Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 SecPodOPENVAS:902347
HistoryFeb 28, 2011 - 12:00 a.m.

Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)

2011-02-2800:00:00
Copyright (C) 2011 SecPod
plugins.openvas.org
8

0.968 High

EPSS

Percentile

99.6%

JSON

This host is installed with Sun Java SE and is prone to multiple
unspecified vulnerabilities.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_oracle_java_mult_unspecified_vuln_win.nasl 7699 2017-11-08 12:10:34Z santu $
#
# Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)
#
# Authors:
# Madhuri D <[email protected]>
#
# Copyright:
# Copyright (c) 2011 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful attacks will allow attackers to affect confidentiality, integrity,
  and availability via unknown vectors and execute arbitrary code in the context
  of the user running the affected application.
  Impact Level: Application";
tag_affected = "Oracle Java SE 6 Update 23 and prior.";
tag_insight = "Multiple flaws are due to
  - Error in 'Java Runtime Environment (JRE)', which allows remote attackers to
    affect confidentiality, integrity, and availability via unknown vectors
    related to Deployment.
  - Error in 'Java Runtime Environment (JRE)', when using Java Update.
  - Error in 'Java Runtime Environment (JRE)' which allows remote attackers to
    affect availability via unknown vectors related to JAXP and unspecified APIs.
  - Error in 'Java Runtime Environment (JRE)', allows remote attackers to affect
    availability, related to XML Digital Signature and unspecified APIs.
  - Error in 'Java DB component', which allows local users to affect
    confidentiality via unknown vectors related to Security.";
tag_solution = "Upgrade to Oracle Java SE 6 Update 24 or later
  For updates refer to http://java.com/en/download/index.jsp";
tag_summary = "This host is installed with Sun Java SE and is prone to multiple
  unspecified vulnerabilities.";

if(description)
{
  script_id(902347);
  script_version("$Revision: 7699 $");
  script_tag(name:"last_modification", value:"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $");
  script_tag(name:"creation_date", value:"2011-02-28 11:12:07 +0100 (Mon, 28 Feb 2011)");
  script_cve_id("CVE-2010-4422", "CVE-2010-4451", "CVE-2010-4452", "CVE-2010-4470",
                "CVE-2010-4472", "CVE-2010-4474");
  script_bugtraq_id(46402, 46405, 46388, 46387, 46404, 46407);
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_name("Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)");
  script_xref(name : "URL" , value : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 SecPod");
  script_family("General");
  script_dependencies("gb_java_prdts_detect_win.nasl");
  script_mandatory_keys("Sun/Java/JDK_or_JRE/Win/installed");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("smb_nt.inc");
include("version_func.inc");

# Get KB for JRE Version On Windows
jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
if(jreVer)
{

  # Check for 1.6 < 1.6.0_23 (6 Update 23)
  if(version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.23"))
  {
    security_message(0);
    exit(0);
  }
}

# Get KB for JDK Version On Windows
jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
if(jdkVer)
{
  # Check for 1.6 < 1.6.0_23 (6 Update 23)
  if(version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.23")){ 
     security_message(0);
  }
}

Related

openvas 41
nessus 33
suse 2
veracode 4
ubuntucve 6
cve 6
saint 4
canvas 1
seebug 1
d2 1
prion 6
securityvulns 3
threatpost 2
packetstorm 1
zdi 1
checkpoint_advisories 1
metasploit 1
redhat 4
centos 1
exploitdb 1
oraclelinux 1
ubuntu 3
osv 1
debian 1
fedora 6
vmware 2
gentoo 2
oracle 1
openvas
openvas
Oracle Java SE Multiple Unspecified Vulnerabilities - Windows
2011-02-28 00:00:00
SuSE Update for java-1_6_0-sun SUSE-SA:2011:010
2011-02-28 00:00:00
SUSE: Security Advisory for java-1_6_0-sun (SUSE-SA:2011:010)
2011-02-28 00:00:00
nessus
nessus
openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)
2011-05-05 00:00:00
SuSE 11.1 Security Update : Sun Java 1.6 (SAT Patch Number 3976)
2011-02-23 00:00:00
openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-4147)
2014-06-13 00:00:00
suse
suse
remote code execution in java-1_6_0-sun
2011-02-22 14:41:11
remote code execution in java-1_6_0-ibm,java-1_5_0-ibm,java-1_4_2-ibm
2011-03-22 13:32:34
veracode
veracode
Privilege Escalation
2020-04-10 00:57:54
Unspecified Vulnerability
2020-04-10 00:57:55
Denial Of Service (DoS)
2020-04-10 00:59:50
ubuntucve
ubuntucve
CVE-2010-4451
2011-02-17 00:00:00
CVE-2010-4422
2011-02-17 00:00:00
CVE-2010-4452
2011-02-17 00:00:00
cve
cve
CVE-2010-4451
2011-02-17 19:00:00
CVE-2010-4422
2011-02-17 19:00:00
CVE-2010-4452
2011-02-17 19:00:00
saint
saint
Oracle Java Applet2ClassLoader Vulnerability
2011-05-05 00:00:00
Oracle Java Applet2ClassLoader Vulnerability
2011-05-05 00:00:00
Oracle Java Applet2ClassLoader Vulnerability
2011-05-05 00:00:00
canvas
canvas
Immunity Canvas: CVE_2010_4452
2011-02-17 19:00:00
seebug
seebug
Sun Java Applet2ClassLoader - Remote Code Execution Exploit
2014-07-01 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_CLASSLOADER
2011-02-17 19:00:00
prion
prion
Design/Logic Flaw
2011-02-17 19:00:00
Design/Logic Flaw
2011-02-17 19:00:00
Security feature bypass
2011-02-17 19:00:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities / OpenJDK
2011-02-17 00:00:00
ZDI-11-084: Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability
2011-02-17 00:00:00
Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities
2011-05-04 00:00:00
threatpost
threatpost
Major DNS Cache Poisoning Attack Hits Brazilian ISPs
2011-11-07 12:44:36
The Tale of One Thousand and One DSL Modems
2012-10-02 14:51:59
packetstorm
packetstorm
Sun Java Applet2ClassLoader Remote Code Execution Exploit
2011-03-16 00:00:00
zdi
zdi
Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability
2011-02-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java Applet2ClassLoader Remote Code Execution (CVE-2010-4452)
2011-05-31 00:00:00
metasploit
metasploit
Sun Java Applet2ClassLoader Remote Code Execution
2011-03-16 04:50:25
redhat
redhat
(RHSA-2011:0282) Critical: java-1.6.0-sun security update
2011-02-17 00:00:00
(RHSA-2011:0281) Important: java-1.6.0-openjdk security update
2011-02-17 00:00:00
(RHSA-2011:0357) Critical: java-1.6.0-ibm security update
2011-03-16 00:00:00
centos
centos
java security update
2011-04-14 14:33:37
exploitdb
exploitdb
Sun Java Applet2ClassLoader - Remote Code Execution (Metasploit)
2011-03-16 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2011-02-17 00:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2011-03-17 00:00:00
OpenJDK 6 vulnerabilities
2011-03-15 00:00:00
OpenJDK 6 vulnerabilities
2011-03-01 00:00:00
osv
osv
openjdk-6 - several
2011-04-20 00:00:00
debian
debian
[SECURITY] [DSA 2224-1] openjdk-6 security update
2011-04-20 20:19:48
fedora
fedora
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14
2011-02-16 19:20:33
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13
2011-02-16 19:17:23
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-51.1.8.8.fc13
2011-06-15 05:33:46
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
oracle
oracle
cpuapr2011
2011-04-19 00:00:00

0.968 High

EPSS

Percentile

99.6%

JSON
Related for OPENVAS:902347
openvas41nessus33suse2veracode4ubuntucve6cve6saint4canvas1seebug1d21prion6securityvulns3threatpost2packetstorm1zdi1checkpoint_advisories1metasploit1redhat4centos1exploitdb1oraclelinux1ubuntu3osv1debian1fedora6vmware2gentoo2oracle1