~2.4.7.1.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.55~2.4.7.1.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.55~2.4.7.1.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:48:39", "description": "Check for the Version of java", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2014:0407 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797", "CVE-2014-2402"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:881921", "href": "http://plugins.openvas.org/nasl.php?oid=881921", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2014:0407 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881921);\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:01:13 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\",\n \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\",\n \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\",\n \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\",\n \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\",\n \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2014:0407 centos5 \");\n\n tag_insight = \"The java-1.7.0-openjdk packages provide the OpenJDK 7 Java\nRuntime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,\nCVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could p ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0407\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-April/020259.html\");\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.55~2.4.7.1.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.55~2.4.7.1.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.55~2.4.7.1.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.55~2.4.7.1.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.55~2.4.7.1.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:48:32", "description": "Check for the Version of java-1.7.0-openjdk", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2014:0407-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797", "CVE-2014-2402"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:871156", "href": "http://plugins.openvas.org/nasl.php?oid=871156", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2014:0407-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871156);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:04:24 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\",\n \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\",\n \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\",\n \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\",\n \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\",\n \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2014:0407-01\");\n\n tag_insight = \"The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,\nCVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java-1.7.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2014:0407-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2014-April/msg00028.html\");\n script_summary(\"Check for the Version of java-1.7.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.55~2.4.7.1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.55~2.4.7.1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.55~2.4.7.1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.55~2.4.7.1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.55~2.4.7.1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.55~2.4.7.1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:17:13", "description": "Check for the Version of openjdk-7", "cvss3": {}, "published": "2014-05-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for openjdk-7 USN-2187-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2014-2402"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841791", "href": "http://plugins.openvas.org/nasl.php?oid=841791", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2187_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for openjdk-7 USN-2187-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841791);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:23:19 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\",\n \"CVE-2014-0458\", \"CVE-2014-0461\", \"CVE-2014-2397\", \"CVE-2014-2402\",\n \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\",\n \"CVE-2014-2427\", \"CVE-2014-0453\", \"CVE-2014-0460\", \"CVE-2014-0459\",\n \"CVE-2014-1876\", \"CVE-2014-2398\", \"CVE-2014-2413\", \"CVE-2014-2403\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for openjdk-7 USN-2187-1\");\n\n tag_insight = \"Several vulnerabilities were discovered in the OpenJDK JRE\nrelated to information disclosure, data integrity and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive data over\nthe network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,\nCVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458,\nCVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414,\nCVE-2014-2421, CVE-2014-2423, CVE-2014-2427)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit these\nto expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability.\nAn attacker could exploit this to cause a denial of service.\n(CVE-2014-0459)\n\nJakub Wilk discovered that the OpenJDK JRE incorrectly handled temporary\nfiles. A local attacker could possibly use this issue to overwrite\narbitrary files. In the default installation of Ubuntu, this should be\nprevented by the Yama link restrictions. (CVE-2014-1876)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2014-2398, CVE-2014-2413)\n\nA vulnerability was discovered in the OpenJDK JRE related to information\ndisclosure. An attacker could exploit this to expose sensitive data over\nthe network. (CVE-2014-2403)\";\n\n tag_affected = \"openjdk-7 on Ubuntu 14.04 LTS ,\n Ubuntu 13.10 ,\n Ubuntu 12.10\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2187-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2187-1/\");\n script_summary(\"Check for the Version of openjdk-7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:i386\", ver:\"7u55-2.4.7-1ubuntu1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:i386\", ver:\"7u55-2.4.7-1ubuntu1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:i386\", ver:\"7u55-2.4.7-1ubuntu1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u55-2.4.7-1ubuntu1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:i386\", ver:\"7u55-2.4.7-1ubuntu1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:i386\", ver:\"7u55-2.4.7-1ubuntu1~0.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:i386\", ver:\"7u55-2.4.7-1ubuntu1~0.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:i386\", ver:\"7u55-2.4.7-1ubuntu1~0.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u55-2.4.7-1ubuntu1~0.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:i386\", ver:\"7u55-2.4.7-1ubuntu1~0.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-cacao\", ver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm\", ver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre\", ver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless\", ver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero\", ver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:53", "description": "Oracle Linux Local Security Checks ELSA-2014-0406", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0406", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2014-2402"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123424", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123424", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0406.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123424\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:37 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0406\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0406 - java-1.7.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0406\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0406.html\");\n script_cve_id(\"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.55~2.4.7.1.0.1.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.55~2.4.7.1.0.1.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.55~2.4.7.1.0.1.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.55~2.4.7.1.0.1.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.55~2.4.7.1.0.1.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:04", "description": "Oracle Linux Local Security Checks ELSA-2014-0675", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0675", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2014-2402"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123377", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123377", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0675.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123377\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:59 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0675\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0675 - java-1.7.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0675\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0675.html\");\n script_cve_id(\"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.55~2.4.7.2.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-accessibility\", rpm:\"java-1.7.0-openjdk-accessibility~1.7.0.55~2.4.7.2.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.55~2.4.7.2.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.55~2.4.7.2.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-headless\", rpm:\"java-1.7.0-openjdk-headless~1.7.0.55~2.4.7.2.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.55~2.4.7.2.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.55~2.4.7.2.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:48:50", "description": "Check for the Version of java-1.7.0-openjdk", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2014:0406-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797", "CVE-2014-2402"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:871157", "href": "http://plugins.openvas.org/nasl.php?oid=871157", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2014:0406-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871157);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:05:02 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\",\n \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\",\n \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\",\n \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\",\n \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\",\n \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2014:0406-01\");\n\n tag_insight = \"The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,\nCVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE- ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java-1.7.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2014:0406-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2014-April/msg00027.html\");\n script_summary(\"Check for the Version of java-1.7.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.55~2.4.7.1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.55~2.4.7.1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.55~2.4.7.1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.55~2.4.7.1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2014:0406-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797", "CVE-2014-2402"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871157", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2014:0406-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871157\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:05:02 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\",\n \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\",\n \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\",\n \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\",\n \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\",\n \"CVE-2013-5797\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2014:0406-01\");\n\n\n script_tag(name:\"affected\", value:\"java-1.7.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,\nCVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE- ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0406-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-April/msg00027.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.7.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.55~2.4.7.1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.55~2.4.7.1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.55~2.4.7.1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.55~2.4.7.1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:37:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for OpenJDK (SUSE-SU-2014:0639-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2013-6954", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2013-6629", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2014-2402"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851107", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851107\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 20:10:12 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2013-6629\", \"CVE-2013-6954\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for OpenJDK (SUSE-SU-2014:0639-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'OpenJDK'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This java-1_7_0-openjdk update to version 2.4.7 fixes the following\n security and non-security issues:\n\n *\n\n Security fixes\n\n o S8023046: Enhance splashscreen support o S8025005: Enhance\n CORBA initializations o S8025010, CVE-2014-2412: Enhance AWT contexts o\n S8025030, CVE-2014-2414: Enhance stream handling o S8025152,\n CVE-2014-0458: Enhance activation set up o S8026067: Enhance signed jar\n verification o S8026163, CVE-2014-2427: Enhance media provisioning o\n S8026188, CVE-2014-2423: Enhance envelope factory o S8026200: Enhance\n RowSet Factory o S8026716, CVE-2014-2402: (aio) Enhance asynchronous\n channel handling o S8026736, CVE-2014-2398: Enhance Javadoc pages o\n S8026797, CVE-2014-0451: Enhance data transfers o S8026801, CVE-2014-0452:\n Enhance endpoint addressing o S8027766, CVE-2014-0453: Enhance RSA\n processing o S8027775: Enhance ICU code. o S8027841, CVE-2014-0429:\n Enhance pixel manipulations o S8028385: Enhance RowSet Factory o S8029282,\n CVE-2014-2403: Enhance CharInfo set up o S8029286: Enhance subject\n delegation o S8029699: Update Poller demo o S8029730: Improve audio device\n additions o S8029735: Enhance service mgmt natives o S8029740,\n CVE-2014-0446: Enhance handling of loggers o S8029745, CVE-2014-0454:\n Enhance algorithm checking o S8029750: Enhance LCMS color processing\n (in-tree LCMS) o S8029760, CVE-2013-6629: Enhance AWT image libraries\n (in-tree libjpeg) o S8029844, CVE-2014-0455: Enhance argument validation o\n S8029854, CVE-2014-2421: Enhance JPEG decodings o S8029858, CVE-2014-0456:\n Enhance array copies o S8030731, CVE-2014-0460: Improve name service\n robustness o S8031330: Refactor ObjectFactory o S8031335, CVE-2014-0459:\n Better color profiling (in-tree LCMS) o S8031352, CVE-2013-6954: Enhance\n PNG handling (in-tree libpng) o S8031394, CVE-2014-0457: (sl) Fix\n exception handling in ServiceLoader o S8031395: Enhance LDAP processing o\n S8032686, CVE-2014-2413: Issues with method invoke o S8033618,\n CVE-2014-1876: Correct logging output o S8034926, CVE-2014-2397: Attribute\n classes properly o S8036794, CVE-2014-0461: Manage JavaScript instances\n *\n\n Backports\n\n o S8004145: New improved hgforest.sh, ctrl-c now properly\n terminates mercurial processes. o S8007625: race with nested repos in\n /common/bin/hgforest.sh o S8011178: improve common/bin/hgforest.sh python\n detection (MacOS) o S8011342: hgforest.sh:'python --version' not\n supported on older python o S8011350: hgforest.sh uses non-POSIX sh\n features that may fail with some shells o S8024200: handle hg wrapper with\n space after #! o S8025796: h ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"OpenJDK on SUSE Linux Enterprise Desktop 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0639-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.6~0.27.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.6~0.27.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.6~0.27.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-08-01T10:48:32", "description": "Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.", "cvss3": {}, "published": "2014-05-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2923-1 (openjdk-7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2013-6954", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2013-6629", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2014-2402"], "modified": "2017-07-17T00:00:00", "id": "OPENVAS:702923", "href": "http://plugins.openvas.org/nasl.php?oid=702923", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2923.nasl 6735 2017-07-17 09:56:49Z teissa $\n# Auto-generated from advisory DSA 2923-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"openjdk-7 on Debian Linux\";\ntag_insight = \"OpenJDK is a development environment for building applications,\napplets, and components using the Java programming language.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 7u55-2.4.7-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7u55-2.4.7-1.\n\nWe recommend that you upgrade your openjdk-7 packages.\";\ntag_summary = \"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702923);\n script_version(\"$Revision: 6735 $\");\n script_cve_id(\"CVE-2013-6629\", \"CVE-2013-6954\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_name(\"Debian Security Advisory DSA 2923-1 (openjdk-7 - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-17 11:56:49 +0200 (Mon, 17 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-05-05 00:00:00 +0200 (Mon, 05 May 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2923.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icedtea-7-jre-cacao\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-dbg\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-demo\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-doc\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jdk\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-source\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-7-jre-cacao\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-dbg\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-demo\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-doc\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jdk\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-source\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-7-jre-cacao\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-dbg\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-demo\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-doc\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jdk\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-source\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-7-jre-cacao\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-dbg\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-demo\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-doc\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jdk\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-source\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:25", "description": "Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.", "cvss3": {}, "published": "2014-05-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2923-1 (openjdk-7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-2413", "CVE-2014-0454", "CVE-2013-6954", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2013-6629", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2014-2402"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310702923", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702923", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2923.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2923-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702923\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2013-6629\", \"CVE-2013-6954\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_name(\"Debian Security Advisory DSA 2923-1 (openjdk-7 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 00:00:00 +0200 (Mon, 05 May 2014)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2923.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"openjdk-7 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 7u55-2.4.7-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7u55-2.4.7-1.\n\nWe recommend that you upgrade your openjdk-7 packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"icedtea-7-jre-cacao\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-dbg\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-demo\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-doc\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-jdk\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-jre\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-source\", ver:\"7u55-2.4.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:48", "description": "This host is installed with Oracle Java\n SE and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2014-04-18T00:00:00", "type": "openvas", "title": "Oracle Java SE Multiple Vulnerabilities-01 Apr 2014 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0457", "CVE-2014-0446", "CVE-2014-2427", "CVE-2014-0453", "CVE-2014-0429", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2401", "CVE-2014-2398", "CVE-2014-0451"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310108420", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108420", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_java_mult_vuln01_apr14_lin.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# Oracle Java SE Multiple Vulnerabilities-01 Apr 2014 (Linux)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:jre\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108420\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\",\n \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2421\",\n \"CVE-2014-2427\", \"CVE-2014-2412\", \"CVE-2014-0457\");\n script_bugtraq_id(66856, 66903, 66879, 66914, 66916, 66920, 66911, 66881, 66909,\n 66873, 66866);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-18 15:52:17 +0530 (Fri, 18 Apr 2014)\");\n script_name(\"Oracle Java SE Multiple Vulnerabilities-01 Apr 2014 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Oracle Java\n SE and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities exists, For more\n details about the vulnerabilities refer the reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to manipulate certain data, cause a DoS (Denial of Service) and compromise a\n vulnerable system.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE version 5.0u61, 6u71, 7u51\n and 8 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Java version 8u5 or 7u55 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57932\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57997\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Linux/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!jreVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(jreVer =~ \"^(1\\.(5|6|7|8))\")\n{\n if(version_is_equal(version:jreVer, test_version:\"1.5.0.61\")||\n version_is_equal(version:jreVer, test_version:\"1.6.0.71\")||\n version_is_equal(version:jreVer, test_version:\"1.7.0.51\")||\n version_is_equal(version:jreVer, test_version:\"1.8.0\"))\n {\n report = report_fixed_ver(installed_version:jreVer, fixed_version: \"Upgrade to 8u5 or 7u55\");\n security_message(data:report);\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:19", "description": "This host is installed with Oracle Java\n SE and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2014-04-18T00:00:00", "type": "openvas", "title": "Oracle Java SE Multiple Vulnerabilities-01 Apr 2014 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0457", "CVE-2014-0446", "CVE-2014-2427", "CVE-2014-0453", "CVE-2014-0429", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2401", "CVE-2014-2398", "CVE-2014-0451"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310804544", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804544", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_java_mult_vuln01_apr14.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# Oracle Java SE Multiple Vulnerabilities-01 Apr 2014 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:jre\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804544\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\",\n \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2421\",\n \"CVE-2014-2427\", \"CVE-2014-2412\", \"CVE-2014-0457\");\n script_bugtraq_id(66856, 66903, 66879, 66914, 66916, 66920, 66911, 66881, 66909,\n 66873, 66866);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-18 15:52:17 +0530 (Fri, 18 Apr 2014)\");\n script_name(\"Oracle Java SE Multiple Vulnerabilities-01 Apr 2014 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Oracle Java\n SE and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities exists, For more\n details about the vulnerabilities refer the reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to manipulate certain data, cause a DoS (Denial of Service) and compromise a\n vulnerable system.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE version 5.0u61, 6u71, 7u51\n and 8 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Java version 8u5 or 7u55 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57932\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57997\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!jreVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(jreVer =~ \"^(1\\.(5|6|7|8))\")\n{\n if(version_is_equal(version:jreVer, test_version:\"1.5.0.61\")||\n version_is_equal(version:jreVer, test_version:\"1.6.0.71\")||\n version_is_equal(version:jreVer, test_version:\"1.7.0.51\")||\n version_is_equal(version:jreVer, test_version:\"1.8.0\"))\n {\n report = report_fixed_ver(installed_version:jreVer, fixed_version: \"Upgrade to 8u5 or 7u55\");\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:38:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-13T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for IBM Java (SUSE-SU-2014:0728-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0457", "CVE-2014-0446", "CVE-2014-2420", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2013-6954", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0429", "CVE-2014-0878", "CVE-2014-0449", "CVE-2014-2412", "CVE-2014-2428", "CVE-2014-2421", "CVE-2014-0428", "CVE-2014-0460", "CVE-2014-2401", "CVE-2014-2423", "CVE-2014-2409", "CVE-2013-6629", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850798", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850798", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850798\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:00 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2013-6629\", \"CVE-2013-6954\", \"CVE-2014-0428\", \"CVE-2014-0429\",\n \"CVE-2014-0446\", \"CVE-2014-0449\", \"CVE-2014-0451\", \"CVE-2014-0452\",\n \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\",\n \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-0878\", \"CVE-2014-1876\",\n \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2409\", \"CVE-2014-2412\",\n \"CVE-2014-2414\", \"CVE-2014-2420\", \"CVE-2014-2421\", \"CVE-2014-2423\",\n \"CVE-2014-2427\", \"CVE-2014-2428\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for IBM Java (SUSE-SU-2014:0728-3)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'IBM Java'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"BM Java 6 was updated to version 6 SR16 to fix several security issues and\n various other bugs.\n\n Security Issues references:\n\n * CVE-2013-6629\n\n * CVE-2013-6954\n\n * CVE-2014-0429\n\n * CVE-2014-0446\n\n * CVE-2014-0449\n\n * CVE-2014-0451\n\n * CVE-2014-0452\n\n * CVE-2014-0457\n\n * CVE-2014-0458\n\n * CVE-2014-0459\n\n * CVE-2014-0460\n\n * CVE-2014-0461\n\n * CVE-2014-1876\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"IBM Java on SUSE Linux Enterprise Server 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0728-3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-ibm\", rpm:\"java-1_6_0-ibm~1.6.0_sr16.0~0.3.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-ibm-fonts\", rpm:\"java-1_6_0-ibm-fonts~1.6.0_sr16.0~0.3.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-ibm-jdbc\", rpm:\"java-1_6_0-ibm-jdbc~1.6.0_sr16.0~0.3.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-ibm-plugin\", rpm:\"java-1_6_0-ibm-plugin~1.6.0_sr16.0~0.3.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-ibm-alsa\", rpm:\"java-1_6_0-ibm-alsa~1.6.0_sr16.0~0.3.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:37:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for IBM Java (SUSE-SU-2014:0728-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0457", "CVE-2014-0446", "CVE-2014-2420", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2013-6954", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0429", "CVE-2014-0878", "CVE-2014-0449", "CVE-2014-2412", "CVE-2014-2428", "CVE-2014-2421", "CVE-2014-0428", "CVE-2014-0460", "CVE-2014-2401", "CVE-2014-2423", "CVE-2014-2409", "CVE-2013-6629", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850921", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850921", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850921\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 14:23:14 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2013-6629\", \"CVE-2013-6954\", \"CVE-2014-0428\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0449\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-0878\", \"CVE-2014-1876\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2409\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2420\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2014-2428\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for IBM Java (SUSE-SU-2014:0728-2)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'IBM Java'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"IBM Java 6 was updated to version 6 SR16 to fix several security issues\n and various other bugs.\n\n Security Issues references:\n\n * CVE-2013-6629\n\n * CVE-2013-6954\n\n * CVE-2014-0429\n\n * CVE-2014-0446\n\n * CVE-2014-0449\n\n * CVE-2014-0451\n\n * CVE-2014-0452\n\n * CVE-2014-0457\n\n * CVE-2014-0458\n\n * CVE-2014-0459\n\n * CVE-2014-0460\n\n * CVE-2014-0461\n\n * CVE-2014-1876\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"IBM Java on SUSE Linux Enterprise Server 11 SP2 LTSS\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0728-2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP2\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-ibm\", rpm:\"java-1_6_0-ibm~1.6.0_sr16.0~0.3.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-ibm-devel\", rpm:\"java-1_6_0-ibm-devel~1.6.0_sr16.0~0.3.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-ibm-fonts\", rpm:\"java-1_6_0-ibm-fonts~1.6.0_sr16.0~0.3.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-ibm-jdbc\", rpm:\"java-1_6_0-ibm-jdbc~1.6.0_sr16.0~0.3.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-ibm-plugin\", rpm:\"java-1_6_0-ibm-plugin~1.6.0_sr16.0~0.3.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-ibm-alsa\", rpm:\"java-1_6_0-ibm-alsa~1.6.0_sr16.0~0.3.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:37:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-13T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for IBM Java (SUSE-SU-2014:0733-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-2420", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0454", "CVE-2013-6954", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0429", "CVE-2014-0878", "CVE-2014-0449", "CVE-2014-2412", "CVE-2014-2428", "CVE-2014-2421", "CVE-2014-0428", "CVE-2014-0460", "CVE-2014-0448", "CVE-2014-2401", "CVE-2014-2423", "CVE-2014-2409", "CVE-2013-6629", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2014-2402"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850811", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850811", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850811\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:01 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2013-6629\", \"CVE-2013-6954\", \"CVE-2014-0428\", \"CVE-2014-0429\",\n \"CVE-2014-0446\", \"CVE-2014-0448\", \"CVE-2014-0449\", \"CVE-2014-0451\",\n \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\",\n \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\",\n \"CVE-2014-0461\", \"CVE-2014-0878\", \"CVE-2014-1876\", \"CVE-2014-2398\",\n \"CVE-2014-2401\", \"CVE-2014-2402\", \"CVE-2014-2409\", \"CVE-2014-2412\",\n \"CVE-2014-2414\", \"CVE-2014-2420\", \"CVE-2014-2421\", \"CVE-2014-2423\",\n \"CVE-2014-2427\", \"CVE-2014-2428\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for IBM Java (SUSE-SU-2014:0733-2)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'IBM Java'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"IBM Java 7 was updated to version SR7, which received security and bug\n fixes.\");\n\n script_xref(name:\"URL\", value:\"http://www.ibm.com/developerworks/java/jdk/aix/j764/Java7_64.fixes.html#SR7\");\n\n script_tag(name:\"affected\", value:\"IBM Java on SUSE Linux Enterprise Server 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0733-2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-ibm\", rpm:\"java-1_7_0-ibm~1.7.0_sr7.0~0.5.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-ibm-jdbc\", rpm:\"java-1_7_0-ibm-jdbc~1.7.0_sr7.0~0.5.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-ibm-alsa\", rpm:\"java-1_7_0-ibm-alsa~1.7.0_sr7.0~0.5.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-ibm-plugin\", rpm:\"java-1_7_0-ibm-plugin~1.7.0_sr7.0~0.5.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:38:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for IBM Java (SUSE-SU-2014:0733-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-2420", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0454", "CVE-2013-6954", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0429", "CVE-2014-0878", "CVE-2014-0449", "CVE-2014-2412", "CVE-2014-2428", "CVE-2014-2421", "CVE-2014-0428", "CVE-2014-0460", "CVE-2014-0448", "CVE-2014-2401", "CVE-2014-2423", "CVE-2014-2409", "CVE-2013-6629", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2014-2402"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851093", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851093", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851093\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 19:47:47 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2013-6629\", \"CVE-2013-6954\", \"CVE-2014-0428\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0448\", \"CVE-2014-0449\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-0878\", \"CVE-2014-1876\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2402\", \"CVE-2014-2409\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2420\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2014-2428\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for IBM Java (SUSE-SU-2014:0733-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'IBM Java'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"IBM Java 7 was updated to version SR7, which received security and bug\n fixes.\");\n\n script_xref(name:\"URL\", value:\"http://www.ibm.com/developerworks/java/jdk/aix/j764/Java7_64.fixes.html#SR7\");\n\n script_tag(name:\"affected\", value:\"IBM Java on SUSE Linux Enterprise Server 11 SP2 LTSS\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0733-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP2\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-ibm\", rpm:\"java-1_7_0-ibm~1.7.0_sr7.0~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-ibm-devel\", rpm:\"java-1_7_0-ibm-devel~1.7.0_sr7.0~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-ibm-jdbc\", rpm:\"java-1_7_0-ibm-jdbc~1.7.0_sr7.0~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-ibm-alsa\", rpm:\"java-1_7_0-ibm-alsa~1.7.0_sr7.0~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-ibm-plugin\", rpm:\"java-1_7_0-ibm-plugin~1.7.0_sr7.0~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:13", "description": "This host is installed with Oracle Java\n SE and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2014-04-18T00:00:00", "type": "openvas", "title": "Oracle Java SE Multiple Vulnerabilities-03 Apr 2014 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2420", "CVE-2014-0458", "CVE-2014-0461", "CVE-2014-0456", "CVE-2014-2403", "CVE-2014-0449", "CVE-2014-2428", "CVE-2014-2423", "CVE-2014-2409", "CVE-2014-0452", "CVE-2014-2414"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310804546", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804546", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_java_mult_vuln03_apr14.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# Oracle Java SE Multiple Vulnerabilities-03 Apr 2014 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:jre\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804546\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2014-0449\", \"CVE-2014-0452\", \"CVE-2014-0456\", \"CVE-2014-0458\",\n \"CVE-2014-0461\", \"CVE-2014-2403\", \"CVE-2014-2409\", \"CVE-2014-2414\",\n \"CVE-2014-2420\", \"CVE-2014-2423\", \"CVE-2014-2428\");\n script_bugtraq_id(66907, 66891, 66877, 66883, 66902, 66918, 66915, 66894, 66919,\n 66887, 66870);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-18 16:32:50 +0530 (Fri, 18 Apr 2014)\");\n script_name(\"Oracle Java SE Multiple Vulnerabilities-03 Apr 2014 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Oracle Java\n SE and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities exists, For more\n details about the vulnerabilities refer the reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to manipulate certain data, cause a DoS (Denial of Service) and compromise a\n vulnerable system.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE version 6u71, 7u51, and\n 8 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Java version 8u5 or 7u55 or\n later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57932\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57997\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!jreVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(jreVer =~ \"^(1\\.(6|7|8))\")\n{\n if(version_is_equal(version:jreVer, test_version:\"1.6.0.71\")||\n version_is_equal(version:jreVer, test_version:\"1.7.0.51\")||\n version_is_equal(version:jreVer, test_version:\"1.8.0\"))\n {\n report = report_fixed_ver(installed_version:jreVer, fixed_version: \"8u5 or 7u55\");\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:48", "description": "This host is installed with Oracle Java\n SE and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2014-04-18T00:00:00", "type": "openvas", "title": "Oracle Java SE Multiple Vulnerabilities-03 Apr 2014 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2420", "CVE-2014-0458", "CVE-2014-0461", "CVE-2014-0456", "CVE-2014-2403", "CVE-2014-0449", "CVE-2014-2428", "CVE-2014-2423", "CVE-2014-2409", "CVE-2014-0452", "CVE-2014-2414"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310108422", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108422", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_java_mult_vuln03_apr14_lin.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# Oracle Java SE Multiple Vulnerabilities-03 Apr 2014 (Linux)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:jre\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108422\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2014-0449\", \"CVE-2014-0452\", \"CVE-2014-0456\", \"CVE-2014-0458\",\n \"CVE-2014-0461\", \"CVE-2014-2403\", \"CVE-2014-2409\", \"CVE-2014-2414\",\n \"CVE-2014-2420\", \"CVE-2014-2423\", \"CVE-2014-2428\");\n script_bugtraq_id(66907, 66891, 66877, 66883, 66902, 66918, 66915, 66894, 66919,\n 66887, 66870);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-18 16:32:50 +0530 (Fri, 18 Apr 2014)\");\n script_name(\"Oracle Java SE Multiple Vulnerabilities-03 Apr 2014 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Oracle Java\n SE and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities exists, For more\n details about the vulnerabilities refer the reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to manipulate certain data, cause a DoS (Denial of Service) and compromise a\n vulnerable system.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE version 6u71, 7u51, and\n 8 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Java version 8u5 or 7u55 or\n later.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57932\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57997\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Linux/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!jreVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(jreVer =~ \"^(1\\.(6|7|8))\")\n{\n if(version_is_equal(version:jreVer, test_version:\"1.6.0.71\")||\n version_is_equal(version:jreVer, test_version:\"1.7.0.51\")||\n version_is_equal(version:jreVer, test_version:\"1.8.0\"))\n {\n report = report_fixed_ver(installed_version:jreVer, fixed_version: \"8u5 or 7u55\");\n security_message(data:report);\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:21", "description": "Gentoo Linux Local Security Checks GLSA 201502-12", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201502-12", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6506", "CVE-2014-4208", "CVE-2014-4262", "CVE-2014-6558", "CVE-2014-2397", "CVE-2014-2490", "CVE-2014-6515", "CVE-2014-4263", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2014-6493", "CVE-2014-4218", "CVE-2014-4221", "CVE-2014-2420", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-6519", "CVE-2014-4268", "CVE-2014-6466", "CVE-2014-2413", "CVE-2014-6517", "CVE-2014-4265", "CVE-2014-6504", "CVE-2014-6502", "CVE-2014-0454", "CVE-2014-6492", "CVE-2014-6457", "CVE-2014-0453", "CVE-2014-0432", "CVE-2014-6476", "CVE-2014-6503", "CVE-2014-4266", "CVE-2014-0461", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-4244", "CVE-2014-0429", "CVE-2014-6562", "CVE-2014-6511", "CVE-2014-0463", "CVE-2014-6485", "CVE-2014-6531", "CVE-2014-4209", "CVE-2014-6456", "CVE-2014-0464", "CVE-2014-6468", "CVE-2014-2403", "CVE-2014-0449", "CVE-2014-2412", "CVE-2014-2428", "CVE-2014-6458", "CVE-2014-6532", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-0448", "CVE-2014-4288", "CVE-2014-4216", "CVE-2014-2401", "CVE-2014-4264", "CVE-2014-2422", "CVE-2014-4220", "CVE-2014-2423", "CVE-2014-2410", "CVE-2014-2483", "CVE-2014-6513", "CVE-2014-4227", "CVE-2014-2409", "CVE-2014-4247", "CVE-2014-4252", "CVE-2014-4219", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-6527", "CVE-2014-2414", "CVE-2014-4223", "CVE-2014-6512", "CVE-2014-2402"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121351", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121351", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201502-12.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121351\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:32 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201502-12\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Oracles Java SE Development Kit and Runtime Environment. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201502-12\");\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0432\", \"CVE-2014-0446\", \"CVE-2014-0448\", \"CVE-2014-0449\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-0463\", \"CVE-2014-0464\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2409\", \"CVE-2014-2410\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2420\", \"CVE-2014-2421\", \"CVE-2014-2422\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2014-2428\", \"CVE-2014-2483\", \"CVE-2014-2490\", \"CVE-2014-4208\", \"CVE-2014-4209\", \"CVE-2014-4216\", \"CVE-2014-4218\", \"CVE-2014-4219\", \"CVE-2014-4220\", \"CVE-2014-4221\", \"CVE-2014-4223\", \"CVE-2014-4227\", \"CVE-2014-4244\", \"CVE-2014-4247\", \"CVE-2014-4252\", \"CVE-2014-4262\", \"CVE-2014-4263\", \"CVE-2014-4264\", \"CVE-2014-4265\", \"CVE-2014-4266\", \"CVE-2014-4268\", \"CVE-2014-4288\", \"CVE-2014-6456\", \"CVE-2014-6457\", \"CVE-2014-6458\", \"CVE-2014-6466\", \"CVE-2014-6468\", \"CVE-2014-6476\", \"CVE-2014-6485\", \"CVE-2014-6492\", \"CVE-2014-6493\", \"CVE-2014-6502\", \"CVE-2014-6503\", \"CVE-2014-6504\", \"CVE-2014-6506\", \"CVE-2014-6511\", \"CVE-2014-6512\", \"CVE-2014-6513\", \"CVE-2014-6515\", \"CVE-2014-6517\", \"CVE-2014-6519\", \"CVE-2014-6527\", \"CVE-2014-6531\", \"CVE-2014-6532\", \"CVE-2014-6558\", \"CVE-2014-6562\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201502-12\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-java/oracle-jre-bin\", unaffected: make_list(\"ge 1.7.0.71\"), vulnerable: make_list(\"lt 1.7.0.71\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-java/oracle-jdk-bin\", unaffected: make_list(\"ge 1.7.0.71\"), vulnerable: make_list(\"lt 1.7.0.71\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-emulation/emul-linux-x86-java\", unaffected: make_list(\"ge 1.7.0.71\"), vulnerable: make_list(\"lt 1.7.0.71\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:44", "description": "This host is installed with Oracle Java\n SE and is prone to privilege escalation vulnerability.", "cvss3": {}, "published": "2014-02-13T00:00:00", "type": "openvas", "title": "Oracle Java SE Privilege Escalation Vulnerability Feb 2014 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1876"], "modified": "2018-11-15T00:00:00", "id": "OPENVAS:1361412562310804313", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804313", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_java_privilege_escalation_vuln_feb14.nasl 12359 2018-11-15 08:13:22Z cfischer $\n#\n# Oracle Java SE Privilege Escalation Vulnerability Feb 2014 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:jre\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804313\");\n script_version(\"$Revision: 12359 $\");\n script_cve_id(\"CVE-2014-1876\");\n script_bugtraq_id(65568);\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-15 09:13:22 +0100 (Thu, 15 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-13 12:54:10 +0530 (Thu, 13 Feb 2014)\");\n script_name(\"Oracle Java SE Privilege Escalation Vulnerability Feb 2014 (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Win/Ver\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2014/q1/242\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/index.html\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Oracle Java\n SE and is prone to privilege escalation vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to some error in the\n 'unpacker::redirect_stdio' function within 'unpack.cpp'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a local\n attacker to use a symlink attack against the '/tmp/unpack.log' file to overwrite\n arbitrary files.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE 7 update 51 and prior on\n Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 8 update 5 or 7 update 55,\n or later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\njreVer = infos['version'];\njrePath = infos['location'];\n\nif(jreVer =~ \"^(1\\.7)\" && version_in_range(version:jreVer, test_version:\"1.7\", test_version2:\"1.7.0.51\")){\n report = report_fixed_ver(installed_version:jreVer, fixed_version: \"8 update 5 or 7 update 55\", install_path:jrePath);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:48", "description": "This host is installed with Oracle Java\n SE and is prone to privilege escalation vulnerability.", "cvss3": {}, "published": "2014-02-13T00:00:00", "type": "openvas", "title": "Oracle Java SE Privilege Escalation Vulnerability Feb 2014 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1876"], "modified": "2018-11-15T00:00:00", "id": "OPENVAS:1361412562310108424", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108424", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_java_privilege_escalation_vuln_feb14_lin.nasl 12359 2018-11-15 08:13:22Z cfischer $\n#\n# Oracle Java SE Privilege Escalation Vulnerability Feb 2014 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:jre\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108424\");\n script_version(\"$Revision: 12359 $\");\n script_cve_id(\"CVE-2014-1876\");\n script_bugtraq_id(65568);\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-15 09:13:22 +0100 (Thu, 15 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-13 12:54:10 +0530 (Thu, 13 Feb 2014)\");\n script_name(\"Oracle Java SE Privilege Escalation Vulnerability Feb 2014 (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Linux/Ver\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2014/q1/242\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/index.html\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Oracle Java\n SE and is prone to privilege escalation vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to some error in the\n 'unpacker::redirect_stdio' function within 'unpack.cpp'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a local\n attacker to use a symlink attack against the '/tmp/unpack.log' file to overwrite\n arbitrary files.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE 7 update 51 and prior on\n Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 8 update 5 or 7 update 55,\n or later.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\njreVer = infos['version'];\njrePath = infos['location'];\n\nif(jreVer =~ \"^1\\.7\" && version_in_range(version:jreVer, test_version:\"1.7\", test_version2:\"1.7.0.51\")){\n report = report_fixed_ver(installed_version:jreVer, fixed_version: \"8 update 5 or 7 update 55\", install_path:jrePath);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T12:51:55", "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure, data integrity and availability. An attacker could \nexploit these to cause a denial of service or expose sensitive data over \nthe network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, \nCVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-0462, \nCVE-2014-2397, CVE-2014-2405, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, \nCVE-2014-2423, CVE-2014-2427)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure and data integrity. An attacker could exploit these \nto expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. \nAn attacker could exploit this to cause a denial of service. \n(CVE-2014-0459)\n\nJakub Wilk discovered that the OpenJDK JRE incorrectly handled temporary \nfiles. A local attacker could possibly use this issue to overwrite \narbitrary files. In the default installation of Ubuntu, this should be \nprevented by the Yama link restrictions. (CVE-2014-1876)\n\nA vulnerability was discovered in the OpenJDK JRE related to data \nintegrity. (CVE-2014-2398)\n\nA vulnerability was discovered in the OpenJDK JRE related to information \ndisclosure. An attacker could exploit this to expose sensitive data over \nthe network. (CVE-2014-2403)\n", "cvss3": {}, "published": "2014-05-01T00:00:00", "type": "ubuntu", "title": "OpenJDK 6 vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2403", "CVE-2014-2412", "CVE-2014-0429", "CVE-2014-0461", "CVE-2014-0458", "CVE-2014-2421", "CVE-2014-2414", "CVE-2014-0446", "CVE-2014-0462", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0456", "CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0459", "CVE-2014-2405", "CVE-2014-0453", "CVE-2014-2427", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-1876", "CVE-2014-0460"], "modified": "2014-05-01T00:00:00", "id": "USN-2191-1", "href": "https://ubuntu.com/security/notices/USN-2191-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:51:57", "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure, data integrity and availability. An attacker could \nexploit these to cause a denial of service or expose sensitive data over \nthe network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, \nCVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, \nCVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414, \nCVE-2014-2421, CVE-2014-2423, CVE-2014-2427)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure and data integrity. An attacker could exploit these \nto expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. \nAn attacker could exploit this to cause a denial of service. \n(CVE-2014-0459)\n\nJakub Wilk discovered that the OpenJDK JRE incorrectly handled temporary \nfiles. A local attacker could possibly use this issue to overwrite \narbitrary files. In the default installation of Ubuntu, this should be \nprevented by the Yama link restrictions. (CVE-2014-1876)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to data \nintegrity. (CVE-2014-2398, CVE-2014-2413)\n\nA vulnerability was discovered in the OpenJDK JRE related to information \ndisclosure. An attacker could exploit this to expose sensitive data over \nthe network. (CVE-2014-2403)\n", "cvss3": {}, "published": "2014-04-30T00:00:00", "type": "ubuntu", "title": "OpenJDK 7 vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2403", "CVE-2014-2412", "CVE-2014-0429", "CVE-2014-0461", "CVE-2014-0458", "CVE-2014-2421", "CVE-2014-2414", "CVE-2014-0446", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0456", "CVE-2014-2397", "CVE-2014-0455", "CVE-2014-0457", "CVE-2014-0459", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-2427", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-1876", "CVE-2014-2402", "CVE-2014-0460", "CVE-2014-2413"], "modified": "2014-04-30T00:00:00", "id": "USN-2187-1", "href": "https://ubuntu.com/security/notices/USN-2187-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-10-21T23:11:43", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2912-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 24, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-6\nCVE ID : CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 \n CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458\n CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-0462\n CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403\n CVE-2014-2405 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421\n CVE-2014-2423 CVE-2014-2427\n\nSeveral vulnerabilities have been discovered in OpenJDK, an \nimplementation of the Oracle Java platform, resulting in the execution \nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.\n\nFor the oldstable distribution (squeeze), these problems have been fixed\nin version 6b31-1.13.3-1~deb6u1.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6b31-1.13.3-1~deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 6b31-1.13.3-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6b31-1.13.3-1.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-04-24T21:38:02", "type": "debian", "title": "[SECURITY] [DSA 2912-1] openjdk-6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-0462", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2403", "CVE-2014-2405", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2014-04-24T21:38:02", "id": "DEBIAN:DSA-2912-1:45039", "href": "https://lists.debian.org/debian-security-announce/2014/msg00091.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T23:09:31", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2923-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 05, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-7\nCVE ID : CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 \n CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454\n CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458\n CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 \n CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 \n CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421\n CVE-2014-2423 CVE-2014-2427\n\nSeveral vulnerabilities have been discovered in OpenJDK, an \nimplementation of the Oracle Java platform, resulting in the execution \nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7u55-2.4.7-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7u55-2.4.7-1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-05-05T14:37:27", "type": "debian", "title": "[SECURITY] [DSA 2923-1] openjdk-7 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6629", "CVE-2013-6954", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2014-05-05T14:37:27", "id": "DEBIAN:DSA-2923-1:294D2", "href": "https://lists.debian.org/debian-security-announce/2014/msg00104.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-05-24T16:07:26", "description": "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.", "cvss3": {"score": null, "vector": null}, "published": "2014-04-25T00:00:00", "type": "nessus", "title": "Debian DSA-2912-1 : openjdk-6 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-0462", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2403", "CVE-2014-2405", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjdk-6", "cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2912.NASL", "href": "https://www.tenable.com/plugins/nessus/73691", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2912. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73691);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-0462\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2405\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_bugtraq_id(65568, 66856, 66866, 66873, 66877, 66879, 66881, 66883, 66887, 66891, 66893, 66894, 66902, 66903, 66909, 66910, 66914, 66916, 66918, 66920);\n script_xref(name:\"DSA\", value:\"2912\");\n\n script_name(english:\"Debian DSA-2912-1 : openjdk-6 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/openjdk-6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openjdk-6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2912\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjdk-6 packages.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 6b31-1.13.3-1~deb6u1.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 6b31-1.13.3-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"icedtea-6-jre-cacao\", reference:\"6b31-1.13.3-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-dbg\", reference:\"6b31-1.13.3-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-demo\", reference:\"6b31-1.13.3-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-doc\", reference:\"6b31-1.13.3-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jdk\", reference:\"6b31-1.13.3-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre\", reference:\"6b31-1.13.3-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre-headless\", reference:\"6b31-1.13.3-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre-lib\", reference:\"6b31-1.13.3-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre-zero\", reference:\"6b31-1.13.3-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-source\", reference:\"6b31-1.13.3-1~deb6u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedtea-6-jre-cacao\", reference:\"6b31-1.13.3-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedtea-6-jre-jamvm\", reference:\"6b31-1.13.3-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-dbg\", reference:\"6b31-1.13.3-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-demo\", reference:\"6b31-1.13.3-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-doc\", reference:\"6b31-1.13.3-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-jdk\", reference:\"6b31-1.13.3-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-jre\", reference:\"6b31-1.13.3-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-jre-headless\", reference:\"6b31-1.13.3-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-jre-lib\", reference:\"6b31-1.13.3-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-jre-zero\", reference:\"6b31-1.13.3-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-source\", reference:\"6b31-1.13.3-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:09:46", "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-0462, CVE-2014-2397, CVE-2014-2405, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2014-0459)\n\nJakub Wilk discovered that the OpenJDK JRE incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. (CVE-2014-1876)\n\nA vulnerability was discovered in the OpenJDK JRE related to data integrity. (CVE-2014-2398)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-2403).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-05-02T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2191-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-0462", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2403", "CVE-2014-2405", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao", "p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2191-1.NASL", "href": "https://www.tenable.com/plugins/nessus/73822", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2191-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73822);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-0462\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2405\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_bugtraq_id(65568, 66856, 66866, 66873, 66877, 66879, 66881, 66883, 66887, 66891, 66893, 66894, 66902, 66903, 66909, 66910, 66914, 66916, 66918, 66920, 67508, 67512);\n script_xref(name:\"USN\", value:\"2191-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2191-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive\ndata over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451,\nCVE-2014-0452, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458,\nCVE-2014-0461, CVE-2014-0462, CVE-2014-2397, CVE-2014-2405,\nCVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423,\nCVE-2014-2427)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit\nthese to expose sensitive data over the network. (CVE-2014-0453,\nCVE-2014-0460)\n\nA vulnerability was discovered in the OpenJDK JRE related to\navailability. An attacker could exploit this to cause a denial of\nservice. (CVE-2014-0459)\n\nJakub Wilk discovered that the OpenJDK JRE incorrectly handled\ntemporary files. A local attacker could possibly use this issue to\noverwrite arbitrary files. In the default installation of Ubuntu, this\nshould be prevented by the Yama link restrictions. (CVE-2014-1876)\n\nA vulnerability was discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2014-2398)\n\nA vulnerability was discovered in the OpenJDK JRE related to\ninformation disclosure. An attacker could exploit this to expose\nsensitive data over the network. (CVE-2014-2403).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2191-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b31-1.13.3-1ubuntu1~0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b31-1.13.3-1ubuntu1~0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b31-1.13.3-1ubuntu1~0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b31-1.13.3-1ubuntu1~0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b31-1.13.3-1ubuntu1~0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b31-1.13.3-1ubuntu1~0.12.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-6-jre-cacao / icedtea-6-jre-jamvm / openjdk-6-jre / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:17:01", "description": "From Red Hat Security Advisory 2014:0685 :\n\nUpdated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-07-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : java-1.6.0-openjdk (ELSA-2014-0685)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-0685.NASL", "href": "https://www.tenable.com/plugins/nessus/76732", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0685 and \n# Oracle Linux Security Advisory ELSA-2014-0685 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76732);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_bugtraq_id(63095, 65568, 66856, 66866, 66873, 66877, 66879, 66881, 66883, 66887, 66891, 66893, 66894, 66902, 66903, 66909, 66914, 66916, 66918, 66920);\n script_xref(name:\"RHSA\", value:\"2014:0685\");\n\n script_name(english:\"Oracle Linux 7 : java-1.6.0-openjdk (ELSA-2014-0685)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0685 :\n\nUpdated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain\nJava sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414,\nCVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-July/004275.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-6.1.13.3.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-6.1.13.3.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-6.1.13.3.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-6.1.13.3.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-6.1.13.3.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:07:25", "description": "An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX- WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nThis update also fixes the following bug :\n\n - The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur.\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-04-17T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (20140416)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-src", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140416_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/73588", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73588);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-5797\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (20140416)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX- WS, JAXB, Libraries, and Sound components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414,\nCVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nThis update also fixes the following bug :\n\n - The OpenJDK update to IcedTea version 1.13 introduced a\n regression related to the handling of the\n jdk_version_info variable. This variable was not\n properly zeroed out before being passed to the Java\n Virtual Machine, resulting in a memory leak in the\n java.lang.ref.Finalizer class. This update fixes this\n issue, and memory leaks no longer occur.\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1404&L=scientific-linux-errata&T=0&P=1717\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?15845b97\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:07:26", "description": "From Red Hat Security Advisory 2014:0408 :\n\nUpdated java-1.6.0-openjdk packages that fix various security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nThis update also fixes the following bug :\n\n* The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-04-17T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2014-0408)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2014-0408.NASL", "href": "https://www.tenable.com/plugins/nessus/73584", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0408 and \n# Oracle Linux Security Advisory ELSA-2014-0408 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73584);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_xref(name:\"RHSA\", value:\"2014:0408\");\n\n script_name(english:\"Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2014-0408)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0408 :\n\nUpdated java-1.6.0-openjdk packages that fix various security issues\nand one bug are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain\nJava sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414,\nCVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nThis update also fixes the following bug :\n\n* The OpenJDK update to IcedTea version 1.13 introduced a regression\nrelated to the handling of the jdk_version_info variable. This\nvariable was not properly zeroed out before being passed to the Java\nVirtual Machine, resulting in a memory leak in the\njava.lang.ref.Finalizer class. This update fixes this issue, and\nmemory leaks no longer occur. (BZ#1085373)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-April/004072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-April/004073.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-5.1.13.3.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.0.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:08:22", "description": "An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456 , CVE-2014-2397 , CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457 , CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412 , CVE-2014-0451 , CVE-2014-0458 , CVE-2014-2423 , CVE-2014-0452 , CVE-2014-2414 , CVE-2014-0446 , CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)", "cvss3": {"score": null, "vector": null}, "published": "2014-04-23T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-326)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.6.0-openjdk", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-326.NASL", "href": "https://www.tenable.com/plugins/nessus/73654", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-326.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73654);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2013-5797\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_xref(name:\"ALAS\", value:\"2014-326\");\n script_xref(name:\"RHSA\", value:\"2014:0408\");\n\n script_name(english:\"Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-326)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456 , CVE-2014-2397 ,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457 , CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain\nJava sandbox restrictions. (CVE-2014-2412 , CVE-2014-0451 ,\nCVE-2014-0458 , CVE-2014-2423 , CVE-2014-0452 , CVE-2014-2414 ,\nCVE-2014-0446 , CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-326.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.6.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-1.6.0.0-67.1.13.3.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-67.1.13.3.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-67.1.13.3.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-67.1.13.3.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-67.1.13.3.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-67.1.13.3.64.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:16:35", "description": "Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-07-30T00:00:00", "type": "nessus", "title": "RHEL 7 : java-1.6.0-openjdk (RHSA-2014:0685)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2014-0685.NASL", "href": "https://www.tenable.com/plugins/nessus/76894", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0685. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76894);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_bugtraq_id(65568, 66856, 66866, 66873, 66877, 66879, 66881, 66883, 66887, 66891, 66893, 66894, 66902, 66903, 66909, 66914, 66916, 66918, 66920);\n script_xref(name:\"RHSA\", value:\"2014:0685\");\n\n script_name(english:\"RHEL 7 : java-1.6.0-openjdk (RHSA-2014:0685)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain\nJava sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414,\nCVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0461\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0685\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.6.0-openjdk-1.6.0.0-6.1.13.3.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-6.1.13.3.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-6.1.13.3.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-6.1.13.3.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-6.1.13.3.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-6.1.13.3.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-6.1.13.3.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-6.1.13.3.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-6.1.13.3.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-6.1.13.3.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-6.1.13.3.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-6.1.13.3.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:08:22", "description": "Updated java-1.6.0-openjdk packages that fix various security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nThis update also fixes the following bug :\n\n* The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-04-17T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2014:0408)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2014-0408.NASL", "href": "https://www.tenable.com/plugins/nessus/73580", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0408 and \n# CentOS Errata and Security Advisory 2014:0408 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73580);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_xref(name:\"RHSA\", value:\"2014:0408\");\n\n script_name(english:\"CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2014:0408)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix various security issues\nand one bug are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain\nJava sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414,\nCVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nThis update also fixes the following bug :\n\n* The OpenJDK update to IcedTea version 1.13 introduced a regression\nrelated to the handling of the jdk_version_info variable. This\nvariable was not properly zeroed out before being passed to the Java\nVirtual Machine, resulting in a memory leak in the\njava.lang.ref.Finalizer class. This update fixes this issue, and\nmemory leaks no longer occur. (BZ#1085373)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-April/020257.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f15fac76\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-April/020258.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e59a100c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0429\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:08:38", "description": "Updated java-1.6.0-openjdk packages that fix various security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nThis update also fixes the following bug :\n\n* The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-04-17T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2014:0408)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2014-0408.NASL", "href": "https://www.tenable.com/plugins/nessus/73587", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0408. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73587);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_xref(name:\"RHSA\", value:\"2014:0408\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2014:0408)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix various security issues\nand one bug are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain\nJava sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414,\nCVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nThis update also fixes the following bug :\n\n* The OpenJDK update to IcedTea version 1.13 introduced a regression\nrelated to the handling of the jdk_version_info variable. This\nvariable was not properly zeroed out before being passed to the Java\nVirtual Machine, resulting in a memory leak in the\njava.lang.ref.Finalizer class. This update fixes this issue, and\nmemory leaks no longer occur. (BZ#1085373)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0461\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0408\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:07:45", "description": "An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX- WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-04-17T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20140416)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140416_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/73590", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73590);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-5797\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20140416)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX- WS, JAXB, Libraries, Security, Sound, and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2014-2412,\nCVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452,\nCVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413,\nCVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1404&L=scientific-linux-errata&T=0&P=1440\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c86a13b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.1.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.el6_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:08:03", "description": "From Red Hat Security Advisory 2014:0407 :\n\nUpdated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-04-18T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2014-0407)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.7.0-openjdk", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2014-0407.NASL", "href": "https://www.tenable.com/plugins/nessus/73605", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0407 and \n# Oracle Linux Security Advisory ELSA-2014-0407 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73605);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_xref(name:\"RHSA\", value:\"2014:0407\");\n\n script_name(english:\"Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2014-0407)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0407 :\n\nUpdated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2014-2412,\nCVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452,\nCVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413,\nCVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-April/004074.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.7.0-openjdk-1.7.0.55-2.4.7.1.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.1.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.0.1.el5_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:17:01", "description": "From Red Hat Security Advisory 2014:0675 :\n\nUpdated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-07-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2014-0675)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.7.0-openjdk", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-accessibility", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-headless", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-0675.NASL", "href": "https://www.tenable.com/plugins/nessus/76727", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0675 and \n# Oracle Linux Security Advisory ELSA-2014-0675 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76727);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_bugtraq_id(63095, 65568, 66856, 66866, 66873, 66877, 66879, 66881, 66883, 66887, 66891, 66893, 66894, 66898, 66899, 66902, 66903, 66905, 66909, 66910, 66914, 66916, 66917, 66918, 66920);\n script_xref(name:\"RHSA\", value:\"2014:0675\");\n\n script_name(english:\"Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2014-0675)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0675 :\n\nUpdated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nCritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2014-2412,\nCVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452,\nCVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413,\nCVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-July/004270.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.55-2.4.7.2.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.0.1.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:07:26", "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-04-17T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.7.0-openjdk (RHSA-2014:0406)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2014-0406.NASL", "href": "https://www.tenable.com/plugins/nessus/73585", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0406. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73585);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_xref(name:\"RHSA\", value:\"2014:0406\");\n\n script_name(english:\"RHEL 6 : java-1.7.0-openjdk (RHSA-2014:0406)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nCritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2014-2412,\nCVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452,\nCVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413,\nCVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0461\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0406\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.el6_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:07:45", "description": "An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX- WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-04-17T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20140416)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140416_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/73589", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73589);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-5797\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20140416)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX- WS, JAXB, Libraries, Security, Sound, and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2014-2412,\nCVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452,\nCVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413,\nCVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1404&L=scientific-linux-errata&T=0&P=1578\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?677aaeeb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.1.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.el5_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:07:45", "description": "From Red Hat Security Advisory 2014:0406 :\n\nUpdated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-04-17T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2014-0406)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.7.0-openjdk", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2014-0406.NASL", "href": "https://www.tenable.com/plugins/nessus/73583", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0406 and \n# Oracle Linux Security Advisory ELSA-2014-0406 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73583);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_xref(name:\"RHSA\", value:\"2014:0406\");\n\n script_name(english:\"Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2014-0406)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0406 :\n\nUpdated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nCritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2014-2412,\nCVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452,\nCVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413,\nCVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-April/004071.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-1.7.0.55-2.4.7.1.0.1.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.0.1.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.0.1.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.1.0.1.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.0.1.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:17:01", "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-07-30T00:00:00", "type": "nessus", "title": "RHEL 7 : java-1.7.0-openjdk (RHSA-2014:0675)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2014-0675.NASL", "href": "https://www.tenable.com/plugins/nessus/76889", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0675. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76889);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_bugtraq_id(65568, 66856, 66866, 66873, 66877, 66879, 66881, 66883, 66887, 66891, 66893, 66894, 66898, 66899, 66902, 66903, 66905, 66909, 66910, 66914, 66916, 66917, 66918, 66920);\n script_xref(name:\"RHSA\", value:\"2014:0675\");\n\n script_name(english:\"RHEL 7 : java-1.7.0-openjdk (RHSA-2014:0675)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nCritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2014-2412,\nCVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452,\nCVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413,\nCVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0461\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0675\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:08:04", "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-04-17T00:00:00", "type": "nessus", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2014:0407)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2014-0407.NASL", "href": "https://www.tenable.com/plugins/nessus/73586", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0407. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73586);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_xref(name:\"RHSA\", value:\"2014:0407\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2014:0407)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2014-2412,\nCVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452,\nCVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413,\nCVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0461\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0407\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:08:59", "description": "Updated java-1.7.0-openjdk packages fix security vulnerabilities :\n\nAn input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine (CVE-2014-0429).\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421).\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461).\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459).\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks (CVE-2014-0460).\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability (CVE-2014-2403).\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption (CVE-2014-0453).\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks (CVE-2014-2398).\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200 (CVE-2014-1876).\n\nNote that the CVE-2014-0459 issue is in the lcms2 library, which has been patched to correct this flaw.", "cvss3": {"score": null, "vector": null}, "published": "2014-05-19T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2014:100)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:java-1.7.0-openjdk", "p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-accessibility", "p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-headless", "p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-src", "p-cpe:/a:mandriva:linux:lcms2", "p-cpe:/a:mandriva:linux:lib64lcms2-devel", "p-cpe:/a:mandriva:linux:lib64lcms2_2", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-100.NASL", "href": "https://www.tenable.com/plugins/nessus/74078", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:100. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74078);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_bugtraq_id(65568, 66856, 66866, 66873, 66877, 66879, 66881, 66883, 66887, 66891, 66893, 66894, 66898, 66899, 66902, 66903, 66905, 66909, 66910, 66914, 66916, 66917, 66918, 66920);\n script_xref(name:\"MDVSA\", value:\"2014:100\");\n\n script_name(english:\"Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2014:100)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages fix security vulnerabilities :\n\nAn input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine (CVE-2014-0429).\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421).\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461).\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions (CVE-2014-2412,\nCVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452,\nCVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413,\nCVE-2014-0454, CVE-2014-2427, CVE-2014-0459).\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks (CVE-2014-0460).\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability (CVE-2014-2403).\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption (CVE-2014-0453).\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks\n(CVE-2014-2398).\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200 (CVE-2014-1876).\n\nNote that the CVE-2014-0459 issue is in the lcms2 library, which has\nbeen patched to correct this flaw.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0189.html\"\n );\n # http://blog.fuseyism.com/index.php/2014/04/16/security-icedtea-2-4-7-for-openjdk-7-released/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?caae303e\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef1fc2a6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0406\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lcms2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64lcms2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64lcms2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.60-2.4.7.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.60-2.4.7.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.60-2.4.7.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.60-2.4.7.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.60-2.4.7.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.60-2.4.7.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.60-2.4.7.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lcms2-2.5-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64lcms2-devel-2.5-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64lcms2_2-2.5-1.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:08:38", "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-04-17T00:00:00", "type": "nessus", "title": "CentOS 5 : java-1.7.0-openjdk (CESA-2014:0407)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.7.0-openjdk", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-src", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2014-0407.NASL", "href": "https://www.tenable.com/plugins/nessus/73579", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0407 and \n# CentOS Errata and Security Advisory 2014:0407 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73579);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_xref(name:\"RHSA\", value:\"2014:0407\");\n\n script_name(english:\"CentOS 5 : java-1.7.0-openjdk (CESA-2014:0407)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2014-2412,\nCVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452,\nCVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413,\nCVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-April/020259.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0cf45587\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0429\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.1.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.el5_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:08:38", "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-04-17T00:00:00", "type": "nessus", "title": "CentOS 6 : java-1.7.0-openjdk (CESA-2014:0406)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.7.0-openjdk", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-src", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2014-0406.NASL", "href": "https://www.tenable.com/plugins/nessus/73578", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0406 and \n# CentOS Errata and Security Advisory 2014:0406 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73578);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_xref(name:\"RHSA\", value:\"2014:0406\");\n\n script_name(english:\"CentOS 6 : java-1.7.0-openjdk (CESA-2014:0406)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nCritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2014-2412,\nCVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452,\nCVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413,\nCVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-April/020256.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a4aaac7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0429\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.1.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.el6_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:08:21", "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2014-0459)\n\nJakub Wilk discovered that the OpenJDK JRE incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. (CVE-2014-1876)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-2398, CVE-2014-2413)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-2403).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-05-01T00:00:00", "type": "nessus", "title": "Ubuntu 12.10 / 13.10 / 14.04 LTS : openjdk-7 vulnerabilities (USN-2187-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-cacao", "p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2187-1.NASL", "href": "https://www.tenable.com/plugins/nessus/73801", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2187-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73801);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_bugtraq_id(65568, 66856, 66866, 66873, 66877, 66879, 66881, 66883, 66887, 66891, 66893, 66894, 66898, 66899, 66902, 66903, 66905, 66909, 66910, 66914, 66916, 66917, 66918, 66920);\n script_xref(name:\"USN\", value:\"2187-1\");\n\n script_name(english:\"Ubuntu 12.10 / 13.10 / 14.04 LTS : openjdk-7 vulnerabilities (USN-2187-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive\ndata over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451,\nCVE-2014-0452, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456,\nCVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-2397,\nCVE-2014-2402, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421,\nCVE-2014-2423, CVE-2014-2427)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit\nthese to expose sensitive data over the network. (CVE-2014-0453,\nCVE-2014-0460)\n\nA vulnerability was discovered in the OpenJDK JRE related to\navailability. An attacker could exploit this to cause a denial of\nservice. (CVE-2014-0459)\n\nJakub Wilk discovered that the OpenJDK JRE incorrectly handled\ntemporary files. A local attacker could possibly use this issue to\noverwrite arbitrary files. In the default installation of Ubuntu, this\nshould be prevented by the Yama link restrictions. (CVE-2014-1876)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2014-2398, CVE-2014-2413)\n\nA vulnerability was discovered in the OpenJDK JRE related to\ninformation disclosure. An attacker could exploit this to expose\nsensitive data over the network. (CVE-2014-2403).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2187-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.10|13\\.10|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.10 / 13.10 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.10\", pkgname:\"icedtea-7-jre-cacao\", pkgver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"icedtea-7-jre-jamvm\", pkgver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre\", pkgver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre-headless\", pkgver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre-lib\", pkgver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre-zero\", pkgver:\"7u55-2.4.7-1ubuntu1~0.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"icedtea-7-jre-jamvm\", pkgver:\"7u55-2.4.7-1ubuntu1~0.13.10.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"openjdk-7-jre\", pkgver:\"7u55-2.4.7-1ubuntu1~0.13.10.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"openjdk-7-jre-headless\", pkgver:\"7u55-2.4.7-1ubuntu1~0.13.10.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"openjdk-7-jre-lib\", pkgver:\"7u55-2.4.7-1ubuntu1~0.13.10.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"openjdk-7-jre-zero\", pkgver:\"7u55-2.4.7-1ubuntu1~0.13.10.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"icedtea-7-jre-jamvm\", pkgver:\"7u55-2.4.7-1ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-jre\", pkgver:\"7u55-2.4.7-1ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-jre-headless\", pkgver:\"7u55-2.4.7-1ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-jre-lib\", pkgver:\"7u55-2.4.7-1ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-jre-zero\", pkgver:\"7u55-2.4.7-1ubuntu1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-7-jre-cacao / icedtea-7-jre-jamvm / openjdk-7-jre / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:08:03", "description": "An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456 , CVE-2014-2397 , CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457 , CVE-2014-0455 , CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412 , CVE-2014-0451 , CVE-2014-0458 , CVE-2014-2423 , CVE-2014-0452 , CVE-2014-2414 , CVE-2014-2402 , CVE-2014-0446 , CVE-2014-2413 , CVE-2014-0454 , CVE-2014-2427 , CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)", "cvss3": {"score": null, "vector": null}, "published": "2014-04-23T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-327)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5797", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.7.0-openjdk", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-327.NASL", "href": "https://www.tenable.com/plugins/nessus/73655", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-327.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73655);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2013-5797\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_xref(name:\"ALAS\", value:\"2014-327\");\n script_xref(name:\"RHSA\", value:\"2014:0406\");\n\n script_name(english:\"Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-327)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An input validation flaw was discovered in the medialib library in the\n2D component. A specially crafted image could trigger Java Virtual\nMachine memory corruption when processed. A remote attacker, or an\nuntrusted Java application or applet, could possibly use this flaw to\nexecute arbitrary code with the privileges of the user running the\nJava Virtual Machine. (CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto trigger Java Virtual Machine memory corruption and possibly bypass\nJava sandbox restrictions. (CVE-2014-0456 , CVE-2014-2397 ,\nCVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the\nLibraries component in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-0457 , CVE-2014-0455 , CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2014-2412 ,\nCVE-2014-0451 , CVE-2014-0458 , CVE-2014-2423 , CVE-2014-0452 ,\nCVE-2014-2414 , CVE-2014-2402 , CVE-2014-0446 , CVE-2014-2413 ,\nCVE-2014-0454 , CVE-2014-2427 , CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory\nInterface (JNDI) DNS client. These flaws could make it easier for a\nremote attacker to perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent\naccess to arbitrary files when a SecurityManager was present. This\nflaw could cause a Java application using JAXP to leak sensitive\ninformation, or affect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak\nsome timing information when performing PKCS#1 unpadding. This could\npossibly lead to the disclosure of some information that was meant to\nbe protected by encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly\nresolve input sanitization flaws in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and\nhosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting (XSS) attacks.\n(CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this\nflaw to perform a symbolic link attack and overwrite arbitrary files\nwith the privileges of the user running unpack200. (CVE-2014-1876)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-327.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.7.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-1.7.0.55-2.4.7.1.40.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.40.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.40.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.40.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.1.40.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.40.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:08:59", "description": "This java-1_7_0-openjdk update to version 2.4.7 fixes the following security and non-security issues :\n\n - Security fixes\n\n - S8023046: Enhance splashscreen support\n\n - S8025005: Enhance CORBA initializations\n\n - S8025010, CVE-2014-2412: Enhance AWT contexts\n\n - S8025030, CVE-2014-2414: Enhance stream handling\n\n - S8025152, CVE-2014-0458: Enhance activation set up\n\n - S8026067: Enhance signed jar verification\n\n - S8026163, CVE-2014-2427: Enhance media provisioning\n\n - S8026188, CVE-2014-2423: Enhance envelope factory\n\n - S8026200: Enhance RowSet Factory\n\n - S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling\n\n - S8026736, CVE-2014-2398: Enhance Javadoc pages\n\n - S8026797, CVE-2014-0451: Enhance data transfers\n\n - S8026801, CVE-2014-0452: Enhance endpoint addressing\n\n - S8027766, CVE-2014-0453: Enhance RSA processing\n\n - S8027775: Enhance ICU code.\n\n - S8027841, CVE-2014-0429: Enhance pixel manipulations\n\n - S8028385: Enhance RowSet Factory\n\n - S8029282, CVE-2014-2403: Enhance CharInfo set up\n\n - S8029286: Enhance subject delegation\n\n - S8029699: Update Poller demo\n\n - S8029730: Improve audio device additions\n\n - S8029735: Enhance service mgmt natives\n\n - S8029740, CVE-2014-0446: Enhance handling of loggers\n\n - S8029745, CVE-2014-0454: Enhance algorithm checking\n\n - S8029750: Enhance LCMS color processing (in-tree LCMS)\n\n - S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg)\n\n - S8029844, CVE-2014-0455: Enhance argument validation\n\n - S8029854, CVE-2014-2421: Enhance JPEG decodings\n\n - S8029858, CVE-2014-0456: Enhance array copies\n\n - S8030731, CVE-2014-0460: Improve name service robustness\n\n - S8031330: Refactor ObjectFactory\n\n - S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS)\n\n - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng)\n\n - S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader\n\n - S8031395: Enhance LDAP processing\n\n - S8032686, CVE-2014-2413: Issues with method invoke\n\n - S8033618, CVE-2014-1876: Correct logging output\n\n - S8034926, CVE-2014-2397: Attribute classes properly\n\n - S8036794, CVE-2014-0461: Manage JavaScript instances\n\n - Backports\n\n - S8004145: New improved hgforest.sh, ctrl-c now properly terminates mercurial processes.\n\n - S8007625: race with nested repos in /common/bin/hgforest.sh\n\n - S8011178: improve common/bin/hgforest.sh python detection (MacOS)\n\n - S8011342: hgforest.sh : 'python --version' not supported on older python\n\n - S8011350: hgforest.sh uses non-POSIX sh features that may fail with some shells\n\n - S8024200: handle hg wrapper with space after #!\n\n - S8025796: hgforest.sh could trigger unbuffered output from hg without complicated machinations\n\n - S8028388: 9 jaxws tests failed in nightly build with java.lang.ClassCastException\n\n - S8031477: [macosx] Loading AWT native library fails\n\n - S8032370: No 'Truncated file' warning from IIOReadWarningListener on JPEGImageReader\n\n - S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed\n\n - Bug fixes\n\n - PR1393: JPEG support in build is broken on non-system-libjpeg builds\n\n - PR1726: configure fails looking for ecj.jar before even trying to find javac\n\n - Red Hat local: Fix for repo with path statting with / .\n\n - Remove unused hgforest script", "cvss3": {"score": null, "vector": null}, "published": "2014-05-14T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : OpenJDK (SAT Patch Number 9209)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6629", "CVE-2013-6954", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk", "p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_7_0-OPENJDK-140508.NASL", "href": "https://www.tenable.com/plugins/nessus/74007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74007);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-6629\", \"CVE-2013-6954\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n\n script_name(english:\"SuSE 11.3 Security Update : OpenJDK (SAT Patch Number 9209)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This java-1_7_0-openjdk update to version 2.4.7 fixes the following\nsecurity and non-security issues :\n\n - Security fixes\n\n - S8023046: Enhance splashscreen support\n\n - S8025005: Enhance CORBA initializations\n\n - S8025010, CVE-2014-2412: Enhance AWT contexts\n\n - S8025030, CVE-2014-2414: Enhance stream handling\n\n - S8025152, CVE-2014-0458: Enhance activation set up\n\n - S8026067: Enhance signed jar verification\n\n - S8026163, CVE-2014-2427: Enhance media provisioning\n\n - S8026188, CVE-2014-2423: Enhance envelope factory\n\n - S8026200: Enhance RowSet Factory\n\n - S8026716, CVE-2014-2402: (aio) Enhance asynchronous\n channel handling\n\n - S8026736, CVE-2014-2398: Enhance Javadoc pages\n\n - S8026797, CVE-2014-0451: Enhance data transfers\n\n - S8026801, CVE-2014-0452: Enhance endpoint addressing\n\n - S8027766, CVE-2014-0453: Enhance RSA processing\n\n - S8027775: Enhance ICU code.\n\n - S8027841, CVE-2014-0429: Enhance pixel manipulations\n\n - S8028385: Enhance RowSet Factory\n\n - S8029282, CVE-2014-2403: Enhance CharInfo set up\n\n - S8029286: Enhance subject delegation\n\n - S8029699: Update Poller demo\n\n - S8029730: Improve audio device additions\n\n - S8029735: Enhance service mgmt natives\n\n - S8029740, CVE-2014-0446: Enhance handling of loggers\n\n - S8029745, CVE-2014-0454: Enhance algorithm checking\n\n - S8029750: Enhance LCMS color processing (in-tree LCMS)\n\n - S8029760, CVE-2013-6629: Enhance AWT image libraries\n (in-tree libjpeg)\n\n - S8029844, CVE-2014-0455: Enhance argument validation\n\n - S8029854, CVE-2014-2421: Enhance JPEG decodings\n\n - S8029858, CVE-2014-0456: Enhance array copies\n\n - S8030731, CVE-2014-0460: Improve name service robustness\n\n - S8031330: Refactor ObjectFactory\n\n - S8031335, CVE-2014-0459: Better color profiling (in-tree\n LCMS)\n\n - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree\n libpng)\n\n - S8031394, CVE-2014-0457: (sl) Fix exception handling in\n ServiceLoader\n\n - S8031395: Enhance LDAP processing\n\n - S8032686, CVE-2014-2413: Issues with method invoke\n\n - S8033618, CVE-2014-1876: Correct logging output\n\n - S8034926, CVE-2014-2397: Attribute classes properly\n\n - S8036794, CVE-2014-0461: Manage JavaScript instances\n\n - Backports\n\n - S8004145: New improved hgforest.sh, ctrl-c now properly\n terminates mercurial processes.\n\n - S8007625: race with nested repos in\n /common/bin/hgforest.sh\n\n - S8011178: improve common/bin/hgforest.sh python\n detection (MacOS)\n\n - S8011342: hgforest.sh : 'python --version' not supported\n on older python\n\n - S8011350: hgforest.sh uses non-POSIX sh features that\n may fail with some shells\n\n - S8024200: handle hg wrapper with space after #!\n\n - S8025796: hgforest.sh could trigger unbuffered output\n from hg without complicated machinations\n\n - S8028388: 9 jaxws tests failed in nightly build with\n java.lang.ClassCastException\n\n - S8031477: [macosx] Loading AWT native library fails\n\n - S8032370: No 'Truncated file' warning from\n IIOReadWarningListener on JPEGImageReader\n\n - S8035834: InetAddress.getLocalHost() can hang after\n JDK-8030731 was fixed\n\n - Bug fixes\n\n - PR1393: JPEG support in build is broken on\n non-system-libjpeg builds\n\n - PR1726: configure fails looking for ecj.jar before even\n trying to find javac\n\n - Red Hat local: Fix for repo with path statting with / .\n\n - Remove unused hgforest script\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=873873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6629.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6954.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0429.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0446.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0451.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0452.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0453.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0454.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0455.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0456.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0457.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0458.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0459.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0460.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0461.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1876.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2397.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2398.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2402.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2403.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2412.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2413.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2414.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2421.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2423.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2427.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9209.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"java-1_7_0-openjdk-1.7.0.6-0.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"java-1_7_0-openjdk-demo-1.7.0.6-0.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"java-1_7_0-openjdk-devel-1.7.0.6-0.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.6-0.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-demo-1.7.0.6-0.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-devel-1.7.0.6-0.27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:09:59", "description": "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.", "cvss3": {"score": null, "vector": null}, "published": "2014-05-06T00:00:00", "type": "nessus", "title": "Debian DSA-2923-1 : openjdk-7 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6629", "CVE-2013-6954", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjdk-7", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2923.NASL", "href": "https://www.tenable.com/plugins/nessus/73868", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2923. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73868);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6629\", \"CVE-2013-6954\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0454\", \"CVE-2014-0455\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2402\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2413\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_bugtraq_id(63676, 64493, 65568, 66856, 66866, 66873, 66877, 66879, 66881, 66883, 66887, 66891, 66893, 66894, 66898, 66899, 66902, 66903, 66905, 66909, 66910, 66914, 66916, 66917, 66918, 66920);\n script_xref(name:\"DSA\", value:\"2923\");\n\n script_name(english:\"Debian DSA-2923-1 : openjdk-7 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openjdk-7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2923\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjdk-7 packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 7u55-2.4.7-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"icedtea-7-jre-cacao\", reference:\"7u55-2.4.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedtea-7-jre-jamvm\", reference:\"7u55-2.4.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-dbg\", reference:\"7u55-2.4.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-demo\", reference:\"7u55-2.4.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-doc\", reference:\"7u55-2.4.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jdk\", reference:\"7u55-2.4.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre\", reference:\"7u55-2.4.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre-headless\", reference:\"7u55-2.4.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre-lib\", reference:\"7u55-2.4.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre-zero\", reference:\"7u55-2.4.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-source\", reference:\"7u55-2.4.7-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:17:48", "description": "JavaSE 5.0: update 85 patch (equivalent to JDK 5.0u85).\nDate this patch was last updated by Sun : Apr/13/15", "cvss3": {"score": null, "vector": null}, "published": "2005-08-18T00:00:00", "type": "nessus", "title": "Solaris 9 (sparc) : 118666-86", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_118666.NASL", "href": "https://www.tenable.com/plugins/nessus/19459", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19459);\n script_version(\"1.43\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n\n script_name(english:\"Solaris 9 (sparc) : 118666-86\");\n script_summary(english:\"Check for patch 118666-86\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 118666-86\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE 5.0: update 85 patch (equivalent to JDK 5.0u85).\nDate this patch was last updated by Sun : Apr/13/15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/118666-86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"118666-86\", obsoleted_by:\"\", package:\"SUNWj5jmp\", version:\"1.5.0,REV=2004.12.07.00.07\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"118666-86\", obsoleted_by:\"\", package:\"SUNWj5man\", version:\"1.5.0,REV=2004.12.07.00.07\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"118666-86\", obsoleted_by:\"\", package:\"SUNWj5cfg\", version:\"1.5.0,REV=2004.12.07.00.07\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"118666-86\", obsoleted_by:\"\", package:\"SUNWj5dmo\", version:\"1.5.0,REV=2004.12.07.00.07\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"118666-86\", obsoleted_by:\"\", package:\"SUNWj5rt\", version:\"1.5.0,REV=2004.12.07.00.07\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"118666-86\", obsoleted_by:\"\", package:\"SUNWj5dev\", version:\"1.5.0,REV=2004.12.07.00.07\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:17:25", "description": "JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85).\nDate this patch was last updated by Sun : Apr/13/15", "cvss3": {"score": null, "vector": null}, "published": "2005-08-18T00:00:00", "type": "nessus", "title": "Solaris 9 (x86) : 118668-86", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_X86_118668.NASL", "href": "https://www.tenable.com/plugins/nessus/19461", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19461);\n script_version(\"1.45\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n\n script_name(english:\"Solaris 9 (x86) : 118668-86\");\n script_summary(english:\"Check for patch 118668-86\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 118668-86\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85).\nDate this patch was last updated by Sun : Apr/13/15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/118668-86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"118668-86\", obsoleted_by:\"\", package:\"SUNWj5jmp\", version:\"1.5.0,REV=2004.12.06.22.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"118668-86\", obsoleted_by:\"\", package:\"SUNWj5man\", version:\"1.5.0,REV=2004.12.06.22.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"118668-86\", obsoleted_by:\"\", package:\"SUNWj5cfg\", version:\"1.5.0,REV=2004.12.06.22.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"118668-86\", obsoleted_by:\"\", package:\"SUNWj5dmo\", version:\"1.5.0,REV=2004.12.06.22.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"118668-86\", obsoleted_by:\"\", package:\"SUNWj5rt\", version:\"1.5.0,REV=2004.12.06.22.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"118668-86\", obsoleted_by:\"\", package:\"SUNWj5dev\", version:\"1.5.0,REV=2004.12.06.22.53\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:58:41", "description": "JavaSE 6_x86: update 101 patch (equivalent.\nDate this patch was last updated by Sun : Jul/13/15", "cvss3": {"score": null, "vector": null}, "published": "2007-10-12T00:00:00", "type": "nessus", "title": "Solaris 9 (x86) : 125138-97", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_X86_125138.NASL", "href": "https://www.tenable.com/plugins/nessus/27033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27033);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n\n script_name(english:\"Solaris 9 (x86) : 125138-97\");\n script_summary(english:\"Check for patch 125138-97\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 125138-97\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE 6_x86: update 101 patch (equivalent.\nDate this patch was last updated by Sun : Jul/13/15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/125138-97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"125138-97\", obsoleted_by:\"152078-05 \", package:\"SUNWj6rt\", version:\"1.6.0,REV=2006.11.29.05.03\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"125138-97\", obsoleted_by:\"152078-05 \", package:\"SUNWj6jmp\", version:\"1.6.0,REV=2006.12.07.19.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"125138-97\", obsoleted_by:\"152078-05 \", package:\"SUNWj6man\", version:\"1.6.0,REV=2006.12.07.16.42\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"125138-97\", obsoleted_by:\"152078-05 \", package:\"SUNWj6cfg\", version:\"1.6.0,REV=2006.11.29.05.03\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"125138-97\", obsoleted_by:\"152078-05 \", package:\"SUNWj6dmo\", version:\"1.6.0,REV=2006.11.29.05.03\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"125138-97\", obsoleted_by:\"152078-05 \", package:\"SUNWj6dev\", version:\"1.6.0,REV=2006.11.29.05.03\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:17:35", "description": "JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85).\nDate this patch was last updated by Sun : Apr/13/15\n\nThis plugin has been deprecated and either replaced with individual 118668 patch-revision plugins, or deemed non-security related.", "cvss3": {"score": null, "vector": null}, "published": "2005-08-18T00:00:00", "type": "nessus", "title": "Solaris 10 (x86) : 118668-86 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_X86_118668.NASL", "href": "https://www.tenable.com/plugins/nessus/19450", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19450);\n script_version(\"1.48\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n\n script_name(english:\"Solaris 10 (x86) : 118668-86 (deprecated)\");\n script_summary(english:\"Check for patch 118668-86\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85).\nDate this patch was last updated by Sun : Apr/13/15\n\nThis plugin has been deprecated and either replaced with individual\n118668 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/118668-86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 118668 instead.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:17:48", "description": "JavaSE 5.0: update 85 patch (equivalent to JDK 5.0u85).\nDate this patch was last updated by Sun : Apr/13/15", "cvss3": {"score": null, "vector": null}, "published": "2005-08-18T00:00:00", "type": "nessus", "title": "Solaris 8 (sparc) : 118666-86", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_118666.NASL", "href": "https://www.tenable.com/plugins/nessus/19455", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19455);\n script_version(\"1.45\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n\n script_name(english:\"Solaris 8 (sparc) : 118666-86\");\n script_summary(english:\"Check for patch 118666-86\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 118666-86\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE 5.0: update 85 patch (equivalent to JDK 5.0u85).\nDate this patch was last updated by Sun : Apr/13/15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/118666-86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"118666-86\", obsoleted_by:\"\", package:\"SUNWj5jmp\", version:\"1.5.0,REV=2004.12.07.00.07\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"118666-86\", obsoleted_by:\"\", package:\"SUNWj5man\", version:\"1.5.0,REV=2004.12.07.00.07\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"118666-86\", obsoleted_by:\"\", package:\"SUNWj5cfg\", version:\"1.5.0,REV=2004.12.07.00.07\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"118666-86\", obsoleted_by:\"\", package:\"SUNWj5dmo\", version:\"1.5.0,REV=2004.12.07.00.07\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"118666-86\", obsoleted_by:\"\", package:\"SUNWj5rt\", version:\"1.5.0,REV=2004.12.07.00.07\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"118666-86\", obsoleted_by:\"\", package:\"SUNWj5dev\", version:\"1.5.0,REV=2004.12.07.00.07\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:17:32", "description": "JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85).\nDate this patch was last updated by Sun : Apr/13/15", "cvss3": {"score": null, "vector": null}, "published": "2005-08-18T00:00:00", "type": "nessus", "title": "Solaris 8 (x86) : 118668-86", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_X86_118668.NASL", "href": "https://www.tenable.com/plugins/nessus/19457", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19457);\n script_version(\"1.45\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n\n script_name(english:\"Solaris 8 (x86) : 118668-86\");\n script_summary(english:\"Check for patch 118668-86\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 118668-86\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85).\nDate this patch was last updated by Sun : Apr/13/15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/118668-86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"118668-86\", obsoleted_by:\"\", package:\"SUNWj5jmp\", version:\"1.5.0,REV=2004.12.06.22.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"118668-86\", obsoleted_by:\"\", package:\"SUNWj5man\", version:\"1.5.0,REV=2004.12.06.22.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"118668-86\", obsoleted_by:\"\", package:\"SUNWj5cfg\", version:\"1.5.0,REV=2004.12.06.22.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"118668-86\", obsoleted_by:\"\", package:\"SUNWj5dmo\", version:\"1.5.0,REV=2004.12.06.22.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"118668-86\", obsoleted_by:\"\", package:\"SUNWj5rt\", version:\"1.5.0,REV=2004.12.06.22.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"118668-86\", obsoleted_by:\"\", package:\"SUNWj5dev\", version:\"1.5.0,REV=2004.12.06.22.53\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:17:48", "description": "JavaSE 5.0: update 85 patch (equivalent to JDK 5.0u85).\nDate this patch was last updated by Sun : Apr/13/15\n\nThis plugin has been deprecated and either replaced with individual 118666 patch-revision plugins, or deemed non-security related.", "cvss3": {"score": null, "vector": null}, "published": "2005-08-18T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 118666-86 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_118666.NASL", "href": "https://www.tenable.com/plugins/nessus/19443", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19443);\n script_version(\"1.46\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n\n script_name(english:\"Solaris 10 (sparc) : 118666-86 (deprecated)\");\n script_summary(english:\"Check for patch 118666-86\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"JavaSE 5.0: update 85 patch (equivalent to JDK 5.0u85).\nDate this patch was last updated by Sun : Apr/13/15\n\nThis plugin has been deprecated and either replaced with individual\n118666 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/118666-86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 118666 instead.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:56:09", "description": "JavaSE 6_x86: update 101 patch (equivalent.\nDate this patch was last updated by Sun : Jul/13/15\n\nThis plugin has been deprecated and either replaced with individual 125138 patch-revision plugins, or deemed non-security related.", "cvss3": {"score": null, "vector": null}, "published": "2007-10-12T00:00:00", "type": "nessus", "title": "Solaris 10 (x86) : 125138-97 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_X86_125138.NASL", "href": "https://www.tenable.com/plugins/nessus/26995", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26995);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n\n script_name(english:\"Solaris 10 (x86) : 125138-97 (deprecated)\");\n script_summary(english:\"Check for patch 125138-97\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"JavaSE 6_x86: update 101 patch (equivalent.\nDate this patch was last updated by Sun : Jul/13/15\n\nThis plugin has been deprecated and either replaced with individual\n125138 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/125138-97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 125138 instead.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:57:47", "description": "JavaSE 6_x86: update 101 patch (equivalent.\nDate this patch was last updated by Sun : Jul/13/15", "cvss3": {"score": null, "vector": null}, "published": "2007-10-12T00:00:00", "type": "nessus", "title": "Solaris 8 (x86) : 125138-97", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_X86_125138.NASL", "href": "https://www.tenable.com/plugins/nessus/27015", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27015);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n\n script_name(english:\"Solaris 8 (x86) : 125138-97\");\n script_summary(english:\"Check for patch 125138-97\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 125138-97\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE 6_x86: update 101 patch (equivalent.\nDate this patch was last updated by Sun : Jul/13/15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/125138-97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"125138-97\", obsoleted_by:\"152078-05 \", package:\"SUNWj6rt\", version:\"1.6.0,REV=2006.11.29.05.03\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"125138-97\", obsoleted_by:\"152078-05 \", package:\"SUNWj6jmp\", version:\"1.6.0,REV=2006.12.07.19.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"125138-97\", obsoleted_by:\"152078-05 \", package:\"SUNWj6man\", version:\"1.6.0,REV=2006.12.07.16.42\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"125138-97\", obsoleted_by:\"152078-05 \", package:\"SUNWj6cfg\", version:\"1.6.0,REV=2006.11.29.05.03\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"125138-97\", obsoleted_by:\"152078-05 \", package:\"SUNWj6dmo\", version:\"1.6.0,REV=2006.11.29.05.03\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"125138-97\", obsoleted_by:\"152078-05 \", package:\"SUNWj6dev\", version:\"1.6.0,REV=2006.11.29.05.03\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:50:21", "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427, CVE-2014-2412, CVE-2014-0460, CVE-2013-6629, CVE-2014-2401, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP6 release. All running instances of IBM Java must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-05-16T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:0509)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6629", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-0878", "CVE-2014-1876", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:6.6"], "id": "REDHAT-RHSA-2014-0509.NASL", "href": "https://www.tenable.com/plugins/nessus/74032", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0509. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74032);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-6629\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-0878\", \"CVE-2014-1876\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n script_bugtraq_id(63676, 65568, 66856, 66866, 66873, 66879, 66881, 66903, 66909, 66911, 66914, 66916, 66920);\n script_xref(name:\"RHSA\", value:\"2014:0509\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:0509)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2014-0457, CVE-2014-2421,\nCVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427,\nCVE-2014-2412, CVE-2014-0460, CVE-2013-6629, CVE-2014-2401,\nCVE-2014-0453, CVE-2014-2398, CVE-2014-1876)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16-FP6 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n # https://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-6629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0878\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0509\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.6-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.6-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.6-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.6-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.6-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.6-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el5_10\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.6-1jpp.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.6-1jpp.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.6-1jpp.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el6_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:47:09", "description": "IBM Java 5 was updated to SR 16 FP 6 to fix several bugs and security issues.\n\nFurther information is available at:\nhttps://www.ibm.com/developerworks/java/jdk/aix/j532/fixes.html#SR16FP 6\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLES10 Security Update : IBM Java 5 (SUSE-SU-2014:0732-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6629", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-0878", "CVE-2014-1876", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_5_0-ibm", "p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-fonts", "p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-plugin", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2014-0732-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83625", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:0732-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83625);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-6629\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-0878\", \"CVE-2014-1876\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n script_bugtraq_id(63676, 65568, 66856, 66866, 66873, 66879, 66881, 66903, 66909, 66911, 66914, 66916, 66920, 67601);\n\n script_name(english:\"SUSE SLES10 Security Update : IBM Java 5 (SUSE-SU-2014:0732-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 5 was updated to SR 16 FP 6 to fix several bugs and security\nissues.\n\nFurther information is available at:\nhttps://www.ibm.com/developerworks/java/jdk/aix/j532/fixes.html#SR16FP\n6\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=29c5cf97cb2a3ebfac90cfacae2c711e\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b89043c4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6629.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0429.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0446.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0451.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0453.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0457.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0460.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0878.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1876.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2398.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2401.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2412.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2421.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/878654\"\n );\n # https://www.ibm.com/developerworks/java/jdk/aix/j532/fixes.html#SR16FP6\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cde7c80\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20140732-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae7f49dd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected IBM Java 5 packages\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_5_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_5_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! ereg(pattern:\"^3$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr16.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr16.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr16.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr16.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr16.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr16.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr16.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"java-1_5_0-ibm-1.5.0_sr16.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"java-1_5_0-ibm-devel-1.5.0_sr16.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"java-1_5_0-ibm-fonts-1.5.0_sr16.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr16.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr16.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr16.6-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"IBM Java 5\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:18:08", "description": "JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85), 64bit.\nDate this patch was last updated by Sun : Apr/13/15\n\nThis plugin has been deprecated and either replaced with individual 118669 patch-revision plugins, or deemed non-security related.", "cvss3": {"score": null, "vector": null}, "published": "2005-09-06T00:00:00", "type": "nessus", "title": "Solaris 10 (x86) : 118669-86 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1099", "CVE-2009-1104", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_X86_118669.NASL", "href": "https://www.tenable.com/plugins/nessus/19580", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19580);\n script_version(\"1.49\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1099\", \"CVE-2009-1104\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n\n script_name(english:\"Solaris 10 (x86) : 118669-86 (deprecated)\");\n script_summary(english:\"Check for patch 118669-86\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85), 64bit.\nDate this patch was last updated by Sun : Apr/13/15\n\nThis plugin has been deprecated and either replaced with individual\n118669 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/118669-86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 118669 instead.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:18:23", "description": "JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85), 64bit.\nDate this patch was last updated by Sun : Apr/13/15", "cvss3": {"score": null, "vector": null}, "published": "2005-09-06T00:00:00", "type": "nessus", "title": "Solaris 8 (x86) : 118669-86", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1099", "CVE-2009-1104", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_X86_118669.NASL", "href": "https://www.tenable.com/plugins/nessus/19582", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19582);\n script_version(\"1.46\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1099\", \"CVE-2009-1104\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n\n script_name(english:\"Solaris 8 (x86) : 118669-86\");\n script_summary(english:\"Check for patch 118669-86\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 118669-86\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85), 64bit.\nDate this patch was last updated by Sun : Apr/13/15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/118669-86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"118669-86\", obsoleted_by:\"\", package:\"SUNWj5dmx\", version:\"1.5.0,REV=2005.03.04.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"118669-86\", obsoleted_by:\"\", package:\"SUNWj5dvx\", version:\"1.5.0,REV=2005.03.04.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"118669-86\", obsoleted_by:\"\", package:\"SUNWj5rtx\", version:\"1.5.0,REV=2005.03.04.02.15\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:18:24", "description": "JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85), 64bit.\nDate this patch was last updated by Sun : Apr/13/15", "cvss3": {"score": null, "vector": null}, "published": "2005-09-06T00:00:00", "type": "nessus", "title": "Solaris 9 (x86) : 118669-86", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1099", "CVE-2009-1104", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_X86_118669.NASL", "href": "https://www.tenable.com/plugins/nessus/19583", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19583);\n script_version(\"1.46\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1099\", \"CVE-2009-1104\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n\n script_name(english:\"Solaris 9 (x86) : 118669-86\");\n script_summary(english:\"Check for patch 118669-86\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 118669-86\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85), 64bit.\nDate this patch was last updated by Sun : Apr/13/15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/118669-86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"118669-86\", obsoleted_by:\"\", package:\"SUNWj5dmx\", version:\"1.5.0,REV=2005.03.04.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"118669-86\", obsoleted_by:\"\", package:\"SUNWj5dvx\", version:\"1.5.0,REV=2005.03.04.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"118669-86\", obsoleted_by:\"\", package:\"SUNWj5rtx\", version:\"1.5.0,REV=2005.03.04.02.15\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-24T16:11:05", "description": "BM Java 6 was updated to version 6 SR16 to fix several security issues and various other bugs.\n\nMore information can be found at:\nhttp://www.ibm.com/developerworks/java/jdk/alerts/", "cvss3": {"score": null, "vector": null}, "published": "2014-06-03T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : IBM Java 6 (SAT Patch Number 9256)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6629", "CVE-2013-6954", "CVE-2014-0428", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0449", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-0878", "CVE-2014-1876", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2409", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2420", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427", "CVE-2014-2428"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_6_0-IBM-140514.NASL", "href": "https://www.tenable.com/plugins/nessus/74284", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74284);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-6629\", \"CVE-2013-6954\", \"CVE-2014-0428\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0449\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-0878\", \"CVE-2014-1876\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2409\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2420\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\", \"CVE-2014-2428\");\n\n script_name(english:\"SuSE 11.3 Security Update : IBM Java 6 (SAT Patch Number 9256)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"BM Java 6 was updated to version 6 SR16 to fix several security issues\nand various other bugs.\n\nMore information can be found at:\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=877430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6629.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6954.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0428.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0429.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0446.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0449.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0451.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0452.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0453.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0457.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0458.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0459.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0460.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0461.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0878.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1876.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2398.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2401.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2412.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2414.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2420.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2421.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2423.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2428.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9256.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n scrip

Ubuntu Update for openjdk-6 USN-2191-1

Description

Related