DATABASE RESOURCES PRICING ABOUT US

{"id": "PHSA-2019-0250", "vendorId": null, "type": "photon", "bulletinFamily": "unix", "title": "Critical Photon OS Security Update - PHSA-2019-0250", "description": "Updates of ['sysdig', 'linux', 'linux-esx', 'go', 'openjdk'] packages of Photon OS have been released.\n", "published": "2019-09-03T00:00:00", "modified": "2019-09-03T00:00:00", "epss": [{"cve": "CVE-2017-18509", "epss": 0.002, "percentile": 0.56536, "modified": "2023-06-05"}, {"cve": "CVE-2018-20856", "epss": 0.00046, "percentile": 0.14061, "modified": "2023-06-06"}, {"cve": "CVE-2019-1125", "epss": 0.00119, "percentile": 0.44748, "modified": "2023-06-06"}, {"cve": "CVE-2019-11487", "epss": 0.00112, "percentile": 0.43344, "modified": "2023-06-06"}, {"cve": "CVE-2019-14283", "epss": 0.00084, "percentile": 0.34562, "modified": "2023-06-06"}, {"cve": "CVE-2019-14284", "epss": 0.0009, "percentile": 0.3703, "modified": "2023-06-06"}, {"cve": "CVE-2019-14809", "epss": 0.01646, "percentile": 0.85725, "modified": "2023-06-06"}, {"cve": "CVE-2019-15239", "epss": 0.00042, "percentile": 0.05671, "modified": "2023-06-06"}, {"cve": "CVE-2019-15926", "epss": 0.0112, "percentile": 0.82534, "modified": "2023-06-06"}, {"cve": "CVE-2019-20934", "epss": 0.00044, "percentile": 0.10297, "modified": "2023-06-06"}, {"cve": "CVE-2019-2745", "epss": 0.00146, "percentile": 0.49388, "modified": "2023-06-06"}, {"cve": "CVE-2019-2762", "epss": 0.00103, "percentile": 0.40884, "modified": "2023-06-06"}, {"cve": "CVE-2019-2766", "epss": 0.00133, "percentile": 0.47194, "modified": "2023-06-06"}, {"cve": "CVE-2019-2769", "epss": 0.00147, "percentile": 0.49485, "modified": "2023-06-06"}, {"cve": "CVE-2019-2786", "epss": 0.00273, "percentile": 0.63346, "modified": "2023-06-06"}, {"cve": "CVE-2019-2816", "epss": 0.00078, "percentile": 0.32422, "modified": "2023-06-06"}, {"cve": "CVE-2019-2818", "epss": 0.00146, "percentile": 0.49331, "modified": "2023-06-06"}, {"cve": "CVE-2019-2821", "epss": 0.00212, "percentile": 0.57861, "modified": "2023-06-06"}, {"cve": "CVE-2019-2842", "epss": 0.00202, "percentile": 0.56826, "modified": "2023-06-06"}, {"cve": "CVE-2019-8339", "epss": 0.00042, "percentile": 0.05671, "modified": "2023-06-06"}], "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.4}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 9.2, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-250", "reporter": "Photon", "references": [], "cvelist": ["CVE-2017-18509", "CVE-2018-20856", "CVE-2019-1125", "CVE-2019-11487", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14809", "CVE-2019-15239", "CVE-2019-15926", "CVE-2019-20934", "CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821", "CVE-2019-2842", "CVE-2019-8339"], "immutableFields": [], "lastseen": "2023-06-06T16:22:10", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["JAVA_JULY2019_ADVISORY.ASC"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-14809", "ALPINE:CVE-2019-2745", "ALPINE:CVE-2019-2762", "ALPINE:CVE-2019-2766", "ALPINE:CVE-2019-2769", "ALPINE:CVE-2019-2786", "ALPINE:CVE-2019-2816", "ALPINE:CVE-2019-2818", "ALPINE:CVE-2019-2821", "ALPINE:CVE-2019-2842"]}, {"type": "altlinux", "idList": ["61DFA798756D99B65F1D96CC4A334918", "944EA29696BE169228EC0537C731CCEC"]}, {"type": "amazon", "idList": ["ALAS-2018-1086", "ALAS-2019-1253", "ALAS-2019-1268", "ALAS-2019-1269", "ALAS-2019-1270", "ALAS2-2019-1246", "ALAS2-2019-1253", "ALAS2-2019-1268", "ALAS2-2019-1269", "ALAS2-2019-1309"]}, {"type": "androidsecurity", "idList": ["ANDROID:2020-01-01", "ANDROID:2020-03-01"]}, {"type": "archlinux", "idList": ["ASA-201908-15", "ASA-201908-16"]}, {"type": "attackerkb", "idList": ["AKB:D6AF80A3-0D4E-4040-B2EB-938D7EB7B9D7"]}, {"type": "centos", "idList": ["CESA-2019:1810", "CESA-2019:1811", "CESA-2019:1815", "CESA-2019:1839", "CESA-2019:1840", "CESA-2019:2473", "CESA-2019:2600", "CESA-2019:3055", "CESA-2019:3979", "CESA-2020:0839", "CESA-2020:1016", "CESA-2020:4182", "CESA-2021:2725"]}, {"type": "cisa", "idList": ["CISA:715DF5B957A42D91B3B79897B8FD61F2"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:3CD9371F7B812821D289B3B89526722F", "CFOUNDRY:40058483A2E2195544934D494FF464F7", "CFOUNDRY:A005A5D22D18F966EBF6C011F833E895", "CFOUNDRY:BD71AB043932448695E8B3D20302D582"]}, {"type": "cve", "idList": ["CVE-2017-18509", "CVE-2018-20856", "CVE-2019-1125", "CVE-2019-11487", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14809", "CVE-2019-15239", "CVE-2019-15926", "CVE-2019-20934", "CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821", "CVE-2019-2842", "CVE-2019-8339"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1884-1:61F35", "DEBIAN:DLA-1885-1:84558", "DEBIAN:DLA-1886-1:1F7C1", "DEBIAN:DLA-1886-1:800E7", "DEBIAN:DLA-1919-1:239EC", "DEBIAN:DLA-1919-2:858F8", "DEBIAN:DLA-1930-1:DFCDE", "DEBIAN:DSA-4485-1:63763", "DEBIAN:DSA-4486-1:B09C5", "DEBIAN:DSA-4495-1:1269E", "DEBIAN:DSA-4495-1:258DC", "DEBIAN:DSA-4497-1:7E46B", "DEBIAN:DSA-4497-1:F2AF4", "DEBIAN:DSA-4503-1:6B94A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-18509", "DEBIANCVE:CVE-2018-20856", "DEBIANCVE:CVE-2019-1125", "DEBIANCVE:CVE-2019-11487", "DEBIANCVE:CVE-2019-14283", "DEBIANCVE:CVE-2019-14284", "DEBIANCVE:CVE-2019-14809", "DEBIANCVE:CVE-2019-15239", "DEBIANCVE:CVE-2019-15926", "DEBIANCVE:CVE-2019-20934", "DEBIANCVE:CVE-2019-2745", "DEBIANCVE:CVE-2019-2762", "DEBIANCVE:CVE-2019-2766", "DEBIANCVE:CVE-2019-2769", "DEBIANCVE:CVE-2019-2786", "DEBIANCVE:CVE-2019-2816", "DEBIANCVE:CVE-2019-2818", "DEBIANCVE:CVE-2019-2821", "DEBIANCVE:CVE-2019-2842"]}, {"type": "exploitdb", "idList": ["EDB-ID:48071"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:B9569B6E7A5B893D9E83922DA7DE24BA"]}, {"type": "f5", "idList": ["F5:K03007515", "F5:K14255532", "F5:K14673240", "F5:K31085564", "F5:K32034450", "F5:K41582535", "F5:K55335001", "F5:K69232741", "F5:K91117041"]}, {"type": "fedora", "idList": ["FEDORA:2836F613193B", "FEDORA:3A69E60B3E88", "FEDORA:5869F62F1007", "FEDORA:691DA613FFAA", "FEDORA:976B760CEC41", "FEDORA:99396612EAD6", "FEDORA:9BEAD610ED74", "FEDORA:B8E1B6130727", "FEDORA:BDA53610ED61", "FEDORA:CCB9960F3CBA", "FEDORA:D307A6040ED0"]}, {"type": "fortinet", "idList": ["FG-IR-18-002"]}, {"type": "githubexploit", "idList": ["C332FD21-E85D-5C7D-95FC-3CF453E1E5B9"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20200408-01-SWAPGS"]}, {"type": "ibm", "idList": ["017704F263DE498C81E38DCD35C1B649CAC8F2B6DA67887C1DC1F132F6BB1B85", "038E05C3B3069193ABC498F7DA7506610EA5935651A3EAAAE0CFD171365F669B", "044165EE232CC81442DA70BD26B04FAFF8E3B4BF88F8CEC52534CD79809DF1A8", "06D03D8DB6D81BBB2F401326BFFBACB319A58DAC3E5E25DB3786F9C50548BBAF", "08DE53694C26ABDD41BBC40F7FCC12793FFEFFBFF019A69A5887D0DAE82ABDF7", "115D8CAF534F2C4CEB452D00E4A15EC6F49793EE25535915A4F7013A9E0C8581", "14C97104BCF75D000EB0338B3459ECEA0D1ADC44700E4D1225D84D331BF1A88C", "1C2B1F5888896B1434C4030A2ECAD60A72F097817520C11E7B2E61D7CD497A9F", "1DA2CBB07D7E2C540D55EE75A2FCF12E3A2EBC9BA0A28064A290348DCC390603", "1F716F8DE6344CD6DB2CEEACCC3ED5CDCB2FBEE87D93FC53CA7EE8D23A9BCB30", "20895B7F4EE20D27BA455BF8CEEBC16A47A46F3AE7F323DD812A3BEECC1B20E8", "21D21B6B900E74036C37AA6199307658F5132BE9091971C8994946E3A890EE51", "23B07DB5F72EB41B0989E06B767A7F673F7F705EE5F1EC2CDBF5FB71D61D69FE", "2537F49BC389A32095FFD04DD90ABD8C245F9F959B3040D4B3B584792F460CCA", "2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "36A44675340ABBBF38BBC61D576C235ADEFEC3786FBEAA3BDC6EA681F5DFF2F1", "3D3BF59CC576F554C3F716540167D85670B56CE61C0AA690764AE05CC62E23C5", "43090E604FFD17A647BF18798D3F4075DCD6E38C9F91569710640BF1ED71BD39", "44C4A8C323047316AF30A8E442CCDEE449312BB2BCF2FAB4E5E19F2D9E043677", "4613957D820DCAFBB74BE1CB304042BC2F40D11AC7189E7AD20080A2A94DA39A", "468957E7ECE017AC323A31CFD237B108C75593118F139922584ABAC37DCE69D7", "484E80FAE1A14CB4A5381B80BC5D666F692E35EDFE6C47B8F37C038AA85F3417", "4ABA347899E62D111444546AB60C999D1DFAF09E640D551C905BED4CAEE1CAD9", "4BB2759DF5CBB6BF54A7D60BF1046942C755D661255DAAC4EF3C0614D1A3AF9A", "4FB18D178F1A54F4568F82B87500157E5ADEF17F447B84B79FA2BB7073A2FB2A", "532D176661BCBEC8BE03A731D55474DD320250BB0C4A431156B2B65DA6D50581", "55A38DCD705E661D0B935814979F485DAAD7B5398C7C7443C6BD6D3DF149E7C4", "5E23E05BECFB965DB7E4C7AE5FFCFE7DC73ED0C7C8707051982D891255EAE803", "6035BAE63C053A046D5CC9964696A73EB8D9504098CF795F256DC0D6D1DB1B64", "61F9B315BA3607D5334F3703EC934F6C6E27108ED8AF409FF14E98685A2E6EC3", "65AC1B828E41A5505E1A8E4F6E7E2E7A2BE86DE58C539C97379A40C7ED8BBD9F", "68659D93A7B4C79150F4B62DF02E4CA34859145C18B4D4E7381CBF880486F5BA", "6B7AC9FC6F20E098C237B2663F69D9460C7412F71E37DFA2FF31F061BE7C7C0F", "6C1569CFF8F0392B685DA2C66914D8CC7E2A836152C6B997DC579D8A8BFEC6CF", "6CB4EF3A076E2190B30084083521AA008A1E2F799850D429F0737446D33988B3", "6D2557D147F23F2A248EB1657F75BA7E1CC172F20EF2C4091F9593FCF7D4142F", "6D5C685710EBBB28B1DA0A63873C8A8DFA1E92A0CA05F753D84A77B0BCB41828", "75847106DDA59D969AC0CC5D5D85844498E31446EE547D1D9B1A4B491F5FCBF2", "7A29ED8F7D6418C37C96D4510A80023AFED108D01C67AF41A5CA6ECDFE3590EA", "8C722873CB01E09D72565830790CEA1A6C7CCFC546391C310640314E98FB432C", "8C8D29CFFE09BC14E0145AB2AFEDB186E73FF0FAA7E36DE7CA84A42C0612120B", "8CD65E293EB47E0CBA5C0D0F22B1A987F38561C63CA622E0B8DF45C0546C2B9A", "8D1B1AA82D0BDDFEE37EA9AE5360AD4C6DD4C6EA3811B8ED14557DAE25A0EA03", "8DAEC6BCDE7A61BCB818037C4AAA2835BC75563C598312914F7766E39155FAB3", "8FC8252D06C92F29AE3C11FFC86B7FEAECBBB92836EFADAAE3D8D103F089FF6A", "90F8E7FF4F6735CACCB238688BEAAB2D10A1B629EE426F970E49DA9D26642006", "9148A44BD9A1C1A13CCEBD8F0346557CF005830103920CDDC01519240525CB58", "9B3C2542A224A170177BC588D64FBAC641AEB3A7ED64BDCAE097C03AA1143EDF", "9C150ED76373D46E88CC8AEC3FE36F4C6A2BFCA957BBDAD87CBC236F6C95489D", "9D9DAD99977CED17C2C3D54450307EB47C61D48916B7C9F91789EE2145A336AB", "9E0BDEBE89F5BFD4E20C1FC5208F8F3EC7C8056537B187222997616BD93BC68C", "9E2037D0ED805E7FDABABECE270D3847495DF96F9C8AEEC28AE11EB72ACC0F91", "A1E4FB8E98719FC3194DEF7926647BCC0CF39B8B9FD07A905855B49B6FCC24E7", "A34F8A2BB950E16F5F7EFA39DFEB254445E1AC4DF791FD7A07BF129351DAE57A", "A7C016AD8F1D9322489DC7A361BC11519C582BB47F90412ABCA7216E2718E7DC", "ACB678E6521C7EA397226E2F4ED553189E6069F60E848A366E9D7DC9D7CB1BC0", "AE3C4922FF34B230979DF49C6AF3017B8592E55D70320E67E64A2C3DF656B94E", "B289AA045D2B01B73FDBE25E507FD618EF3E4B62BF6B440684808A182102EA50", "B3AF98515AF4AC67A97EA721F58B686C37753261F9E4F17E36CBF4DBA8EE76C6", "B54C23AB6C2F4099543B14F5900252BB82DD7A923744D25CBFCED8DB2A18B38B", "B947805A29EE83AAAED8ABADDD8CFF00AA389BFC4D7DDC49FC3A89A557DD856C", "BC0A5D5D94C1EBA76D855D4E181DD14C6CD2741D43FF62D5B47A7E5BE0038B26", "BC47BC83DFB0446E95F94A66A8E6C9CB03AFD9785A4EB4870512E680A2805B99", "BDB7B08B4805AAD724E532E7DAD3D505850268202F5B6A7CD5D7EAE6DD6BA2FF", "BE9B73AE792A1D2BDA8F40A2D96D490E31ADBFC10C391AB0019AA505FFEE825F", "C0B9EFB7620DDADF64A6337F08A3FD9850EA987A61E547D63FDE5F9B05AF46FF", "C43D2CB156B7BD39FC113EAD22568306F95463D3E29CC3A697EB085F142533BB", "CED843D7D4246954CE05AFA7281A1AAFE1CB3941999D193D72B79F3086C39822", "D02871CB7E6D12ECC82CE98E5D1C92E08BB9FE8D99C34DD0487685D4579DFF16", "D52C2F73173A45D80C37B989C3B3A289CD1AE1DA6D666994F1F62181CAD31E04", "D52FD1BBE7FA27FE976654003C0573A802CFD49E8A9A57F5743855394D4F2F22", "D8F8CC6D161A0303796DAD9E7206DD254CBC4F17ED3E0177B2498CF6CFB19F7C", "D99368A75ACAE1BA071AB4642187D64BD6775A4C21AC3701A9903B0394B40C87", "DC8EB329C149727F6D7ADE88469953B9AFE4E1437F9E345FD62CE50D3999CE1A", "E27CF59C9E2E6C51C822E91F4392208E7D3759A654890A485CF9095C81FD8C05", "EC24DB6644C2E428B0C4C12DCA485C84E63D048A8E4B39F889DF81B205269B1B", "F55E9BE9F784F2E15972A25E2B2F5A6D630C611D72C692443C49F26D84E95F99", "F7E51655AE0C3E3A5C7AFAE4499771D71B4A3255C1EDE468013BB3892E874345", "F9F3B4261A18C4DCE8B16610FB2521F9D859E86F8EE3010A1231A24FF23D52DB", "FA0EB7A3587533C5F011BB310568B892891B2BB789186F309C8FB944D26E61B1", "FB242F1B042E63A029D2305C86BE56AC8775DE544895E6C1DC4D1883CC2205BC", "FEC8232906D5E0EDBA8A4F328F694BF10D9BB2DBA200DA4D22E92231EBDBB517"]}, {"type": "ics", "idList": ["ICSA-23-075-01"]}, {"type": "kaspersky", "idList": ["KLA11520", "KLA11529", "KLA11696", "KLA11700"]}, {"type": "lenovo", "idList": ["LENOVO:PS500167-SPECULATIVE-EXECUTION-SIDE-CHANNEL-VULNERABILITY-VARIANTS-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2019-0220", "MGASA-2019-0221", "MGASA-2019-0241", "MGASA-2019-0251", "MGASA-2019-0333"]}, {"type": "mscve", "idList": ["MS:CVE-2019-1125"]}, {"type": "mskb", "idList": ["KB4507435", "KB4507448", "KB4507449", "KB4507450", "KB4507452", "KB4507453", "KB4507455", "KB4507456", "KB4507457", "KB4507458", "KB4507460", "KB4507461", "KB4507462", "KB4507464", "KB4507469"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1246.NASL", "AL2_ALAS-2019-1253.NASL", "AL2_ALAS-2019-1268.NASL", "AL2_ALAS-2019-1269.NASL", "AL2_ALAS-2019-1309.NASL", "ALA_ALAS-2018-1086.NASL", "ALA_ALAS-2019-1253.NASL", "ALA_ALAS-2019-1268.NASL", "ALA_ALAS-2019-1269.NASL", "ALA_ALAS-2019-1270.NASL", "AMAZON_CORRETTO_11_0_4_11_1.NASL", "AMAZON_CORRETTO_8_222_10_1.NASL", "CENTOS8_RHSA-2019-1816.NASL", "CENTOS8_RHSA-2019-1817.NASL", "CENTOS8_RHSA-2019-2411.NASL", "CENTOS8_RHSA-2019-2703.NASL", "CENTOS8_RHSA-2019-3433.NASL", "CENTOS_RHSA-2019-1810.NASL", "CENTOS_RHSA-2019-1811.NASL", "CENTOS_RHSA-2019-1815.NASL", "CENTOS_RHSA-2019-1839.NASL", "CENTOS_RHSA-2019-1840.NASL", "CENTOS_RHSA-2019-2473.NASL", "CENTOS_RHSA-2019-2600.NASL", "CENTOS_RHSA-2019-3055.NASL", "CENTOS_RHSA-2019-3979.NASL", "CENTOS_RHSA-2020-0839.NASL", "CENTOS_RHSA-2020-1016.NASL", "CENTOS_RHSA-2020-4182.NASL", "CENTOS_RHSA-2021-2725.NASL", "DEBIAN_DLA-1884.NASL", "DEBIAN_DLA-1885.NASL", "DEBIAN_DLA-1919.NASL", "DEBIAN_DLA-1930.NASL", "DEBIAN_DSA-4485.NASL", "DEBIAN_DSA-4486.NASL", "DEBIAN_DSA-4495.NASL", "DEBIAN_DSA-4497.NASL", "DEBIAN_DSA-4503.NASL", "EULEROS_SA-2019-1635.NASL", "EULEROS_SA-2019-1671.NASL", "EULEROS_SA-2019-1793.NASL", "EULEROS_SA-2019-1916.NASL", "EULEROS_SA-2019-1919.NASL", "EULEROS_SA-2019-1926.NASL", "EULEROS_SA-2019-2068.NASL", "EULEROS_SA-2019-2078.NASL", "EULEROS_SA-2019-2081.NASL", "EULEROS_SA-2019-2105.NASL", "EULEROS_SA-2019-2201.NASL", "EULEROS_SA-2019-2245.NASL", "EULEROS_SA-2019-2263.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2309.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2374.NASL", "EULEROS_SA-2019-2460.NASL", "EULEROS_SA-2019-2599.NASL", "EULEROS_SA-2020-1110.NASL", "EULEROS_SA-2020-1111.NASL", "EULEROS_SA-2020-1186.NASL", "EULEROS_SA-2020-1197.NASL", "EULEROS_SA-2020-1269.NASL", "EULEROS_SA-2020-1307.NASL", "EULEROS_SA-2020-2514.NASL", "EULEROS_SA-2021-1039.NASL", "EULEROS_SA-2021-1056.NASL", "EULEROS_SA-2021-1079.NASL", "EULEROS_SA-2021-1309.NASL", "EULEROS_SA-2021-1310.NASL", "EULEROS_SA-2021-1311.NASL", "EULEROS_SA-2021-1684.NASL", "EULEROS_SA-2021-1792.NASL", "EULEROS_SA-2021-1805.NASL", "EULEROS_SA-2021-1806.NASL", "EULEROS_SA-2021-2140.NASL", "EULEROS_SA-2021-2300.NASL", "EULEROS_SA-2021-2335.NASL", "EULEROS_SA-2021-2389.NASL", "EULEROS_SA-2021-2587.NASL", "F5_BIGIP_SOL31085564.NASL", "FEDORA_2019-55D101A740.NASL", "FEDORA_2019-65DB7AD6C7.NASL", "FEDORA_2019-6BDA4C81F4.NASL", "FEDORA_2019-E37C348348.NASL", "IBM_JAVA_2019_07_16.NASL", "NEWSTART_CGSL_NS-SA-2019-0175_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0177_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0178_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0189_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0200_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0221_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0222_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0247_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0253_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0264_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0266_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0017_JAVA-1_7_0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2020-0021_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0022_JAVA-1_8_0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2020-0028_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0041_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0043_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0108_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0002_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0010_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2022-0014_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0040_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0044_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2022-0056_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2022-0075_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_10.NASL", "NUTANIX_NXSA-AOS-5_11_3.NASL", "NUTANIX_NXSA-AOS-5_15_1.NASL", "NUTANIX_NXSA-AOS-5_15_3.NASL", "NUTANIX_NXSA-AOS-5_16_0_1.NASL", "NUTANIX_NXSA-AOS-5_16_1.NASL", "NUTANIX_NXSA-AOS-5_16_1_3.NASL", "NUTANIX_NXSA-AOS-5_17.NASL", "NUTANIX_NXSA-AOS-5_17_0_3.NASL", "NUTANIX_NXSA-AOS-5_17_1.NASL", "NUTANIX_NXSA-AOS-5_18.NASL", "NUTANIX_NXSA-AOS-5_20_2.NASL", "NUTANIX_NXSA-AOS-6_0_1_5.NASL", "NUTANIX_NXSA-AOS-6_0_2.NASL", "NUTANIX_NXSA-AOS-6_1.NASL", "OPENJDK_2019-07-16.NASL", "OPENSUSE-2019-1570.NASL", "OPENSUSE-2019-1571.NASL", "OPENSUSE-2019-1579.NASL", "OPENSUSE-2019-1912.NASL", "OPENSUSE-2019-1916.NASL", "OPENSUSE-2019-1923.NASL", "OPENSUSE-2019-1924.NASL", "OPENSUSE-2019-2000.NASL", "OPENSUSE-2019-2056.NASL", "OPENSUSE-2019-2072.NASL", "OPENSUSE-2019-2085.NASL", "OPENSUSE-2019-2130.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "OPENSUSE-2021-75.NASL", "ORACLELINUX_ELSA-2019-1810.NASL", "ORACLELINUX_ELSA-2019-1811.NASL", "ORACLELINUX_ELSA-2019-1815.NASL", "ORACLELINUX_ELSA-2019-1816.NASL", "ORACLELINUX_ELSA-2019-1817.NASL", "ORACLELINUX_ELSA-2019-1839.NASL", "ORACLELINUX_ELSA-2019-1840.NASL", "ORACLELINUX_ELSA-2019-2411.NASL", "ORACLELINUX_ELSA-2019-2473.NASL", "ORACLELINUX_ELSA-2019-2600.NASL", "ORACLELINUX_ELSA-2019-2703.NASL", "ORACLELINUX_ELSA-2019-3055.NASL", "ORACLELINUX_ELSA-2019-3979.NASL", "ORACLELINUX_ELSA-2019-4735.NASL", "ORACLELINUX_ELSA-2019-4746.NASL", "ORACLELINUX_ELSA-2019-4775.NASL", "ORACLELINUX_ELSA-2019-4777.NASL", "ORACLELINUX_ELSA-2019-4808.NASL", "ORACLELINUX_ELSA-2019-4810.NASL", "ORACLELINUX_ELSA-2019-4812.NASL", "ORACLELINUX_ELSA-2019-4820.NASL", "ORACLELINUX_ELSA-2019-4836.NASL", "ORACLELINUX_ELSA-2019-4850.NASL", "ORACLELINUX_ELSA-2019-4854.NASL", "ORACLELINUX_ELSA-2019-4855.NASL", "ORACLELINUX_ELSA-2020-0834.NASL", "ORACLELINUX_ELSA-2020-5845.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2021-2725.NASL", "ORACLELINUX_ELSA-2021-9002.NASL", "ORACLEVM_OVMSA-2019-0038.NASL", "ORACLEVM_OVMSA-2019-0046.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "ORACLEVM_OVMSA-2021-0001.NASL", "ORACLE_JAVA_CPU_JUL_2019.NASL", "ORACLE_JAVA_CPU_JUL_2019_UNIX.NASL", "PHOTONOS_PHSA-2019-1_0-0250_GO.NASL", "PHOTONOS_PHSA-2019-1_0-0250_OPENJDK.NASL", "PHOTONOS_PHSA-2019-2_0-0173_OPENJDK8.NASL", "PHOTONOS_PHSA-2019-3_0-0015_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0026_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0028_GO.NASL", "PHOTONOS_PHSA-2019-3_0-0035_OPENJDK8.NASL", "PHOTONOS_PHSA-2020-1_0-0290_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-2_0-0235_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL", "PHOTONOS_PHSA-209-2_0-0175_GO.NASL", "PHOTONOS_PHSA-209-2_0-0175_LINUX.NASL", "REDHAT-RHSA-2019-1810.NASL", "REDHAT-RHSA-2019-1811.NASL", "REDHAT-RHSA-2019-1815.NASL", "REDHAT-RHSA-2019-1816.NASL", "REDHAT-RHSA-2019-1817.NASL", "REDHAT-RHSA-2019-1839.NASL", "REDHAT-RHSA-2019-1840.NASL", "REDHAT-RHSA-2019-2405.NASL", "REDHAT-RHSA-2019-2411.NASL", "REDHAT-RHSA-2019-2473.NASL", "REDHAT-RHSA-2019-2476.NASL", "REDHAT-RHSA-2019-2494.NASL", "REDHAT-RHSA-2019-2495.NASL", "REDHAT-RHSA-2019-2585.NASL", "REDHAT-RHSA-2019-2590.NASL", "REDHAT-RHSA-2019-2592.NASL", "REDHAT-RHSA-2019-2600.NASL", "REDHAT-RHSA-2019-2609.NASL", "REDHAT-RHSA-2019-2695.NASL", "REDHAT-RHSA-2019-2696.NASL", "REDHAT-RHSA-2019-2703.NASL", "REDHAT-RHSA-2019-2730.NASL", "REDHAT-RHSA-2019-2737.NASL", "REDHAT-RHSA-2019-2741.NASL", "REDHAT-RHSA-2019-2899.NASL", "REDHAT-RHSA-2019-2900.NASL", "REDHAT-RHSA-2019-2975.NASL", "REDHAT-RHSA-2019-3011.NASL", "REDHAT-RHSA-2019-3055.NASL", "REDHAT-RHSA-2019-3076.NASL", "REDHAT-RHSA-2019-3089.NASL", "REDHAT-RHSA-2019-3217.NASL", "REDHAT-RHSA-2019-3220.NASL", "REDHAT-RHSA-2019-3433.NASL", "REDHAT-RHSA-2019-3978.NASL", "REDHAT-RHSA-2019-3979.NASL", "REDHAT-RHSA-2020-0027.NASL", "REDHAT-RHSA-2020-0100.NASL", "REDHAT-RHSA-2020-0103.NASL", "REDHAT-RHSA-2020-0174.NASL", "REDHAT-RHSA-2020-0543.NASL", "REDHAT-RHSA-2020-0664.NASL", "REDHAT-RHSA-2020-0698.NASL", "REDHAT-RHSA-2020-0834.NASL", "REDHAT-RHSA-2020-0839.NASL", "REDHAT-RHSA-2020-1016.NASL", "REDHAT-RHSA-2020-1070.NASL", "REDHAT-RHSA-2020-2522.NASL", "REDHAT-RHSA-2020-2851.NASL", "REDHAT-RHSA-2020-3230.NASL", "REDHAT-RHSA-2020-3266.NASL", "REDHAT-RHSA-2020-4182.NASL", "REDHAT-RHSA-2021-2725.NASL", "REDHAT-RHSA-2021-2726.NASL", "REDHAT-RHSA-2021-3987.NASL", "SLACKWARE_SSA_2019-226-01.NASL", "SLACKWARE_SSA_2020-086-01.NASL", "SL_20190722_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20190722_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20190722_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20190723_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20190724_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20190813_KERNEL_ON_SL6_X.NASL", "SL_20190903_KERNEL_ON_SL7_X.NASL", "SL_20191016_KERNEL_ON_SL7_X.NASL", "SL_20191205_KERNEL_ON_SL7_X.NASL", "SL_20200317_KERNEL_ON_SL7_X.NASL", "SL_20200407_KERNEL_ON_SL7_X.NASL", "SL_20201012_KERNEL_ON_SL6_X.NASL", "SL_20210721_KERNEL_ON_SL7_X.NASL", "SMB_NT_MS19_JUL_4507435.NASL", "SMB_NT_MS19_JUL_4507448.NASL", "SMB_NT_MS19_JUL_4507449.NASL", "SMB_NT_MS19_JUL_4507450.NASL", "SMB_NT_MS19_JUL_4507452.NASL", "SMB_NT_MS19_JUL_4507453.NASL", "SMB_NT_MS19_JUL_4507455.NASL", "SMB_NT_MS19_JUL_4507458.NASL", "SMB_NT_MS19_JUL_4507460.NASL", "SMB_NT_MS19_JUL_4507462.NASL", "SMB_NT_MS19_JUL_4507469.NASL", "SUSE_SU-2019-14157-1.NASL", "SUSE_SU-2019-14160-1.NASL", "SUSE_SU-2019-14218-1.NASL", "SUSE_SU-2019-1529-1.NASL", "SUSE_SU-2019-1530-1.NASL", "SUSE_SU-2019-1535-1.NASL", "SUSE_SU-2019-1536-1.NASL", "SUSE_SU-2019-1550-1.NASL", "SUSE_SU-2019-1668-1.NASL", "SUSE_SU-2019-1671-1.NASL", "SUSE_SU-2019-1767-1.NASL", "SUSE_SU-2019-1823-1.NASL", "SUSE_SU-2019-1852-1.NASL", "SUSE_SU-2019-1870-1.NASL", "SUSE_SU-2019-2002-1.NASL", "SUSE_SU-2019-2021-1.NASL", "SUSE_SU-2019-2028-1.NASL", "SUSE_SU-2019-2036-1.NASL", "SUSE_SU-2019-2068-1.NASL", "SUSE_SU-2019-2070-1.NASL", "SUSE_SU-2019-2071-1.NASL", "SUSE_SU-2019-2072-1.NASL", "SUSE_SU-2019-2073-1.NASL", "SUSE_SU-2019-2213-1.NASL", "SUSE_SU-2019-2214-1.NASL", "SUSE_SU-2019-2262-1.NASL", "SUSE_SU-2019-2263-1.NASL", "SUSE_SU-2019-2291-1.NASL", "SUSE_SU-2019-2299-1.NASL", "SUSE_SU-2019-2336-1.NASL", "SUSE_SU-2019-2371-1.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2430-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2821-1.NASL", "SUSE_SU-2019-2949-1.NASL", "SUSE_SU-2019-2950-1.NASL", "SUSE_SU-2019-2984-1.NASL", "SUSE_SU-2019-3228-1.NASL", "SUSE_SU-2019-3230-1.NASL", "SUSE_SU-2019-3232-1.NASL", "SUSE_SU-2019-3258-1.NASL", "SUSE_SU-2019-3260-1.NASL", "SUSE_SU-2019-3261-1.NASL", "SUSE_SU-2020-3798-1.NASL", "SUSE_SU-2021-0098-1.NASL", "SUSE_SU-2021-0118-1.NASL", "SUSE_SU-2021-0133-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL", "UBUNTU_USN-4069-1.NASL", "UBUNTU_USN-4069-2.NASL", "UBUNTU_USN-4080-1.NASL", "UBUNTU_USN-4083-1.NASL", "UBUNTU_USN-4093-1.NASL", "UBUNTU_USN-4094-1.NASL", "UBUNTU_USN-4095-1.NASL", "UBUNTU_USN-4096-1.NASL", "UBUNTU_USN-4114-1.NASL", "UBUNTU_USN-4115-1.NASL", "UBUNTU_USN-4115-2.NASL", "UBUNTU_USN-4116-1.NASL", "UBUNTU_USN-4117-1.NASL", "UBUNTU_USN-4118-1.NASL", "UBUNTU_USN-4145-1.NASL", "UBUNTU_USN-4147-1.NASL", "VIRTUOZZO_VZA-2019-067.NASL", "VIRTUOZZO_VZA-2019-081.NASL", "VIRTUOZZO_VZA-2019-086.NASL", "VIRTUOZZO_VZLSA-2019-1811.NASL", "VIRTUOZZO_VZLSA-2019-1815.NASL", "VIRTUOZZO_VZLSA-2019-1839.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108620", "OPENVAS:1361412562310108766", "OPENVAS:1361412562310108767", "OPENVAS:1361412562310704485", "OPENVAS:1361412562310704486", "OPENVAS:1361412562310704495", "OPENVAS:1361412562310704497", "OPENVAS:1361412562310704503", "OPENVAS:1361412562310815175", "OPENVAS:1361412562310815176", "OPENVAS:1361412562310815177", "OPENVAS:1361412562310815178", "OPENVAS:1361412562310815179", "OPENVAS:1361412562310815180", "OPENVAS:1361412562310815181", "OPENVAS:1361412562310815182", "OPENVAS:1361412562310815183", "OPENVAS:1361412562310815184", "OPENVAS:1361412562310815400", "OPENVAS:1361412562310815401", "OPENVAS:1361412562310815402", "OPENVAS:1361412562310815403", "OPENVAS:1361412562310815404", "OPENVAS:1361412562310815406", "OPENVAS:1361412562310815408", "OPENVAS:1361412562310815409", "OPENVAS:1361412562310815410", "OPENVAS:1361412562310815513", "OPENVAS:1361412562310815514", "OPENVAS:1361412562310844102", "OPENVAS:1361412562310844116", "OPENVAS:1361412562310844118", "OPENVAS:1361412562310844121", "OPENVAS:1361412562310844131", "OPENVAS:1361412562310844133", "OPENVAS:1361412562310844134", "OPENVAS:1361412562310844136", "OPENVAS:1361412562310844156", "OPENVAS:1361412562310844157", "OPENVAS:1361412562310844158", "OPENVAS:1361412562310844159", "OPENVAS:1361412562310844160", "OPENVAS:1361412562310844174", "OPENVAS:1361412562310844192", "OPENVAS:1361412562310844194", "OPENVAS:1361412562310852568", "OPENVAS:1361412562310852570", "OPENVAS:1361412562310852649", "OPENVAS:1361412562310852657", "OPENVAS:1361412562310852665", "OPENVAS:1361412562310852683", "OPENVAS:1361412562310852691", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852847", "OPENVAS:1361412562310852848", "OPENVAS:1361412562310852851", "OPENVAS:1361412562310852855", "OPENVAS:1361412562310852903", "OPENVAS:1361412562310852928", "OPENVAS:1361412562310876647", "OPENVAS:1361412562310876648", "OPENVAS:1361412562310876652", "OPENVAS:1361412562310876653", "OPENVAS:1361412562310876660", "OPENVAS:1361412562310876666", "OPENVAS:1361412562310876757", "OPENVAS:1361412562310876760", "OPENVAS:1361412562310876892", "OPENVAS:1361412562310876912", "OPENVAS:1361412562310876991", "OPENVAS:1361412562310883085", "OPENVAS:1361412562310883086", "OPENVAS:1361412562310883087", "OPENVAS:1361412562310883088", "OPENVAS:1361412562310883089", "OPENVAS:1361412562310883096", "OPENVAS:1361412562310883107", "OPENVAS:1361412562310883117", "OPENVAS:1361412562310883139", "OPENVAS:1361412562310883210", "OPENVAS:1361412562310891884", "OPENVAS:1361412562310891885", "OPENVAS:1361412562310891886", "OPENVAS:1361412562310891919", "OPENVAS:1361412562310891930", "OPENVAS:1361412562311220191635", "OPENVAS:1361412562311220191671", "OPENVAS:1361412562311220191793", "OPENVAS:1361412562311220191916", "OPENVAS:1361412562311220191919", "OPENVAS:1361412562311220191926", "OPENVAS:1361412562311220192068", "OPENVAS:1361412562311220192078", "OPENVAS:1361412562311220192081", "OPENVAS:1361412562311220192105", "OPENVAS:1361412562311220192201", "OPENVAS:1361412562311220192245", "OPENVAS:1361412562311220192263", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192309", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192374", "OPENVAS:1361412562311220192460", "OPENVAS:1361412562311220192599", "OPENVAS:1361412562311220201110", "OPENVAS:1361412562311220201111", "OPENVAS:1361412562311220201186", "OPENVAS:1361412562311220201197", "OPENVAS:1361412562311220201269", "OPENVAS:1361412562311220201307"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021", "ORACLE:CPUJUL2019"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1810", "ELSA-2019-1811", "ELSA-2019-1815", "ELSA-2019-1816", "ELSA-2019-1817", "ELSA-2019-1839", "ELSA-2019-1840", "ELSA-2019-2411", "ELSA-2019-2473", "ELSA-2019-2600", "ELSA-2019-2703", "ELSA-2019-2736", "ELSA-2019-3055", "ELSA-2019-3433", "ELSA-2019-3517", "ELSA-2019-3979", "ELSA-2019-4733", "ELSA-2019-4735", "ELSA-2019-4746", "ELSA-2019-4775", "ELSA-2019-4777", "ELSA-2019-4808", "ELSA-2019-4810", "ELSA-2019-4812", "ELSA-2019-4820", "ELSA-2019-4836", "ELSA-2019-4850", "ELSA-2019-4854", "ELSA-2019-4855", "ELSA-2020-0834", "ELSA-2020-1016", "ELSA-2020-4182", "ELSA-2020-5845", "ELSA-2020-5866", "ELSA-2021-2725", "ELSA-2021-9002"]}, {"type": "osv", "idList": ["OSV:ASB-A-172999675", "OSV:DLA-1884-1", "OSV:DLA-1885-1", "OSV:DLA-1886-1", "OSV:DLA-1919-1", "OSV:DLA-1930-1", "OSV:DSA-4485-1", "OSV:DSA-4486-1", "OSV:DSA-4495-1", "OSV:DSA-4497-1", "OSV:DSA-4503-1", "OSV:GO-2022-0211"]}, {"type": "pentestit", "idList": ["PENTESTIT:1EC826B34F8C28C957C00C76C874E3E2"]}, {"type": "photon", "idList": ["PHSA-2019-0015", "PHSA-2019-0023", "PHSA-2019-0026", "PHSA-2019-0028", "PHSA-2019-0035", "PHSA-2019-0161", "PHSA-2019-0163", "PHSA-2019-0167", "PHSA-2019-0173", "PHSA-2019-0175", "PHSA-2019-1.0-0248", "PHSA-2019-1.0-0250", "PHSA-2019-2.0-0161", "PHSA-2019-2.0-0163", "PHSA-2019-2.0-0167", "PHSA-2019-2.0-0173", "PHSA-2019-2.0-0175", "PHSA-2019-3.0-0015", "PHSA-2019-3.0-0023", "PHSA-2019-3.0-0026", "PHSA-2019-3.0-0028", "PHSA-2019-3.0-0035", "PHSA-2020-0084", "PHSA-2020-0153", "PHSA-2020-0235", "PHSA-2020-0290", "PHSA-2020-1.0-0290", "PHSA-2020-2.0-0235", "PHSA-2020-3.0-0084", "PHSA-2020-3.0-0118", "PHSA-2020-3.0-0153", "PHSA-2021-0007", "PHSA-2021-4.0-0007"]}, {"type": "redhat", "idList": ["RHSA-2019:1810", "RHSA-2019:1811", "RHSA-2019:1815", "RHSA-2019:1816", "RHSA-2019:1817", "RHSA-2019:1839", "RHSA-2019:1840", "RHSA-2019:2405", "RHSA-2019:2411", "RHSA-2019:2473", "RHSA-2019:2476", "RHSA-2019:2494", "RHSA-2019:2495", "RHSA-2019:2585", "RHSA-2019:2590", "RHSA-2019:2592", "RHSA-2019:2600", "RHSA-2019:2609", "RHSA-2019:2695", "RHSA-2019:2696", "RHSA-2019:2703", "RHSA-2019:2730", "RHSA-2019:2737", "RHSA-2019:2741", "RHSA-2019:2899", "RHSA-2019:2900", "RHSA-2019:2975", "RHSA-2019:3011", "RHSA-2019:3055", "RHSA-2019:3076", "RHSA-2019:3089", "RHSA-2019:3217", "RHSA-2019:3220", "RHSA-2019:3433", "RHSA-2019:3978", "RHSA-2019:3979", "RHSA-2020:0027", "RHSA-2020:0100", "RHSA-2020:0103", "RHSA-2020:0174", "RHSA-2020:0543", "RHSA-2020:0664", "RHSA-2020:0698", "RHSA-2020:0834", "RHSA-2020:0839", "RHSA-2020:1016", "RHSA-2020:1070", "RHSA-2020:2522", "RHSA-2020:2851", "RHSA-2020:3230", "RHSA-2020:3266", "RHSA-2020:4182", "RHSA-2021:2725", "RHSA-2021:2726", "RHSA-2021:3016", "RHSA-2021:3987"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-18509", "RH:CVE-2018-20856", "RH:CVE-2019-1125", "RH:CVE-2019-11487", "RH:CVE-2019-14283", "RH:CVE-2019-14284", "RH:CVE-2019-14809", "RH:CVE-2019-15239", "RH:CVE-2019-15926", "RH:CVE-2019-20934", "RH:CVE-2019-2745", "RH:CVE-2019-2762", "RH:CVE-2019-2766", "RH:CVE-2019-2769", "RH:CVE-2019-2786", "RH:CVE-2019-2816", "RH:CVE-2019-2818", "RH:CVE-2019-2821", "RH:CVE-2019-2842"]}, {"type": "slackware", "idList": ["SSA-2019-226-01", "SSA-2020-086-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1570-1", "OPENSUSE-SU-2019:1571-1", "OPENSUSE-SU-2019:1579-1", "OPENSUSE-SU-2019:1912-1", "OPENSUSE-SU-2019:1916-1", "OPENSUSE-SU-2019:1923-1", "OPENSUSE-SU-2019:1924-1", "OPENSUSE-SU-2019:2000-1", "OPENSUSE-SU-2019:2056-1", "OPENSUSE-SU-2019:2072-1", "OPENSUSE-SU-2019:2085-1", "OPENSUSE-SU-2019:2130-1", "OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1", "OPENSUSE-SU-2021:0075-1"]}, {"type": "thn", "idList": ["THN:E3EB255FBC069136903C8881DF473DF0"]}, {"type": "threatpost", "idList": ["THREATPOST:25B39CC0AC8A2CF8DE7334F890A87907"]}, {"type": "ubuntu", "idList": ["USN-4069-1", "USN-4069-2", "USN-4080-1", "USN-4083-1", "USN-4093-1", "USN-4094-1", "USN-4095-1", "USN-4095-2", "USN-4096-1", "USN-4114-1", "USN-4115-1", "USN-4115-2", "USN-4116-1", "USN-4117-1", "USN-4118-1", "USN-4145-1", "USN-4147-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-18509", "UB:CVE-2018-20856", "UB:CVE-2019-1125", "UB:CVE-2019-11487", "UB:CVE-2019-14283", "UB:CVE-2019-14284", "UB:CVE-2019-14809", "UB:CVE-2019-15239", "UB:CVE-2019-15926", "UB:CVE-2019-20934", "UB:CVE-2019-2745", "UB:CVE-2019-2762", "UB:CVE-2019-2766", "UB:CVE-2019-2769", "UB:CVE-2019-2786", "UB:CVE-2019-2816", "UB:CVE-2019-2818", "UB:CVE-2019-2821", "UB:CVE-2019-2842", "UB:CVE-2019-8339"]}, {"type": "veracode", "idList": ["VERACODE:20906", "VERACODE:20907", "VERACODE:20908", "VERACODE:20909", "VERACODE:20910", "VERACODE:20911", "VERACODE:20913", "VERACODE:20914", "VERACODE:21203", "VERACODE:21211", "VERACODE:21702", "VERACODE:22028", "VERACODE:22739", "VERACODE:22924", "VERACODE:26309", "VERACODE:31293"]}, {"type": "virtuozzo", "idList": ["VZA-2019-066", "VZA-2019-067", "VZA-2019-081", "VZA-2019-086", "VZA-2021-040"]}, {"type": "zdt", "idList": ["1337DAY-ID-33968"]}]}, "score": {"value": 1.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["JAVA_JULY2019_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2018-1086", "ALAS-2019-1253", "ALAS-2019-1268", "ALAS-2019-1269", "ALAS-2019-1270"]}, {"type": "androidsecurity", "idList": ["ANDROID:2019-12-01", "ANDROID:2020-01-01", "ANDROID:2020-03-01", "ANDROID:2021-02-01"]}, {"type": "archlinux", "idList": ["ASA-201908-15", "ASA-201908-16"]}, {"type": "centos", "idList": ["CESA-2019:1810", "CESA-2019:1811", "CESA-2019:1815", "CESA-2019:1839", "CESA-2019:1840", "CESA-2019:2473", "CESA-2019:2600", "CESA-2020:1016"]}, {"type": "cisa", "idList": ["CISA:715DF5B957A42D91B3B79897B8FD61F2"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:3CD9371F7B812821D289B3B89526722F", "CFOUNDRY:40058483A2E2195544934D494FF464F7", "CFOUNDRY:A005A5D22D18F966EBF6C011F833E895", "CFOUNDRY:BD71AB043932448695E8B3D20302D582"]}, {"type": "cve", "idList": ["CVE-2017-18509", "CVE-2018-20856", "CVE-2019-1125", "CVE-2019-11487", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14809", "CVE-2019-15239", "CVE-2019-15926", "CVE-2019-20934", "CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821", "CVE-2019-2842", "CVE-2019-8339"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1884-1:61F35", "DEBIAN:DLA-1885-1:84558", "DEBIAN:DLA-1886-1:800E7", "DEBIAN:DLA-1919-1:239EC", "DEBIAN:DLA-1919-2:858F8", "DEBIAN:DLA-1930-1:DFCDE", "DEBIAN:DSA-4485-1:63763", "DEBIAN:DSA-4486-1:B09C5", "DEBIAN:DSA-4495-1:1269E", "DEBIAN:DSA-4497-1:7E46B", "DEBIAN:DSA-4503-1:6B94A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-14809"]}, {"type": "exploitdb", "idList": ["EDB-ID:48071"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:B9569B6E7A5B893D9E83922DA7DE24BA"]}, {"type": "f5", "idList": ["F5:K14255532", "F5:K14673240", "F5:K31085564", "F5:K32034450", "F5:K41582535"]}, {"type": "fedora", "idList": ["FEDORA:2836F613193B", "FEDORA:3A69E60B3E88", "FEDORA:5869F62F1007", "FEDORA:691DA613FFAA", "FEDORA:976B760CEC41", "FEDORA:99396612EAD6", "FEDORA:9BEAD610ED74", "FEDORA:B8E1B6130727", "FEDORA:BDA53610ED61", "FEDORA:CCB9960F3CBA", "FEDORA:D307A6040ED0"]}, {"type": "fortinet", "idList": ["FG-IR-18-002"]}, {"type": "githubexploit", "idList": ["C332FD21-E85D-5C7D-95FC-3CF453E1E5B9"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20200408-01-SWAPGS"]}, {"type": "ibm", "idList": ["468957E7ECE017AC323A31CFD237B108C75593118F139922584ABAC37DCE69D7", "6035BAE63C053A046D5CC9964696A73EB8D9504098CF795F256DC0D6D1DB1B64", "75847106DDA59D969AC0CC5D5D85844498E31446EE547D1D9B1A4B491F5FCBF2", "8DAEC6BCDE7A61BCB818037C4AAA2835BC75563C598312914F7766E39155FAB3", "9B3C2542A224A170177BC588D64FBAC641AEB3A7ED64BDCAE097C03AA1143EDF", "F9F3B4261A18C4DCE8B16610FB2521F9D859E86F8EE3010A1231A24FF23D52DB"]}, {"type": "kaspersky", "idList": ["KLA11520", "KLA11529", "KLA11696", "KLA11700"]}, {"type": "lenovo", "idList": ["LENOVO:PS500167-SPECULATIVE-EXECUTION-SIDE-CHANNEL-VULNERABILITY-VARIANTS-NOSID"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2019-11487/", "MSF:ILITIES/UBUNTU-CVE-2019-11487/"]}, {"type": "mscve", "idList": ["MS:CVE-2019-1125"]}, {"type": "mskb", "idList": ["KB4507455"]}, {"type": "nessus", "idList": ["ALA_ALAS-2018-1086.NASL", "CENTOS_RHSA-2020-1016.NASL", "EULEROS_SA-2020-1110.NASL", "EULEROS_SA-2020-1111.NASL", "EULEROS_SA-2020-1197.NASL", "NEWSTART_CGSL_NS-SA-2019-0175_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0177_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0178_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0189_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0200_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0017_JAVA-1_7_0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2020-0021_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0022_JAVA-1_8_0-OPENJDK.NASL", "OPENSUSE-2019-1570.NASL", "OPENSUSE-2019-1571.NASL", "OPENSUSE-2019-1579.NASL", "OPENSUSE-2019-1912.NASL", "OPENSUSE-2019-1916.NASL", "OPENSUSE-2019-1923.NASL", "OPENSUSE-2019-1924.NASL", "OPENSUSE-2019-2000.NASL", "OPENSUSE-2019-2056.NASL", "OPENSUSE-2019-2072.NASL", "OPENSUSE-2019-2085.NASL", "OPENSUSE-2019-2130.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "ORACLELINUX_ELSA-2019-1810.NASL", "ORACLELINUX_ELSA-2019-1811.NASL", "ORACLELINUX_ELSA-2019-1815.NASL", "ORACLELINUX_ELSA-2019-1816.NASL", "ORACLELINUX_ELSA-2019-1817.NASL", "ORACLELINUX_ELSA-2019-1839.NASL", "ORACLELINUX_ELSA-2019-1840.NASL", "ORACLELINUX_ELSA-2019-2411.NASL", "ORACLELINUX_ELSA-2019-2473.NASL", "ORACLELINUX_ELSA-2019-2600.NASL", "ORACLELINUX_ELSA-2019-2703.NASL", "ORACLELINUX_ELSA-2019-3055.NASL", "ORACLELINUX_ELSA-2019-4735.NASL", "ORACLELINUX_ELSA-2019-4746.NASL", "ORACLELINUX_ELSA-2019-4775.NASL", "ORACLELINUX_ELSA-2019-4777.NASL", "ORACLELINUX_ELSA-2019-4808.NASL", "ORACLELINUX_ELSA-2019-4810.NASL", "ORACLELINUX_ELSA-2019-4812.NASL", "ORACLELINUX_ELSA-2019-4820.NASL", "ORACLEVM_OVMSA-2019-0038.NASL", "ORACLEVM_OVMSA-2019-0046.NASL", "REDHAT-RHSA-2019-1810.NASL", "REDHAT-RHSA-2019-1811.NASL", "REDHAT-RHSA-2019-1815.NASL", "REDHAT-RHSA-2019-1816.NASL", "REDHAT-RHSA-2019-1817.NASL", "REDHAT-RHSA-2019-1839.NASL", "REDHAT-RHSA-2019-1840.NASL", "REDHAT-RHSA-2019-2405.NASL", "REDHAT-RHSA-2019-2411.NASL", "REDHAT-RHSA-2019-2473.NASL", "REDHAT-RHSA-2019-2476.NASL", "REDHAT-RHSA-2019-2494.NASL", "REDHAT-RHSA-2019-2495.NASL", "REDHAT-RHSA-2019-2585.NASL", "REDHAT-RHSA-2019-2590.NASL", "REDHAT-RHSA-2019-2592.NASL", "REDHAT-RHSA-2019-2600.NASL", "REDHAT-RHSA-2019-2609.NASL", "REDHAT-RHSA-2019-2695.NASL", "REDHAT-RHSA-2019-2696.NASL", "REDHAT-RHSA-2019-2703.NASL", "REDHAT-RHSA-2019-2730.NASL", "REDHAT-RHSA-2019-2737.NASL", "REDHAT-RHSA-2019-2741.NASL", "REDHAT-RHSA-2019-2899.NASL", "REDHAT-RHSA-2019-2900.NASL", "REDHAT-RHSA-2019-2975.NASL", "REDHAT-RHSA-2019-3011.NASL", "REDHAT-RHSA-2019-3055.NASL", "REDHAT-RHSA-2019-3076.NASL", "REDHAT-RHSA-2019-3089.NASL", "REDHAT-RHSA-2019-3217.NASL", "REDHAT-RHSA-2019-3220.NASL", "REDHAT-RHSA-2020-0543.NASL", "REDHAT-RHSA-2020-0664.NASL", "REDHAT-RHSA-2020-0698.NASL", "REDHAT-RHSA-2020-0834.NASL", "REDHAT-RHSA-2020-1016.NASL", "REDHAT-RHSA-2020-1070.NASL", "SL_20190722_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20190722_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20190722_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20190723_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20190724_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20190813_KERNEL_ON_SL6_X.NASL", "SL_20190903_KERNEL_ON_SL7_X.NASL", "SL_20191016_KERNEL_ON_SL7_X.NASL", "SL_20200317_KERNEL_ON_SL7_X.NASL", "SMB_NT_MS19_JUL_4507435.NASL", "SMB_NT_MS19_JUL_4507448.NASL", "SMB_NT_MS19_JUL_4507450.NASL", "SMB_NT_MS19_JUL_4507453.NASL", "SMB_NT_MS19_JUL_4507455.NASL", "SMB_NT_MS19_JUL_4507458.NASL", "SMB_NT_MS19_JUL_4507460.NASL", "SMB_NT_MS19_JUL_4507462.NASL", "SMB_NT_MS19_JUL_4507469.NASL", "SUSE_SU-2019-1529-1.NASL", "SUSE_SU-2019-1530-1.NASL", "SUSE_SU-2019-1535-1.NASL", "SUSE_SU-2019-1536-1.NASL", "SUSE_SU-2019-1550-1.NASL", "SUSE_SU-2019-1668-1.NASL", "SUSE_SU-2019-1671-1.NASL", "SUSE_SU-2019-1767-1.NASL", "SUSE_SU-2019-1823-1.NASL", "SUSE_SU-2019-1852-1.NASL", "SUSE_SU-2019-1870-1.NASL", "SUSE_SU-2019-2002-1.NASL", "SUSE_SU-2019-2021-1.NASL", "SUSE_SU-2019-2028-1.NASL", "SUSE_SU-2019-2036-1.NASL", "SUSE_SU-2019-2068-1.NASL", "SUSE_SU-2019-2070-1.NASL", "SUSE_SU-2019-2071-1.NASL", "SUSE_SU-2019-2072-1.NASL", "SUSE_SU-2019-2073-1.NASL", "SUSE_SU-2019-2213-1.NASL", "SUSE_SU-2019-2214-1.NASL", "SUSE_SU-2019-2262-1.NASL", "SUSE_SU-2019-2263-1.NASL", "SUSE_SU-2019-2291-1.NASL", "SUSE_SU-2019-2299-1.NASL", "SUSE_SU-2019-2336-1.NASL", "SUSE_SU-2019-2371-1.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2430-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2821-1.NASL", "UBUNTU_USN-4069-1.NASL", "UBUNTU_USN-4069-2.NASL", "UBUNTU_USN-4080-1.NASL", "UBUNTU_USN-4083-1.NASL", "UBUNTU_USN-4093-1.NASL", "UBUNTU_USN-4094-1.NASL", "UBUNTU_USN-4095-1.NASL", "UBUNTU_USN-4096-1.NASL", "UBUNTU_USN-4114-1.NASL", "UBUNTU_USN-4115-1.NASL", "UBUNTU_USN-4115-2.NASL", "UBUNTU_USN-4116-1.NASL", "UBUNTU_USN-4117-1.NASL", "UBUNTU_USN-4118-1.NASL", "UBUNTU_USN-4145-1.NASL", "UBUNTU_USN-4147-1.NASL", "VIRTUOZZO_VZA-2019-081.NASL", "VIRTUOZZO_VZA-2019-086.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108620", "OPENVAS:1361412562310704485", "OPENVAS:1361412562310704486", "OPENVAS:1361412562310704495", "OPENVAS:1361412562310704503", "OPENVAS:1361412562310815175", "OPENVAS:1361412562310815176", "OPENVAS:1361412562310815177", "OPENVAS:1361412562310815178", "OPENVAS:1361412562310815179", "OPENVAS:1361412562310815180", "OPENVAS:1361412562310815181", "OPENVAS:1361412562310815182", "OPENVAS:1361412562310815183", "OPENVAS:1361412562310815184", "OPENVAS:1361412562310815400", "OPENVAS:1361412562310815401", "OPENVAS:1361412562310815402", "OPENVAS:1361412562310815403", "OPENVAS:1361412562310815404", "OPENVAS:1361412562310815406", "OPENVAS:1361412562310815408", "OPENVAS:1361412562310815409", "OPENVAS:1361412562310815410", "OPENVAS:1361412562310815513", "OPENVAS:1361412562310815514", "OPENVAS:1361412562310844102", "OPENVAS:1361412562310844116", "OPENVAS:1361412562310844118", "OPENVAS:1361412562310844121", "OPENVAS:1361412562310844131", "OPENVAS:1361412562310844133", "OPENVAS:1361412562310844134", "OPENVAS:1361412562310844136", "OPENVAS:1361412562310844156", "OPENVAS:1361412562310844157", "OPENVAS:1361412562310844158", "OPENVAS:1361412562310844159", "OPENVAS:1361412562310844160", "OPENVAS:1361412562310844174", "OPENVAS:1361412562310844192", "OPENVAS:1361412562310844194", "OPENVAS:1361412562310852568", "OPENVAS:1361412562310852570", "OPENVAS:1361412562310852649", "OPENVAS:1361412562310852657", "OPENVAS:1361412562310852665", "OPENVAS:1361412562310852683", "OPENVAS:1361412562310852691", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310876647", "OPENVAS:1361412562310876648", "OPENVAS:1361412562310876652", "OPENVAS:1361412562310876653", "OPENVAS:1361412562310876660", "OPENVAS:1361412562310876666", "OPENVAS:1361412562310876757", "OPENVAS:1361412562310876760", "OPENVAS:1361412562310876892", "OPENVAS:1361412562310876912", "OPENVAS:1361412562310883085", "OPENVAS:1361412562310883086", "OPENVAS:1361412562310883087", "OPENVAS:1361412562310883088", "OPENVAS:1361412562310883089", "OPENVAS:1361412562310883096", "OPENVAS:1361412562310883107", "OPENVAS:1361412562310891884", "OPENVAS:1361412562310891885", "OPENVAS:1361412562310891886", "OPENVAS:1361412562310891919", "OPENVAS:1361412562310891930", "OPENVAS:1361412562311220191671", "OPENVAS:1361412562311220191793", "OPENVAS:1361412562311220191916", "OPENVAS:1361412562311220191919", "OPENVAS:1361412562311220191926", "OPENVAS:1361412562311220192078", "OPENVAS:1361412562311220192081", "OPENVAS:1361412562311220192105", "OPENVAS:1361412562311220192201", "OPENVAS:1361412562311220192245", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192309", "OPENVAS:1361412562311220192460", "OPENVAS:1361412562311220201110", "OPENVAS:1361412562311220201111", "OPENVAS:1361412562311220201197"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2019-5072835"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1810", "ELSA-2019-1811", "ELSA-2019-1815", "ELSA-2019-1816", "ELSA-2019-1817", "ELSA-2019-1839", "ELSA-2019-1840", "ELSA-2019-2411", "ELSA-2019-2473", "ELSA-2019-2600", "ELSA-2019-2703", "ELSA-2019-2736", "ELSA-2019-3055", "ELSA-2019-4733", "ELSA-2019-4735", "ELSA-2019-4746", "ELSA-2019-4775", "ELSA-2019-4777", "ELSA-2019-4808", "ELSA-2019-4810", "ELSA-2019-4812", "ELSA-2019-4820", "ELSA-2020-0834", "ELSA-2020-1016"]}, {"type": "pentestit", "idList": ["PENTESTIT:1EC826B34F8C28C957C00C76C874E3E2"]}, {"type": "photon", "idList": ["PHSA-2019-1.0-0250", "PHSA-2019-2.0-0161", "PHSA-2019-2.0-0163", "PHSA-2019-2.0-0167", "PHSA-2019-2.0-0173", "PHSA-2019-2.0-0175", "PHSA-2019-3.0-0015", "PHSA-2019-3.0-0023", "PHSA-2019-3.0-0026", "PHSA-2019-3.0-0028", "PHSA-2019-3.0-0035", "PHSA-2020-1.0-0290", "PHSA-2020-2.0-0235", "PHSA-2020-3.0-0084", "PHSA-2020-3.0-0153"]}, {"type": "redhat", "idList": ["RHSA-2019:2405", "RHSA-2019:2411", "RHSA-2019:2473", "RHSA-2019:2585", "RHSA-2019:2600", "RHSA-2019:2609", "RHSA-2019:2695", "RHSA-2019:2899", "RHSA-2020:0543", "RHSA-2020:0698"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-14809", "RH:CVE-2019-15926", "RH:CVE-2019-20934", "RH:CVE-2019-2745", "RH:CVE-2019-2766", "RH:CVE-2019-2818", "RH:CVE-2019-2821", "RH:CVE-2019-2842"]}, {"type": "slackware", "idList": ["SSA-2019-226-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1570-1", "OPENSUSE-SU-2019:1571-1", "OPENSUSE-SU-2019:1579-1", "OPENSUSE-SU-2019:1912-1", "OPENSUSE-SU-2019:1916-1", "OPENSUSE-SU-2019:1923-1", "OPENSUSE-SU-2019:1924-1", "OPENSUSE-SU-2019:2000-1", "OPENSUSE-SU-2019:2056-1", "OPENSUSE-SU-2019:2072-1", "OPENSUSE-SU-2019:2085-1", "OPENSUSE-SU-2019:2130-1", "OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1"]}, {"type": "thn", "idList": ["THN:E3EB255FBC069136903C8881DF473DF0"]}, {"type": "threatpost", "idList": ["THREATPOST:25B39CC0AC8A2CF8DE7334F890A87907"]}, {"type": "ubuntu", "idList": ["USN-4069-1", "USN-4080-1", "USN-4093-1", "USN-4094-1", "USN-4095-1", "USN-4095-2", "USN-4096-1", "USN-4114-1", "USN-4115-1", "USN-4115-2", "USN-4116-1", "USN-4117-1", "USN-4118-1", "USN-4145-1", "USN-4147-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-18509", "UB:CVE-2019-1125", "UB:CVE-2019-14809", "UB:CVE-2019-15239", "UB:CVE-2019-15926", "UB:CVE-2019-20934"]}, {"type": "virtuozzo", "idList": ["VZA-2019-066", "VZA-2019-067", "VZA-2019-081"]}, {"type": "zdt", "idList": ["1337DAY-ID-33968"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-18509", "epss": 0.002, "percentile": 0.56386, "modified": "2023-05-03"}, {"cve": "CVE-2018-20856", "epss": 0.00046, "percentile": 0.1403, "modified": "2023-05-03"}, {"cve": "CVE-2019-1125", "epss": 0.0008, "percentile": 0.32744, "modified": "2023-05-03"}, {"cve": "CVE-2019-11487", "epss": 0.00112, "percentile": 0.43126, "modified": "2023-05-03"}, {"cve": "CVE-2019-14283", "epss": 0.00076, "percentile": 0.30821, "modified": "2023-05-03"}, {"cve": "CVE-2019-14284", "epss": 0.0009, "percentile": 0.36885, "modified": "2023-05-03"}, {"cve": "CVE-2019-14809", "epss": 0.01646, "percentile": 0.85689, "modified": "2023-05-03"}, {"cve": "CVE-2019-15239", "epss": 0.00042, "percentile": 0.05655, "modified": "2023-05-03"}, {"cve": "CVE-2019-15926", "epss": 0.01038, "percentile": 0.81727, "modified": "2023-05-03"}, {"cve": "CVE-2019-20934", "epss": 0.00044, "percentile": 0.10267, "modified": "2023-05-03"}, {"cve": "CVE-2019-2745", "epss": 0.00146, "percentile": 0.49182, "modified": "2023-05-03"}, {"cve": "CVE-2019-2762", "epss": 0.00103, "percentile": 0.40737, "modified": "2023-05-03"}, {"cve": "CVE-2019-2766", "epss": 0.00109, "percentile": 0.42557, "modified": "2023-05-03"}, {"cve": "CVE-2019-2769", "epss": 0.00103, "percentile": 0.40737, "modified": "2023-05-03"}, {"cve": "CVE-2019-2786", "epss": 0.00191, "percentile": 0.5511, "modified": "2023-05-03"}, {"cve": "CVE-2019-2816", "epss": 0.00077, "percentile": 0.31534, "modified": "2023-05-03"}, {"cve": "CVE-2019-2818", "epss": 0.00122, "percentile": 0.45108, "modified": "2023-05-03"}, {"cve": "CVE-2019-2821", "epss": 0.00177, "percentile": 0.53363, "modified": "2023-05-03"}, {"cve": "CVE-2019-2842", "epss": 0.00169, "percentile": 0.52391, "modified": "2023-05-03"}, {"cve": "CVE-2019-8339", "epss": 0.00042, "percentile": 0.05655, "modified": "2023-05-03"}], "vulnersScore": 1.6}, "_state": {"dependencies": 1686083422, "score": 1686068602, "epss": 0}, "_internal": {"score_hash": "f84a8aad134abe487d1e544f437b3cae"}, "affectedPackage": [{"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.8.0.222-1.ph1", "packageFilename": "openjdk-1.8.0.222-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "openjdk"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "4.4.189-2.ph1", "packageFilename": "linux-esx-devel-4.4.189-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "linux-esx-devel"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.8.0.222-1.ph1", "packageFilename": "openjdk-sample-1.8.0.222-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "openjdk-sample"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "4.4.189-2.ph1", "packageFilename": "linux-sound-4.4.189-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "linux-sound"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "4.4.189-2.ph1", "packageFilename": "linux-4.4.189-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "linux"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.8.0.222-1.ph1", "packageFilename": "openjdk-src-1.8.0.222-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "openjdk-src"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "0.26.0-1.113123842.ph1", "packageFilename": "sysdig-debuginfo-0.26.0-1.113123842.ph1.x86_64.rpm", "operator": "lt", "packageName": "sysdig-debuginfo"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "4.4.189-2.ph1", "packageFilename": "linux-esx-docs-4.4.189-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "linux-esx-docs"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.8.0.222-1.ph1", "packageFilename": "openjdk-debuginfo-1.8.0.222-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "openjdk-debuginfo"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.11.13-1.ph1", "packageFilename": "go-1.11.13-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "go"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "4.4.189-2.ph1", "packageFilename": "linux-debuginfo-4.4.189-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "linux-debuginfo"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "0.26.0-1.113123842.ph1", "packageFilename": "sysdig-0.26.0-1.113123842.ph1.x86_64.rpm", "operator": "lt", "packageName": "sysdig"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "4.4.189-2.ph1", "packageFilename": "linux-oprofile-4.4.189-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "linux-oprofile"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "4.4.189-2.ph1", "packageFilename": "linux-esx-debuginfo-4.4.189-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "linux-esx-debuginfo"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.8.0.222-1.ph1", "packageFilename": "openjdk-doc-1.8.0.222-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "openjdk-doc"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "4.4.189-2.ph1", "packageFilename": "linux-tools-4.4.189-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "linux-tools"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "4.4.189-2.ph1", "packageFilename": "linux-esx-4.4.189-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "linux-esx"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "4.4.189-2.ph1", "packageFilename": "linux-docs-4.4.189-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "linux-docs"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "4.4.189-2.ph1", "packageFilename": "linux-drivers-gpu-4.4.189-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "linux-drivers-gpu"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "4.4.189-2.ph1", "packageFilename": "linux-dev-4.4.189-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "linux-dev"}], "vendorCvss": {"severity": "critical"}}

{"nessus": [{"lastseen": "2023-05-24T14:31:16", "description": "An update of the openjdk8 package has been released.", "cvss3": {}, "published": "2019-10-22T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Openjdk8 PHSA-2019-3.0-0035", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821", "CVE-2019-2842"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:openjdk8", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0035_OPENJDK8.NASL", "href": "https://www.tenable.com/plugins/nessus/130102", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0035. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130102);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2766\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2818\",\n \"CVE-2019-2821\",\n \"CVE-2019-2842\"\n );\n\n script_name(english:\"Photon OS 3.0: Openjdk8 PHSA-2019-3.0-0035\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the openjdk8 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0035.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openjdk8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"openjdk8-1.8.0.222-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"openjdk8-debuginfo-1.8.0.222-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"openjdk8-doc-1.8.0.222-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"openjdk8-sample-1.8.0.222-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"openjdk8-src-1.8.0.222-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjdk8\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:06", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-209-2.0-0175", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-15239", "CVE-2019-15926"], "modified": "2019-12-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-209-2_0-0175_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/128725", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-209-2.0-0175. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128725);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/30\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-14283\",\n \"CVE-2019-14284\",\n \"CVE-2019-15239\",\n \"CVE-2019-15926\"\n );\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-209-2.0-0175\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-175.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15926\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-api-headers-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-drivers-gpu-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-oprofile-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-sound-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.189-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:11", "description": "Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions. In addition the implementation of elliptic curve cryptography was modernised.", "cvss3": {}, "published": "2019-07-24T00:00:00", "type": "nessus", "title": "Debian DSA-4486-1 : openjdk-11 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjdk-11", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4486.NASL", "href": "https://www.tenable.com/plugins/nessus/126967", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4486. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126967);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-2745\", \"CVE-2019-2762\", \"CVE-2019-2769\", \"CVE-2019-2786\", \"CVE-2019-2816\", \"CVE-2019-2818\", \"CVE-2019-2821\");\n script_xref(name:\"DSA\", value:\"4486\");\n\n script_name(english:\"Debian DSA-4486-1 : openjdk-11 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the OpenJDK Java\nruntime, resulting in information disclosure, denial of service or\nbypass of sandbox restrictions. In addition the implementation of\nelliptic curve cryptography was modernised.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openjdk-11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/openjdk-11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4486\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the openjdk-11 packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 11.0.4+11-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-dbg\", reference:\"11.0.4+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-demo\", reference:\"11.0.4+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-doc\", reference:\"11.0.4+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-jdk\", reference:\"11.0.4+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-jdk-headless\", reference:\"11.0.4+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-jre\", reference:\"11.0.4+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-jre-headless\", reference:\"11.0.4+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-jre-zero\", reference:\"11.0.4+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-source\", reference:\"11.0.4+11-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:27:05", "description": "Security Fix(es) :\n\n - OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n - OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n - OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n - OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n - OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821)\n\n - OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\n - OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818)", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-11-openjdk on SL7.x x86_64 (20190722)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-11-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-debug", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-demo-debug", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-devel-debug", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-headless", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-headless-debug", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-javadoc-debug", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-javadoc-zip", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-javadoc-zip-debug", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-jmods", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-jmods-debug", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-src", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-src-debug", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190722_JAVA_11_OPENJDK_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/126944", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126944);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-2745\", \"CVE-2019-2762\", \"CVE-2019-2769\", \"CVE-2019-2786\", \"CVE-2019-2816\", \"CVE-2019-2818\", \"CVE-2019-2821\");\n\n script_name(english:\"Scientific Linux Security Update : java-11-openjdk on SL7.x x86_64 (20190722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - OpenJDK: Side-channel attack risks in Elliptic Curve\n (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n - OpenJDK: Insufficient checks of suppressed exceptions in\n deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n - OpenJDK: Unbounded memory allocation during\n deserialization in Collections (Utilities, 8213432)\n (CVE-2019-2769)\n\n - OpenJDK: Missing URL format validation (Networking,\n 8221518) (CVE-2019-2816)\n\n - OpenJDK: Incorrect handling of certificate status\n messages during TLS handshake (JSSE, 8222678)\n (CVE-2019-2821)\n\n - OpenJDK: Insufficient restriction of privileges in\n AccessController (Security, 8216381) (CVE-2019-2786)\n\n - OpenJDK: Non-constant time comparison in ChaCha20Cipher\n (Security, 8221344) (CVE-2019-2818)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1907&L=SCIENTIFIC-LINUX-ERRATA&P=6841\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59422e09\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-jmods\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-jmods-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-debug-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-debuginfo-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-demo-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-demo-debug-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-devel-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-devel-debug-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-headless-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-headless-debug-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-debug-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-zip-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-zip-debug-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-jmods-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-jmods-debug-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-src-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-src-debug-11.0.4.11-0.el7_6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-11-openjdk / java-11-openjdk-debug / java-11-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:09", "description": "An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\n* OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "RHEL 7 : java-11-openjdk (RHSA-2019:1810)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-11-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-debug", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-demo-debug", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel-debug", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless-debug", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-debug", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-zip", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-zip-debug", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-jmods", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-jmods-debug", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-src-debug", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2019-1810.NASL", "href": "https://www.tenable.com/plugins/nessus/126939", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1810. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126939);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2818\",\n \"CVE-2019-2821\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1810\");\n\n script_name(english:\"RHEL 7 : java-11-openjdk (RHSA-2019:1810)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-11-openjdk is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-11-openjdk packages provide the OpenJDK 11 Java Runtime\nEnvironment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Incorrect handling of certificate status messages during\nTLS handshake (JSSE, 8222678) (CVE-2019-2821)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\n* OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security,\n8221344) (CVE-2019-2818)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2821\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-jmods\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-jmods-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1810\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-debuginfo-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-debuginfo-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-debuginfo-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-demo-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-demo-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-demo-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-demo-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-demo-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-demo-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-devel-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-devel-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-devel-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-devel-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-devel-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-devel-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-headless-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-headless-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-headless-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-headless-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-headless-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-headless-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-javadoc-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-javadoc-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-javadoc-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-javadoc-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-javadoc-zip-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-javadoc-zip-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-zip-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-javadoc-zip-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-javadoc-zip-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-zip-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-jmods-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-jmods-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-jmods-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-jmods-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-jmods-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-jmods-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-src-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-src-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-src-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-11-openjdk-src-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-11-openjdk-src-debug-11.0.4.11-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-src-debug-11.0.4.11-0.el7_6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-11-openjdk / java-11-openjdk-debug / java-11-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:09", "description": "An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\n* OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "RHEL 8 : java-11-openjdk (RHSA-2019:1817)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-11-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-debugsource", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel-slowdebug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless-slowdebug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-zip", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-jmods", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-slowdebug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-src", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "REDHAT-RHSA-2019-1817.NASL", "href": "https://www.tenable.com/plugins/nessus/126943", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1817. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126943);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2818\",\n \"CVE-2019-2821\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1817\");\n\n script_name(english:\"RHEL 8 : java-11-openjdk (RHSA-2019:1817)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-11-openjdk is now available for Red Hat Enterprise\nLinux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-11-openjdk packages provide the OpenJDK 11 Java Runtime\nEnvironment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Incorrect handling of certificate status messages during\nTLS handshake (JSSE, 8222678) (CVE-2019-2821)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\n* OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security,\n8221344) (CVE-2019-2818)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2821\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel-slowdebug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless-slowdebug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-jmods\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-slowdebug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1817\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-11-openjdk-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-11-openjdk-debuginfo-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-debuginfo-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-11-openjdk-debugsource-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-debugsource-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-11-openjdk-demo-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-demo-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-11-openjdk-devel-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-devel-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-11-openjdk-devel-debuginfo-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-devel-debuginfo-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-11-openjdk-devel-slowdebug-debuginfo-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-devel-slowdebug-debuginfo-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-11-openjdk-headless-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-headless-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-11-openjdk-headless-debuginfo-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-headless-debuginfo-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-11-openjdk-headless-slowdebug-debuginfo-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-headless-slowdebug-debuginfo-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-11-openjdk-javadoc-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-11-openjdk-javadoc-zip-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-zip-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-11-openjdk-jmods-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-jmods-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-11-openjdk-slowdebug-debuginfo-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-slowdebug-debuginfo-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-11-openjdk-src-11.0.4.11-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-src-11.0.4.11-0.el8_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-11-openjdk / java-11-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:58", "description": "An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\n* OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-25T00:00:00", "type": "nessus", "title": "CentOS 7 : java-11-openjdk (CESA-2019:1810)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-11-openjdk", "p-cpe:/a:centos:centos:java-11-openjdk-debug", "p-cpe:/a:centos:centos:java-11-openjdk-demo", "p-cpe:/a:centos:centos:java-11-openjdk-demo-debug", "p-cpe:/a:centos:centos:java-11-openjdk-devel", "p-cpe:/a:centos:centos:java-11-openjdk-devel-debug", "p-cpe:/a:centos:centos:java-11-openjdk-headless", "p-cpe:/a:centos:centos:java-11-openjdk-headless-debug", "p-cpe:/a:centos:centos:java-11-openjdk-javadoc", "p-cpe:/a:centos:centos:java-11-openjdk-javadoc-debug", "p-cpe:/a:centos:centos:java-11-openjdk-javadoc-zip", "p-cpe:/a:centos:centos:java-11-openjdk-javadoc-zip-debug", "p-cpe:/a:centos:centos:java-11-openjdk-jmods", "p-cpe:/a:centos:centos:java-11-openjdk-jmods-debug", "p-cpe:/a:centos:centos:java-11-openjdk-src", "p-cpe:/a:centos:centos:java-11-openjdk-src-debug", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-1810.NASL", "href": "https://www.tenable.com/plugins/nessus/126989", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1810 and \n# CentOS Errata and Security Advisory 2019:1810 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126989);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2818\",\n \"CVE-2019-2821\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1810\");\n\n script_name(english:\"CentOS 7 : java-11-openjdk (CESA-2019:1810)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-11-openjdk is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-11-openjdk packages provide the OpenJDK 11 Java Runtime\nEnvironment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Incorrect handling of certificate status messages during\nTLS handshake (JSSE, 8222678) (CVE-2019-2821)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\n* OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security,\n8221344) (CVE-2019-2818)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n # https://lists.centos.org/pipermail/centos-announce/2019-July/023371.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ef8f501a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-11-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-jmods\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-jmods-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-debug-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-demo-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-demo-debug-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-devel-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-devel-debug-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-headless-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-headless-debug-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-debug-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-zip-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-zip-debug-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-jmods-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-jmods-debug-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-src-11.0.4.11-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-11-openjdk-src-debug-11.0.4.11-0.el7_6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-11-openjdk / java-11-openjdk-debug / java-11-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:27:05", "description": "From Red Hat Security Advisory 2019:1810 :\n\nAn update for java-11-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\n* OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : java-11-openjdk (ELSA-2019-1810)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-11-openjdk", "p-cpe:/a:oracle:linux:java-11-openjdk-debug", "p-cpe:/a:oracle:linux:java-11-openjdk-demo", "p-cpe:/a:oracle:linux:java-11-openjdk-demo-debug", "p-cpe:/a:oracle:linux:java-11-openjdk-devel", "p-cpe:/a:oracle:linux:java-11-openjdk-devel-debug", "p-cpe:/a:oracle:linux:java-11-openjdk-headless", "p-cpe:/a:oracle:linux:java-11-openjdk-headless-debug", "p-cpe:/a:oracle:linux:java-11-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-11-openjdk-javadoc-debug", "p-cpe:/a:oracle:linux:java-11-openjdk-javadoc-zip", "p-cpe:/a:oracle:linux:java-11-openjdk-javadoc-zip-debug", "p-cpe:/a:oracle:linux:java-11-openjdk-jmods", "p-cpe:/a:oracle:linux:java-11-openjdk-jmods-debug", "p-cpe:/a:oracle:linux:java-11-openjdk-src", "p-cpe:/a:oracle:linux:java-11-openjdk-src-debug", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2019-1810.NASL", "href": "https://www.tenable.com/plugins/nessus/126936", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1810 and \n# Oracle Linux Security Advisory ELSA-2019-1810 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126936);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2818\",\n \"CVE-2019-2821\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1810\");\n\n script_name(english:\"Oracle Linux 7 : java-11-openjdk (ELSA-2019-1810)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:1810 :\n\nAn update for java-11-openjdk is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-11-openjdk packages provide the OpenJDK 11 Java Runtime\nEnvironment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Incorrect handling of certificate status messages during\nTLS handshake (JSSE, 8222678) (CVE-2019-2821)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\n* OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security,\n8221344) (CVE-2019-2818)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-July/008908.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-11-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-jmods\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-jmods-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-11.0.4.11-0.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-debug-11.0.4.11-0.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-demo-11.0.4.11-0.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-demo-debug-11.0.4.11-0.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-devel-11.0.4.11-0.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-devel-debug-11.0.4.11-0.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-headless-11.0.4.11-0.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-headless-debug-11.0.4.11-0.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-11.0.4.11-0.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-debug-11.0.4.11-0.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-zip-11.0.4.11-0.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-zip-debug-11.0.4.11-0.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-jmods-11.0.4.11-0.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-jmods-debug-11.0.4.11-0.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-src-11.0.4.11-0.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-src-debug-11.0.4.11-0.0.1.el7_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-11-openjdk / java-11-openjdk-debug / java-11-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:22:40", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:1817 advisory.\n\n - OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n - OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n - OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n - OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\n - OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n - OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818)\n\n - OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : java-11-openjdk (CESA-2019:1817)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:java-11-openjdk", "p-cpe:/a:centos:centos:java-11-openjdk-demo", "p-cpe:/a:centos:centos:java-11-openjdk-devel", "p-cpe:/a:centos:centos:java-11-openjdk-headless", "p-cpe:/a:centos:centos:java-11-openjdk-javadoc", "p-cpe:/a:centos:centos:java-11-openjdk-javadoc-zip", "p-cpe:/a:centos:centos:java-11-openjdk-jmods", "p-cpe:/a:centos:centos:java-11-openjdk-src"], "id": "CENTOS8_RHSA-2019-1817.NASL", "href": "https://www.tenable.com/plugins/nessus/145663", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:1817. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145663);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2818\",\n \"CVE-2019-2821\"\n );\n script_bugtraq_id(\n 109184,\n 109185,\n 109186,\n 109187,\n 109188,\n 109201,\n 109210\n );\n script_xref(name:\"RHSA\", value:\"2019:1817\");\n\n script_name(english:\"CentOS 8 : java-11-openjdk (CESA-2019:1817)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:1817 advisory.\n\n - OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n - OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)\n (CVE-2019-2762)\n\n - OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432)\n (CVE-2019-2769)\n\n - OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\n - OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n - OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818)\n\n - OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678)\n (CVE-2019-2821)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1817\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-jmods\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-src\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'java-11-openjdk-11.0.4.11-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-11.0.4.11-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-demo-11.0.4.11-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-demo-11.0.4.11-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-devel-11.0.4.11-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-devel-11.0.4.11-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-headless-11.0.4.11-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-headless-11.0.4.11-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-javadoc-11.0.4.11-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-javadoc-11.0.4.11-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-javadoc-zip-11.0.4.11-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-javadoc-zip-11.0.4.11-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-jmods-11.0.4.11-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-jmods-11.0.4.11-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-src-11.0.4.11-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-src-11.0.4.11-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-11-openjdk / java-11-openjdk-demo / java-11-openjdk-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:20", "description": "From Red Hat Security Advisory 2019:1817 :\n\nAn update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\n* OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : java-11-openjdk (ELSA-2019-1817)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-11-openjdk", "p-cpe:/a:oracle:linux:java-11-openjdk-demo", "p-cpe:/a:oracle:linux:java-11-openjdk-devel", "p-cpe:/a:oracle:linux:java-11-openjdk-headless", "p-cpe:/a:oracle:linux:java-11-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-11-openjdk-javadoc-zip", "p-cpe:/a:oracle:linux:java-11-openjdk-jmods", "p-cpe:/a:oracle:linux:java-11-openjdk-src", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-1817.NASL", "href": "https://www.tenable.com/plugins/nessus/127602", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1817 and \n# Oracle Linux Security Advisory ELSA-2019-1817 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127602);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2818\",\n \"CVE-2019-2821\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1817\");\n\n script_name(english:\"Oracle Linux 8 : java-11-openjdk (ELSA-2019-1817)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:1817 :\n\nAn update for java-11-openjdk is now available for Red Hat Enterprise\nLinux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-11-openjdk packages provide the OpenJDK 11 Java Runtime\nEnvironment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Incorrect handling of certificate status messages during\nTLS handshake (JSSE, 8222678) (CVE-2019-2821)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\n* OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security,\n8221344) (CVE-2019-2818)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-August/008986.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-11-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-jmods\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-11-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-11.0.4.11-0.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-demo-11.0.4.11-0.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-devel-11.0.4.11-0.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-headless-11.0.4.11-0.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-11.0.4.11-0.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-zip-11.0.4.11-0.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-jmods-11.0.4.11-0.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-11-openjdk-src-11.0.4.11-0.el8_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-11-openjdk / java-11-openjdk-demo / java-11-openjdk-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:12:24", "description": "The version of OpenJDK installed on the remote host is prior to 7 <= 7u221 / 8 <= 8u212 / 11.0.0 <= 11.0.3 / 12.0.0 <= 12.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019-07-16 advisory.\n\nPlease Note: Java CVEs do not always include OpenJDK versions, but are confirmed separately by Tenable using the patch versions from the referenced OpenJDK security advisory.\n\n - png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. (CVE-2019-7317)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). (CVE-2019-2821)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).\n Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded:\n 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2019-2762, CVE-2019-2769)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE.\n Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (CVE-2019-2745)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).\n Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded:\n 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). (CVE-2019-2816)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2019-2842)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).\n Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). (CVE-2019-2786)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2019-2818)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).\n Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded:\n 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2019-2766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-07T00:00:00", "type": "nessus", "title": "OpenJDK 7 <= 7u221 / 8 <= 8u212 / 11.0.0 <= 11.0.3 / 12.0.0 <= 12.0.1 Multiple Vulnerabilities (2019-07-16)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821", "CVE-2019-2842", "CVE-2019-7317"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:openjdk"], "id": "OPENJDK_2019-07-16.NASL", "href": "https://www.tenable.com/plugins/nessus/151215", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151215);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2766\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2818\",\n \"CVE-2019-2821\",\n \"CVE-2019-2842\",\n \"CVE-2019-7317\"\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0164-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"OpenJDK 7 <= 7u221 / 8 <= 8u212 / 11.0.0 <= 11.0.3 / 12.0.0 <= 12.0.1 Multiple Vulnerabilities (2019-07-16)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"OpenJDK is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenJDK installed on the remote host is prior to 7 <= 7u221 / 8 <= 8u212 / 11.0.0 <= 11.0.3 / 12.0.0 <=\n12.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019-07-16 advisory.\n\nPlease Note: Java CVEs do not always include OpenJDK versions, but are confirmed separately by Tenable using the patch\nversions from the referenced OpenJDK security advisory.\n\n - png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function\n is called under png_safe_execute. (CVE-2019-7317)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are\n affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated\n attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction\n from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized\n access to critical data or complete access to all Java SE accessible data. Note: This vulnerability\n applies to Java deployments, typically in clients running sandboxed Java Web Start applications or\n sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the\n internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java\n deployments, typically in servers, that load and run only trusted code (e.g., code installed by an\n administrator). CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). (CVE-2019-2821)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).\n Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded:\n 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web\n Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code\n that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2019-2762, CVE-2019-2769)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that\n are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows\n unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE.\n Successful attacks of this vulnerability can result in unauthorized access to critical data or complete\n access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in\n clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through\n a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS\n Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (CVE-2019-2745)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).\n Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded:\n 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well\n as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). (CVE-2019-2816)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that\n is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2019-2842)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).\n Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a\n person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may\n significantly impact additional products. Successful attacks of this vulnerability can result in\n unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). (CVE-2019-2786)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that\n are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated\n attacker with network access via multiple protocols to compromise Java SE. Successful attacks require\n human interaction from a person other than the attacker. Successful attacks of this vulnerability can\n result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability\n applies to Java deployments, typically in clients running sandboxed Java Web Start applications or\n sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the\n internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java\n deployments, typically in servers, that load and run only trusted code (e.g., code installed by an\n administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2019-2818)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).\n Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded:\n 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a\n person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read\n access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java\n deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets\n (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the\n Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified\n Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1\n (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2019-2766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://openjdk.java.net/groups/vulnerability/advisories/2019-07-16\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to an OpenJDK version greater than 7u221 / 8u212 / 11.0.3 / 12.0.1\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:openjdk\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adoptopenjdk_nix_installed.nbin\", \"adoptopenjdk_win_installed.nbin\", \"openjdk_win_installed.nbin\", \"openjdk_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Java\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_list = [\n 'OpenJDK Java',\n 'AdoptOpenJDK'\n];\n\nvar app_info = vcf::java::get_app_info(app:app_list);\n\nvar constraints = [\n { 'min_version' : '7.0.0', 'max_version' : '7.0.221', 'fixed_display' : 'Upgrade to a version greater than 7u221' },\n { 'min_version' : '8.0.0', 'max_version' : '8.0.212', 'fixed_display' : 'Upgrade to a version greater than 8u212' },\n { 'min_version' : '11.0.0', 'max_version' : '11.0.3', 'fixed_display' : 'Upgrade to a version greater than 11.0.3' },\n { 'min_version' : '12.0.0', 'max_version' : '12.0.1', 'fixed_display' : 'Upgrade to a version greater than 12.0.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:35", "description": "The version of Amazon Corretto installed on the remote host is prior to 11 < 11.0.4.11.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-11-2019-Jul-16 advisory.\n\n - Security (CVE-2019-2745, CVE-2019-2786, CVE-2019-2818)\n\n - Utilities (CVE-2019-2762, CVE-2019-2769)\n\n - Networking (CVE-2019-2766, CVE-2019-2816)\n\n - JSSE (CVE-2019-2821)\n\n - AWT (libpng) (CVE-2019-7317)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-01T00:00:00", "type": "nessus", "title": "Amazon Corretto Java 11.x < 11.0.4.11.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821", "CVE-2019-7317"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:amazon:corretto"], "id": "AMAZON_CORRETTO_11_0_4_11_1.NASL", "href": "https://www.tenable.com/plugins/nessus/159436", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159436);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2766\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2818\",\n \"CVE-2019-2821\",\n \"CVE-2019-7317\"\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0164-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Amazon Corretto Java 11.x < 11.0.4.11.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Amazon Corretto is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Amazon Corretto installed on the remote host is prior to 11 < 11.0.4.11.1. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the corretto-11-2019-Jul-16 advisory.\n\n - Security (CVE-2019-2745, CVE-2019-2786, CVE-2019-2818)\n\n - Utilities (CVE-2019-2762, CVE-2019-2769)\n\n - Networking (CVE-2019-2766, CVE-2019-2816)\n\n - JSSE (CVE-2019-2821)\n\n - AWT (libpng) (CVE-2019-7317)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/corretto/corretto-11/blob/develop/CHANGELOG.md#july-2019-critical-patch-update-corretto-version-1104111\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a25d0c6c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Amazon Corretto Java 11.0.4.11.1 or later\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:amazon:corretto\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"amazon_corretto_win_installed.nbin\", \"amazon_corretto_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Java\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_list = ['Amazon Corretto Java'];\nvar app_info = vcf::java::get_app_info(app:app_list);\n\nvar constraints = [\n { 'min_version' : '11.0', 'fixed_version' : '11.0.4.11.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:51", "description": "This update for java-11-openjdk to version jdk-11.0.4+11 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-2745: Improved ECC Implementation (bsc#1141784).\n\nCVE-2019-2762: Exceptional throw cases (bsc#1141782).\n\nCVE-2019-2766: Improve file protocol handling (bsc#1141789).\n\nCVE-2019-2769: Better copies of CopiesList (bsc#1141783).\n\nCVE-2019-2786: More limited privilege usage (bsc#1141787).\n\nCVE-2019-7317: Improve PNG support options (bsc#1141780).\n\nCVE-2019-2818: Better Poly1305 support (bsc#1141788).\n\nCVE-2019-2816: Normalize normalization (bsc#1141785).\n\nCVE-2019-2821: Improve TLS negotiation (bsc#1141781).\n\nCertificate validation improvements\n\nNon-security issues fixed: Do not fail installation when the manpages are not present (bsc#1115375)\n\nBackport upstream fix for JDK-8208602: Cannot read PEM X.509 cert if there is whitespace after the header or footer (bsc#1140461)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2019:2002-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821", "CVE-2019-7317"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-11-openjdk", "p-cpe:/a:novell:suse_linux:java-11-openjdk-accessibility", "p-cpe:/a:novell:suse_linux:java-11-openjdk-accessibility-debuginfo", "p-cpe:/a:novell:suse_linux:java-11-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-11-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-11-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-11-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-11-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-11-openjdk-jmods", "p-cpe:/a:novell:suse_linux:java-11-openjdk-src", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2002-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127745", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2002-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127745);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2766\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2818\",\n \"CVE-2019-2821\",\n \"CVE-2019-7317\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2019:2002-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for java-11-openjdk to version jdk-11.0.4+11 fixes the\nfollowing issues :\n\nSecurity issues fixed :\n\nCVE-2019-2745: Improved ECC Implementation (bsc#1141784).\n\nCVE-2019-2762: Exceptional throw cases (bsc#1141782).\n\nCVE-2019-2766: Improve file protocol handling (bsc#1141789).\n\nCVE-2019-2769: Better copies of CopiesList (bsc#1141783).\n\nCVE-2019-2786: More limited privilege usage (bsc#1141787).\n\nCVE-2019-7317: Improve PNG support options (bsc#1141780).\n\nCVE-2019-2818: Better Poly1305 support (bsc#1141788).\n\nCVE-2019-2816: Normalize normalization (bsc#1141785).\n\nCVE-2019-2821: Improve TLS negotiation (bsc#1141781).\n\nCertificate validation improvements\n\nNon-security issues fixed: Do not fail installation when the manpages\nare not present (bsc#1115375)\n\nBackport upstream fix for JDK-8208602: Cannot read PEM X.509 cert if\nthere is whitespace after the header or footer (bsc#1140461)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141783\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2745/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2762/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2766/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2769/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2816/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2818/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2821/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7317/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192002-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f8a969cd\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2002=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-2002=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-2002=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-2002=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-accessibility-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-jmods\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-accessibility-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-accessibility-debuginfo-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-debuginfo-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-debugsource-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-demo-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-devel-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-headless-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-jmods-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-src-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-11-openjdk-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-11-openjdk-accessibility-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-11-openjdk-accessibility-debuginfo-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-11-openjdk-debuginfo-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-11-openjdk-debugsource-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-11-openjdk-demo-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-11-openjdk-devel-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-11-openjdk-headless-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-11-openjdk-jmods-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-11-openjdk-src-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-accessibility-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-accessibility-debuginfo-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-debuginfo-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-debugsource-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-demo-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-devel-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-headless-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-jmods-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-src-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-11-openjdk-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-11-openjdk-accessibility-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-11-openjdk-accessibility-debuginfo-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-11-openjdk-debuginfo-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-11-openjdk-debugsource-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-11-openjdk-demo-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-11-openjdk-devel-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-11-openjdk-headless-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-11-openjdk-jmods-11.0.4.0-3.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-11-openjdk-src-11.0.4.0-3.33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-11-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:27:06", "description": "OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nOpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\nlibpng: png_image_free in png.c in libpng has a use-after-free because png_image_free_function is called under png_safe_execute.\n(CVE-2019-7317)\n\nOpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\nOpenJDK: Insufficient permission checks for file:// URLs on Windows (Networking, 8213431) (CVE-2019-2766)\n\nOpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (\n\nCVE-2019-2818)\n\nOpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\nOpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\nOpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821)", "cvss3": {}, "published": "2019-07-24T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1246)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821", "CVE-2019-7317"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-11-amazon-corretto", "p-cpe:/a:amazon:linux:java-11-amazon-corretto-headless", "p-cpe:/a:amazon:linux:java-11-amazon-corretto-javadoc", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1246.NASL", "href": "https://www.tenable.com/plugins/nessus/126958", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1246.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126958);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2019-2745\", \"CVE-2019-2762\", \"CVE-2019-2766\", \"CVE-2019-2769\", \"CVE-2019-2786\", \"CVE-2019-2816\", \"CVE-2019-2818\", \"CVE-2019-2821\", \"CVE-2019-7317\");\n script_xref(name:\"ALAS\", value:\"2019-1246\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Amazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1246)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nOpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\nlibpng: png_image_free in png.c in libpng has a use-after-free because\npng_image_free_function is called under png_safe_execute.\n(CVE-2019-7317)\n\nOpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\nOpenJDK: Insufficient permission checks for file:// URLs on Windows\n(Networking, 8213431) (CVE-2019-2766)\n\nOpenJDK: Non-constant time comparison in ChaCha20Cipher (Security,\n8221344) (\n\nCVE-2019-2818)\n\nOpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\nOpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography\n(Security, 8208698) (CVE-2019-2745)\n\nOpenJDK: Incorrect handling of certificate status messages during TLS\nhandshake (JSSE, 8222678) (CVE-2019-2821)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1246.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update java-11-amazon-corretto' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-11-amazon-corretto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-11-amazon-corretto-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-11-amazon-corretto-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-11-amazon-corretto-11.0.4+11-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-11-amazon-corretto-headless-11.0.4+11-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-11-amazon-corretto-javadoc-11.0.4+11-1.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-11-amazon-corretto / java-11-amazon-corretto-headless / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:27:54", "description": "This update for java-11-openjdk to version jdk-11.0.4+11 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-2745: Improved ECC Implementation (bsc#1141784).\n\n - CVE-2019-2762: Exceptional throw cases (bsc#1141782).\n\n - CVE-2019-2766: Improve file protocol handling (bsc#1141789).\n\n - CVE-2019-2769: Better copies of CopiesList (bsc#1141783).\n\n - CVE-2019-2786: More limited privilege usage (bsc#1141787).\n\n - CVE-2019-7317: Improve PNG support options (bsc#1141780).\n\n - CVE-2019-2818: Better Poly1305 support (bsc#1141788).\n\n - CVE-2019-2816: Normalize normalization (bsc#1141785).\n\n - CVE-2019-2821: Improve TLS negotiation (bsc#1141781).\n\n - Certificate validation improvements\n\nNon-security issues fixed :\n\n - Do not fail installation when the manpages are not present (bsc#1115375)\n\n - Backport upstream fix for JDK-8208602: Cannot read PEM X.509 cert if there is whitespace after the header or footer (bsc#1140461)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-11-openjdk (openSUSE-2019-1916)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821", "CVE-2019-7317"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-11-openjdk", "p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility-debuginfo", "p-cpe:/a:novell:opensuse:java-11-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-11-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-11-openjdk-demo", "p-cpe:/a:novell:opensuse:java-11-openjdk-devel", "p-cpe:/a:novell:opensuse:java-11-openjdk-headless", "p-cpe:/a:novell:opensuse:java-11-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-11-openjdk-jmods", "p-cpe:/a:novell:opensuse:java-11-openjdk-src", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-1916.NASL", "href": "https://www.tenable.com/plugins/nessus/128008", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1916.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128008);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2766\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2818\",\n \"CVE-2019-2821\",\n \"CVE-2019-7317\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"openSUSE Security Update : java-11-openjdk (openSUSE-2019-1916)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for java-11-openjdk to version jdk-11.0.4+11 fixes the\nfollowing issues :\n\nSecurity issues fixed :\n\n - CVE-2019-2745: Improved ECC Implementation\n (bsc#1141784).\n\n - CVE-2019-2762: Exceptional throw cases (bsc#1141782).\n\n - CVE-2019-2766: Improve file protocol handling\n (bsc#1141789).\n\n - CVE-2019-2769: Better copies of CopiesList\n (bsc#1141783).\n\n - CVE-2019-2786: More limited privilege usage\n (bsc#1141787).\n\n - CVE-2019-7317: Improve PNG support options\n (bsc#1141780).\n\n - CVE-2019-2818: Better Poly1305 support (bsc#1141788).\n\n - CVE-2019-2816: Normalize normalization (bsc#1141785).\n\n - CVE-2019-2821: Improve TLS negotiation (bsc#1141781).\n\n - Certificate validation improvements\n\nNon-security issues fixed :\n\n - Do not fail installation when the manpages are not\n present (bsc#1115375)\n\n - Backport upstream fix for JDK-8208602: Cannot read PEM\n X.509 cert if there is whitespace after the header or\n footer (bsc#1140461)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141783\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141789\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-11-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-jmods\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-11.0.4.0-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-accessibility-debuginfo-11.0.4.0-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-debuginfo-11.0.4.0-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-debugsource-11.0.4.0-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-demo-11.0.4.0-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-devel-11.0.4.0-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-headless-11.0.4.0-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-src-11.0.4.0-lp151.3.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-11-openjdk / java-11-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:19:31", "description": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2769)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2019-2816)\n\nVulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts).\nCVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2019-2745)\n\nVulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2842)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).(CVE-2019-2786)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2762)", "cvss3": {}, "published": "2019-08-28T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2019-1269)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.8.0-openjdk", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1269.NASL", "href": "https://www.tenable.com/plugins/nessus/128292", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1269.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128292);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-2745\", \"CVE-2019-2762\", \"CVE-2019-2769\", \"CVE-2019-2786\", \"CVE-2019-2816\", \"CVE-2019-2842\");\n script_xref(name:\"ALAS\", value:\"2019-1269\");\n\n script_name(english:\"Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2019-1269)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Vulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Utilities). Supported versions that are\naffected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE\nEmbedded: 8u211. Easily exploitable vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a partial\ndenial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2769)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Networking). Supported versions that are\naffected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE\nEmbedded: 8u211. Difficult to exploit vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Java SE, Java SE Embedded accessible data as well as\nunauthorized read access to a subset of Java SE, Java SE Embedded\naccessible data. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets (in Java SE 8), that load and run untrusted\ncode (e.g., code that comes from the internet) and rely on the Java\nsandbox for security. This vulnerability can also be exploited by\nusing APIs in the specified Component, e.g., through a web service\nwhich supplies data to the APIs. CVSS 3.0 Base Score 4.8\n(Confidentiality and Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2019-2816)\n\nVulnerability in the Java SE component of Oracle Java SE\n(subcomponent: Security). Supported versions that are affected are\nJava SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability\nallows unauthenticated attacker with logon to the infrastructure where\nJava SE executes to compromise Java SE. Successful attacks of this\nvulnerability can result in unauthorized access to critical data or\ncomplete access to all Java SE accessible data. Note: This\nvulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts).\nCVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2019-2745)\n\nVulnerability in the Java SE component of Oracle Java SE\n(subcomponent: JCE). The supported version that is affected is Java\nSE: 8u212. Difficult to exploit vulnerability allows unauthenticated\nattacker with network access via multiple protocols to compromise Java\nSE. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a partial denial of service (partial\nDOS) of Java SE. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets (in Java SE 8), that load and run untrusted\ncode (e.g., code that comes from the internet) and rely on the Java\nsandbox for security. This vulnerability can also be exploited by\nusing APIs in the specified Component, e.g., through a web service\nwhich supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2842)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Security). Supported versions that are affected\nare Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via multiple protocols to compromise Java SE, Java\nSE Embedded. Successful attacks require human interaction from a\nperson other than the attacker and while the vulnerability is in Java\nSE, Java SE Embedded, attacks may significantly impact additional\nproducts. Successful attacks of this vulnerability can result in\nunauthorized read access to a subset of Java SE, Java SE Embedded\naccessible data. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets (in Java SE 8), that load and run untrusted\ncode (e.g., code that comes from the internet) and rely on the Java\nsandbox for security. This vulnerability can also be exploited by\nusing APIs in the specified Component, e.g., through a web service\nwhich supplies data to the APIs. CVSS 3.0 Base Score 3.4\n(Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).(CVE-2019-2786)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Utilities). Supported versions that are\naffected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE\nEmbedded: 8u211. Easily exploitable vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a partial\ndenial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2762)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1269.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update java-1.8.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.222.b10-0.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.222.b10-0.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.47.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:57", "description": "An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : java-1.7.0-openjdk / etc (VZLSA-2019-1839)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk", "p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-accessibility", "p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-demo", "p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-devel", "p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-headless", "p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-javadoc", "p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-src", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2019-1839.NASL", "href": "https://www.tenable.com/plugins/nessus/144227", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144227);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n\n script_name(english:\"Virtuozzo 7 : java-1.7.0-openjdk / etc (VZLSA-2019-1839)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2019-1839.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c81449b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1839\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.7.0-openjdk / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"java-1.7.0-openjdk-1.7.0.231-2.6.19.1.vl7\",\n \"java-1.7.0-openjdk-accessibility-1.7.0.231-2.6.19.1.vl7\",\n \"java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.vl7\",\n \"java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.vl7\",\n \"java-1.7.0-openjdk-headless-1.7.0.231-2.6.19.1.vl7\",\n \"java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.vl7\",\n \"java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:50", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:1816 advisory.\n\n - OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n - OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n - OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n - OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\n - OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n - OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : java-1.8.0-openjdk (CESA-2019:1816)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:java-1.8.0-openjdk", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src"], "id": "CENTOS8_RHSA-2019-1816.NASL", "href": "https://www.tenable.com/plugins/nessus/145650", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:1816. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145650);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n script_bugtraq_id(\n 109185,\n 109186,\n 109187,\n 109188,\n 109201,\n 109206\n );\n script_xref(name:\"RHSA\", value:\"2019:1816\");\n\n script_name(english:\"CentOS 8 : java-1.8.0-openjdk (CESA-2019:1816)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:1816 advisory.\n\n - OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n - OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)\n (CVE-2019-2762)\n\n - OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432)\n (CVE-2019-2769)\n\n - OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\n - OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n - OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1816\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'java-1.8.0-openjdk-1.8.0.222.b10-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-1.8.0.222.b10-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.222.b10-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.222.b10-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.222.b10-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.222.b10-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.222.b10-0.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.222.b10-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:36", "description": "An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : java-1.8.0-openjdk / etc (VZLSA-2019-1815)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-accessibility", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-demo", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-devel", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-headless", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-src", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-src-debug", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2019-1815.NASL", "href": "https://www.tenable.com/plugins/nessus/144243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144243);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n\n script_name(english:\"Virtuozzo 7 : java-1.8.0-openjdk / etc (VZLSA-2019-1815)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2019-1815.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f5fa48d6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1815\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.8.0-openjdk / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"java-1.8.0-openjdk-1.8.0.222.b10-0.vl7\",\n \"java-1.8.0-openjdk-accessibility-1.8.0.222.b10-0.vl7\",\n \"java-1.8.0-openjdk-accessibility-debug-1.8.0.222.b10-0.vl7\",\n \"java-1.8.0-openjdk-debug-1.8.0.222.b10-0.vl7\",\n \"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.vl7\",\n \"java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.vl7\",\n \"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.vl7\",\n \"java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.vl7\",\n \"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.vl7\",\n \"java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.vl7\",\n \"java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.vl7\",\n \"java-1.8.0-openjdk-javadoc-debug-1.8.0.222.b10-0.vl7\",\n \"java-1.8.0-openjdk-javadoc-zip-1.8.0.222.b10-0.vl7\",\n \"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.222.b10-0.vl7\",\n \"java-1.8.0-openjdk-src-1.8.0.222.b10-0.vl7\",\n \"java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:32", "description": "Security Fix(es) :\n\n - OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n - OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n - OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n - OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n - OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n - OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20190722)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-debug", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip"], "id": "SL_20190722_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/126946", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126946);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-2745\", \"CVE-2019-2762\", \"CVE-2019-2769\", \"CVE-2019-2786\", \"CVE-2019-2816\", \"CVE-2019-2842\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20190722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - OpenJDK: Side-channel attack risks in Elliptic Curve\n (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n - OpenJDK: Insufficient checks of suppressed exceptions in\n deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n - OpenJDK: Unbounded memory allocation during\n deserialization in Collections (Utilities, 8213432)\n (CVE-2019-2769)\n\n - OpenJDK: Missing URL format validation (Networking,\n 8221518) (CVE-2019-2816)\n\n - OpenJDK: Missing array bounds check in crypto providers\n (JCE, 8223511) (CVE-2019-2842)\n\n - OpenJDK: Insufficient restriction of privileges in\n AccessController (Security, 8216381) (CVE-2019-2786)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1907&L=SCIENTIFIC-LINUX-ERRATA&P=7282\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97e6013a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:32", "description": "Security Fix(es) :\n\n - OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n - OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n - OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n - OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n - OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n - OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20190722)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src-debug", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190722_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/126945", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126945);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-2745\", \"CVE-2019-2762\", \"CVE-2019-2769\", \"CVE-2019-2786\", \"CVE-2019-2816\", \"CVE-2019-2842\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20190722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - OpenJDK: Side-channel attack risks in Elliptic Curve\n (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n - OpenJDK: Insufficient checks of suppressed exceptions in\n deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n - OpenJDK: Unbounded memory allocation during\n deserialization in Collections (Utilities, 8213432)\n (CVE-2019-2769)\n\n - OpenJDK: Missing URL format validation (Networking,\n 8221518) (CVE-2019-2816)\n\n - OpenJDK: Missing array bounds check in crypto providers\n (JCE, 8223511) (CVE-2019-2842)\n\n - OpenJDK: Insufficient restriction of privileges in\n AccessController (Security, 8216381) (CVE-2019-2786)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1907&L=SCIENTIFIC-LINUX-ERRATA&P=7712\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45d6a85b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-debug-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.el6_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:10", "description": "Security Fix(es) :\n\n - OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n - OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n - OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n - OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n - OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n - OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)", "cvss3": {}, "published": "2019-07-24T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20190723)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190723_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/126974", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126974);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-2745\", \"CVE-2019-2762\", \"CVE-2019-2769\", \"CVE-2019-2786\", \"CVE-2019-2816\", \"CVE-2019-2842\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20190723)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - OpenJDK: Side-channel attack risks in Elliptic Curve\n (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n - OpenJDK: Insufficient checks of suppressed exceptions in\n deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n - OpenJDK: Unbounded memory allocation during\n deserialization in Collections (Utilities, 8213432)\n (CVE-2019-2769)\n\n - OpenJDK: Missing URL format validation (Networking,\n 8221518) (CVE-2019-2816)\n\n - OpenJDK: Missing array bounds check in crypto providers\n (JCE, 8223511) (CVE-2019-2842)\n\n - OpenJDK: Insufficient restriction of privileges in\n AccessController (Security, 8216381) (CVE-2019-2786)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1907&L=SCIENTIFIC-LINUX-ERRATA&P=8148\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?19bcf422\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:32", "description": "An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.8.0-openjdk (RHSA-2019:1811)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src-debug", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-1811.NASL", "href": "https://www.tenable.com/plugins/nessus/126940", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1811. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126940);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1811\");\n\n script_name(english:\"RHEL 6 : java-1.8.0-openjdk (RHSA-2019:1811)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2842\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1811\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-debug-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.el6_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:32", "description": "An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "RHEL 7 : java-1.8.0-openjdk (RHSA-2019:1815)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src-debug", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2019-1815.NASL", "href": "https://www.tenable.com/plugins/nessus/126941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1815. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126941);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1815\");\n\n script_name(english:\"RHEL 7 : java-1.8.0-openjdk (RHSA-2019:1815)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2842\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1815\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:48", "description": "An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "RHEL 8 : java-1.8.0-openjdk (RHSA-2019:1816)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debugsource", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-slowdebug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-slowdebug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-slowdebug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-slowdebug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "REDHAT-RHSA-2019-1816.NASL", "href": "https://www.tenable.com/plugins/nessus/126942", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1816. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126942);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1816\");\n\n script_name(english:\"RHEL 8 : java-1.8.0-openjdk (RHSA-2019:1816)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2842\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-slowdebug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-slowdebug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-slowdebug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-slowdebug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1816\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-debugsource-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debugsource-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-demo-debuginfo-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debuginfo-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-devel-debuginfo-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debuginfo-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-headless-debuginfo-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debuginfo-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.el8_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:18", "description": "An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-24T00:00:00", "type": "nessus", "title": "RHEL 7 : java-1.7.0-openjdk (RHSA-2019:1839)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2019-1839.NASL", "href": "https://www.tenable.com/plugins/nessus/126972", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1839. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126972);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1839\");\n\n script_name(english:\"RHEL 7 : java-1.7.0-openjdk (RHSA-2019:1839)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1839\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2842\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1839\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-headless-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:10", "description": "An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-24T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.7.0-openjdk (RHSA-2019:1840)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-1840.NASL", "href": "https://www.tenable.com/plugins/nessus/126973", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1840. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126973);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1840\");\n\n script_name(english:\"RHEL 6 : java-1.7.0-openjdk (RHSA-2019:1840)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2842\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1840\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:40", "description": "The remote NewStart CGSL host, running version MAIN 4.06, has java-1.7.0-openjdk packages installed that are affected by multiple vulnerabilities:\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n (CVE-2019-2842)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts).\n CVSS Vector:\n (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).\n (CVE-2019-2745)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\n (CVE-2019-2762, CVE-2019-2769)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).\n (CVE-2019-2816)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).\n (CVE-2019-2786)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.06 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0175)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0175_JAVA-1.7.0-OPENJDK.NASL", "href": "https://www.tenable.com/plugins/nessus/128692", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0175. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128692);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 4.06 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0175)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.06, has java-1.7.0-openjdk packages installed that are affected by\nmultiple vulnerabilities:\n\n - Vulnerability in the Java SE component of Oracle Java SE\n (subcomponent: JCE). The supported version that is\n affected is Java SE: 8u212. Difficult to exploit\n vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java\n SE. Successful attacks of this vulnerability can result\n in unauthorized ability to cause a partial denial of\n service (partial DOS) of Java SE. Note: This\n vulnerability applies to Java deployments, typically in\n clients running sandboxed Java Web Start applications or\n sandboxed Java applets (in Java SE 8), that load and run\n untrusted code (e.g., code that comes from the internet)\n and rely on the Java sandbox for security. This\n vulnerability can also be exploited by using APIs in the\n specified Component, e.g., through a web service which\n supplies data to the APIs. CVSS 3.0 Base Score 3.7\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n (CVE-2019-2842)\n\n - Vulnerability in the Java SE component of Oracle Java SE\n (subcomponent: Security). Supported versions that are\n affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult\n to exploit vulnerability allows unauthenticated attacker\n with logon to the infrastructure where Java SE executes\n to compromise Java SE. Successful attacks of this\n vulnerability can result in unauthorized access to\n critical data or complete access to all Java SE\n accessible data. Note: This vulnerability applies to\n Java deployments, typically in clients running sandboxed\n Java Web Start applications or sandboxed Java applets\n (in Java SE 8), that load and run untrusted code (e.g.,\n code that comes from the internet) and rely on the Java\n sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component,\n e.g., through a web service which supplies data to the\n APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts).\n CVSS Vector:\n (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).\n (CVE-2019-2745)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: Utilities). Supported\n versions that are affected are Java SE: 7u221, 8u212,\n 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily\n exploitable vulnerability allows unauthenticated\n attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks\n of this vulnerability can result in unauthorized ability\n to cause a partial denial of service (partial DOS) of\n Java SE, Java SE Embedded. Note: This vulnerability\n applies to Java deployments, typically in clients\n running sandboxed Java Web Start applications or\n sandboxed Java applets (in Java SE 8), that load and run\n untrusted code (e.g., code that comes from the internet)\n and rely on the Java sandbox for security. This\n vulnerability can also be exploited by using APIs in the\n specified Component, e.g., through a web service which\n supplies data to the APIs. CVSS 3.0 Base Score 5.3\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\n (CVE-2019-2762, CVE-2019-2769)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: Networking). Supported\n versions that are affected are Java SE: 7u221, 8u212,\n 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to compromise\n Java SE, Java SE Embedded. Successful attacks of this\n vulnerability can result in unauthorized update, insert\n or delete access to some of Java SE, Java SE Embedded\n accessible data as well as unauthorized read access to a\n subset of Java SE, Java SE Embedded accessible data.\n Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8),\n that load and run untrusted code (e.g., code that comes\n from the internet) and rely on the Java sandbox for\n security. This vulnerability can also be exploited by\n using APIs in the specified Component, e.g., through a\n web service which supplies data to the APIs. CVSS 3.0\n Base Score 4.8 (Confidentiality and Integrity impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).\n (CVE-2019-2816)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: Security). Supported\n versions that are affected are Java SE: 8u212, 11.0.3\n and 12.0.1; Java SE Embedded: 8u211. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to compromise\n Java SE, Java SE Embedded. Successful attacks require\n human interaction from a person other than the attacker\n and while the vulnerability is in Java SE, Java SE\n Embedded, attacks may significantly impact additional\n products. Successful attacks of this vulnerability can\n result in unauthorized read access to a subset of Java\n SE, Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in\n clients running sandboxed Java Web Start applications or\n sandboxed Java applets (in Java SE 8), that load and run\n untrusted code (e.g., code that comes from the internet)\n and rely on the Java sandbox for security. This\n vulnerability can also be exploited by using APIs in the\n specified Component, e.g., through a web service which\n supplies data to the APIs. CVSS 3.0 Base Score 3.4\n (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).\n (CVE-2019-2786)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0175\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL java-1.7.0-openjdk packages. Note that updated packages may not be available yet. Please\ncontact ZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.06\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.06');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.06\": [\n \"java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10\",\n \"java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10\",\n \"java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10\",\n \"java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10\",\n \"java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10\",\n \"java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:42", "description": "The remote NewStart CGSL host, running version MAIN 4.06, has java-1.8.0-openjdk packages installed that are affected by multiple vulnerabilities:\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n (CVE-2019-2842)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts).\n CVSS Vector:\n (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).\n (CVE-2019-2745)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\n (CVE-2019-2762, CVE-2019-2769)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).\n (CVE-2019-2816)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).\n (CVE-2019-2786)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.06 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0178)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0178_JAVA-1.8.0-OPENJDK.NASL", "href": "https://www.tenable.com/plugins/nessus/128697", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0178. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128697);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 4.06 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0178)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.06, has java-1.8.0-openjdk packages installed that are affected by\nmultiple vulnerabilities:\n\n - Vulnerability in the Java SE component of Oracle Java SE\n (subcomponent: JCE). The supported version that is\n affected is Java SE: 8u212. Difficult to exploit\n vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java\n SE. Successful attacks of this vulnerability can result\n in unauthorized ability to cause a partial denial of\n service (partial DOS) of Java SE. Note: This\n vulnerability applies to Java deployments, typically in\n clients running sandboxed Java Web Start applications or\n sandboxed Java applets (in Java SE 8), that load and run\n untrusted code (e.g., code that comes from the internet)\n and rely on the Java sandbox for security. This\n vulnerability can also be exploited by using APIs in the\n specified Component, e.g., through a web service which\n supplies data to the APIs. CVSS 3.0 Base Score 3.7\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n (CVE-2019-2842)\n\n - Vulnerability in the Java SE component of Oracle Java SE\n (subcomponent: Security). Supported versions that are\n affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult\n to exploit vulnerability allows unauthenticated attacker\n with logon to the infrastructure where Java SE executes\n to compromise Java SE. Successful attacks of this\n vulnerability can result in unauthorized access to\n critical data or complete access to all Java SE\n accessible data. Note: This vulnerability applies to\n Java deployments, typically in clients running sandboxed\n Java Web Start applications or sandboxed Java applets\n (in Java SE 8), that load and run untrusted code (e.g.,\n code that comes from the internet) and rely on the Java\n sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component,\n e.g., through a web service which supplies data to the\n APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts).\n CVSS Vector:\n (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).\n (CVE-2019-2745)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: Utilities). Supported\n versions that are affected are Java SE: 7u221, 8u212,\n 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily\n exploitable vulnerability allows unauthenticated\n attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks\n of this vulnerability can result in unauthorized ability\n to cause a partial denial of service (partial DOS) of\n Java SE, Java SE Embedded. Note: This vulnerability\n applies to Java deployments, typically in clients\n running sandboxed Java Web Start applications or\n sandboxed Java applets (in Java SE 8), that load and run\n untrusted code (e.g., code that comes from the internet)\n and rely on the Java sandbox for security. This\n vulnerability can also be exploited by using APIs in the\n specified Component, e.g., through a web service which\n supplies data to the APIs. CVSS 3.0 Base Score 5.3\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\n (CVE-2019-2762, CVE-2019-2769)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: Networking). Supported\n versions that are affected are Java SE: 7u221, 8u212,\n 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to compromise\n Java SE, Java SE Embedded. Successful attacks of this\n vulnerability can result in unauthorized update, insert\n or delete access to some of Java SE, Java SE Embedded\n accessible data as well as unauthorized read access to a\n subset of Java SE, Java SE Embedded accessible data.\n Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8),\n that load and run untrusted code (e.g., code that comes\n from the internet) and rely on the Java sandbox for\n security. This vulnerability can also be exploited by\n using APIs in the specified Component, e.g., through a\n web service which supplies data to the APIs. CVSS 3.0\n Base Score 4.8 (Confidentiality and Integrity impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).\n (CVE-2019-2816)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: Security). Supported\n versions that are affected are Java SE: 8u212, 11.0.3\n and 12.0.1; Java SE Embedded: 8u211. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to compromise\n Java SE, Java SE Embedded. Successful attacks require\n human interaction from a person other than the attacker\n and while the vulnerability is in Java SE, Java SE\n Embedded, attacks may significantly impact additional\n products. Successful attacks of this vulnerability can\n result in unauthorized read access to a subset of Java\n SE, Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in\n clients running sandboxed Java Web Start applications or\n sandboxed Java applets (in Java SE 8), that load and run\n untrusted code (e.g., code that comes from the internet)\n and rely on the Java sandbox for security. This\n vulnerability can also be exploited by using APIs in the\n specified Component, e.g., through a web service which\n supplies data to the APIs. CVSS 3.0 Base Score 3.4\n (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).\n (CVE-2019-2786)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0178\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL java-1.8.0-openjdk packages. Note that updated packages may not be available yet. Please\ncontact ZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.06\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.06');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.06\": [\n \"java-1.8.0-openjdk-1.8.0.222.b10-0.el6_10\",\n \"java-1.8.0-openjdk-debug-1.8.0.222.b10-0.el6_10\",\n \"java-1.8.0-openjdk-debuginfo-1.8.0.222.b10-0.el6_10\",\n \"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el6_10\",\n \"java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.el6_10\",\n \"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el6_10\",\n \"java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.el6_10\",\n \"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el6_10\",\n \"java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.el6_10\",\n \"java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el6_10\",\n \"java-1.8.0-openjdk-javadoc-debug-1.8.0.222.b10-0.el6_10\",\n \"java-1.8.0-openjdk-src-1.8.0.222.b10-0.el6_10\",\n \"java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.el6_10\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:49", "description": "Security Fix(es) :\n\n - OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n - OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n - OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n - OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n - OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n - OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)", "cvss3": {}, "published": "2019-07-25T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20190724)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-accessibility", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-headless", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190724_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/127034", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127034);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-2745\", \"CVE-2019-2762\", \"CVE-2019-2769\", \"CVE-2019-2786\", \"CVE-2019-2816\", \"CVE-2019-2842\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20190724)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - OpenJDK: Side-channel attack risks in Elliptic Curve\n (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n - OpenJDK: Insufficient checks of suppressed exceptions in\n deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n - OpenJDK: Unbounded memory allocation during\n deserialization in Collections (Utilities, 8213432)\n (CVE-2019-2769)\n\n - OpenJDK: Missing URL format validation (Networking,\n 8221518) (CVE-2019-2816)\n\n - OpenJDK: Missing array bounds check in crypto providers\n (JCE, 8223511) (CVE-2019-2842)\n\n - OpenJDK: Insufficient restriction of privileges in\n AccessController (Security, 8216381) (CVE-2019-2786)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1907&L=SCIENTIFIC-LINUX-ERRATA&P=8583\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4330852c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.231-2.6.19.1.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.231-2.6.19.1.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:08", "description": "An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc (VZLSA-2019-1811)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-devel", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-demo", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-headless", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-src", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-src-debug", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2019-1811.NASL", "href": "https://www.tenable.com/plugins/nessus/127809", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127809);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n\n script_name(english:\"Virtuozzo 6 : java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc (VZLSA-2019-1811)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2019-1811.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ac8fdf51\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1811\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"java-1.8.0-openjdk-1.8.0.222.b10-0.vl6\",\n \"java-1.8.0-openjdk-debug-1.8.0.222.b10-0.vl6\",\n \"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.vl6\",\n \"java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.vl6\",\n \"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.vl6\",\n \"java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.vl6\",\n \"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.vl6\",\n \"java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.vl6\",\n \"java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.vl6\",\n \"java-1.8.0-openjdk-javadoc-debug-1.8.0.222.b10-0.vl6\",\n \"java-1.8.0-openjdk-src-1.8.0.222.b10-0.vl6\",\n \"java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.vl6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:56", "description": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2769)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2019-2816)\n\nVulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts).\nCVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2019-2745)\n\nVulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2842)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).(CVE-2019-2786)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2762)", "cvss3": {}, "published": "2019-08-28T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2019-1268)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.7.0-openjdk", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1268.NASL", "href": "https://www.tenable.com/plugins/nessus/128291", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1268.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128291);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-2745\", \"CVE-2019-2762\", \"CVE-2019-2769\", \"CVE-2019-2786\", \"CVE-2019-2816\", \"CVE-2019-2842\");\n script_xref(name:\"ALAS\", value:\"2019-1268\");\n\n script_name(english:\"Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2019-1268)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Vulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Utilities). Supported versions that are\naffected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE\nEmbedded: 8u211. Easily exploitable vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a partial\ndenial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2769)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Networking). Supported versions that are\naffected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE\nEmbedded: 8u211. Difficult to exploit vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Java SE, Java SE Embedded accessible data as well as\nunauthorized read access to a subset of Java SE, Java SE Embedded\naccessible data. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets (in Java SE 8), that load and run untrusted\ncode (e.g., code that comes from the internet) and rely on the Java\nsandbox for security. This vulnerability can also be exploited by\nusing APIs in the specified Component, e.g., through a web service\nwhich supplies data to the APIs. CVSS 3.0 Base Score 4.8\n(Confidentiality and Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2019-2816)\n\nVulnerability in the Java SE component of Oracle Java SE\n(subcomponent: Security). Supported versions that are affected are\nJava SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability\nallows unauthenticated attacker with logon to the infrastructure where\nJava SE executes to compromise Java SE. Successful attacks of this\nvulnerability can result in unauthorized access to critical data or\ncomplete access to all Java SE accessible data. Note: This\nvulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts).\nCVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2019-2745)\n\nVulnerability in the Java SE component of Oracle Java SE\n(subcomponent: JCE). The supported version that is affected is Java\nSE: 8u212. Difficult to exploit vulnerability allows unauthenticated\nattacker with network access via multiple protocols to compromise Java\nSE. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a partial denial of service (partial\nDOS) of Java SE. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets (in Java SE 8), that load and run untrusted\ncode (e.g., code that comes from the internet) and rely on the Java\nsandbox for security. This vulnerability can also be exploited by\nusing APIs in the specified Component, e.g., through a web service\nwhich supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2842)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Security). Supported versions that are affected\nare Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via multiple protocols to compromise Java SE, Java\nSE Embedded. Successful attacks require human interaction from a\nperson other than the attacker and while the vulnerability is in Java\nSE, Java SE Embedded, attacks may significantly impact additional\nproducts. Successful attacks of this vulnerability can result in\nunauthorized read access to a subset of Java SE, Java SE Embedded\naccessible data. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets (in Java SE 8), that load and run untrusted\ncode (e.g., code that comes from the internet) and rely on the Java\nsandbox for security. This vulnerability can also be exploited by\nusing APIs in the specified Component, e.g., through a web service\nwhich supplies data to the APIs. CVSS 3.0 Base Score 3.4\n(Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).(CVE-2019-2786)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Utilities). Supported versions that are\naffected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE\nEmbedded: 8u211. Easily exploitable vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a partial\ndenial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2762)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1268.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update java-1.7.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-1.7.0.231-2.6.19.1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.80.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:27:06", "description": "Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions. In addition the implementation of elliptic curve cryptography was modernised.", "cvss3": {}, "published": "2019-07-24T00:00:00", "type": "nessus", "title": "Debian DSA-4485-1 : openjdk-8 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjdk-8", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4485.NASL", "href": "https://www.tenable.com/plugins/nessus/126966", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4485. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126966);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-2745\", \"CVE-2019-2762\", \"CVE-2019-2769\", \"CVE-2019-2786\", \"CVE-2019-2816\", \"CVE-2019-2842\");\n script_xref(name:\"DSA\", value:\"4485\");\n\n script_name(english:\"Debian DSA-4485-1 : openjdk-8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the OpenJDK Java\nruntime, resulting in information disclosure, denial of service or\nbypass of sandbox restrictions. In addition the implementation of\nelliptic curve cryptography was modernised.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openjdk-8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/openjdk-8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4485\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the openjdk-8 packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 8u222-b10-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-dbg\", reference:\"8u222-b10-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-demo\", reference:\"8u222-b10-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-doc\", reference:\"8u222-b10-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jdk\", reference:\"8u222-b10-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jdk-headless\", reference:\"8u222-b10-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jre\", reference:\"8u222-b10-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jre-headless\", reference:\"8u222-b10-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jre-zero\", reference:\"8u222-b10-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-source\", reference:\"8u222-b10-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:47", "description": "An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-25T00:00:00", "type": "nessus", "title": "CentOS 7 : java-1.7.0-openjdk (CESA-2019:1839)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.7.0-openjdk", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-accessibility", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-headless", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-src", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-1839.NASL", "href": "https://www.tenable.com/plugins/nessus/126992", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1839 and \n# CentOS Errata and Security Advisory 2019:1839 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126992);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1839\");\n\n script_name(english:\"CentOS 7 : java-1.7.0-openjdk (CESA-2019:1839)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n # https://lists.centos.org/pipermail/centos-announce/2019-July/023372.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?01b83064\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.7.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.231-2.6.19.1.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.231-2.6.19.1.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el7_6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:47", "description": "An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-25T00:00:00", "type": "nessus", "title": "CentOS 6 : java-1.8.0-openjdk (CESA-2019:1811)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.8.0-openjdk", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2019-1811.NASL", "href": "https://www.tenable.com/plugins/nessus/126990", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1811 and \n# CentOS Errata and Security Advisory 2019:1811 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126990);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1811\");\n\n script_name(english:\"CentOS 6 : java-1.8.0-openjdk (CESA-2019:1811)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n # https://lists.centos.org/pipermail/centos-announce/2019-July/023369.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ee086160\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.8.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-debug-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.el6_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:10", "description": "An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-25T00:00:00", "type": "nessus", "title": "CentOS 6 : java-1.7.0-openjdk (CESA-2019:1840)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.7.0-openjdk", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-src", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2019-1840.NASL", "href": "https://www.tenable.com/plugins/nessus/126993", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1840 and \n# CentOS Errata and Security Advisory 2019:1840 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126993);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1840\");\n\n script_name(english:\"CentOS 6 : java-1.7.0-openjdk (CESA-2019:1840)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n # https://lists.centos.org/pipermail/centos-announce/2019-July/023370.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6fc2cb67\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.7.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:46", "description": "From Red Hat Security Advisory 2019:1815 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2019-1815)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.8.0-openjdk", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2019-1815.NASL", "href": "https://www.tenable.com/plugins/nessus/126938", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1815 and \n# Oracle Linux Security Advisory ELSA-2019-1815 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126938);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1815\");\n\n script_name(english:\"Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2019-1815)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:1815 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-July/008907.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.8.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:46", "description": "From Red Hat Security Advisory 2019:1816 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2019-1816)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.8.0-openjdk", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-1816.NASL", "href": "https://www.tenable.com/plugins/nessus/127601", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1816 and \n# Oracle Linux Security Advisory ELSA-2019-1816 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127601);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1816\");\n\n script_name(english:\"Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2019-1816)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:1816 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-August/008985.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.8.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.222.b10-0.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.222.b10-0.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.el8_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:17", "description": "From Red Hat Security Advisory 2019:1839 :\n\nAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2019-1839)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.7.0-openjdk", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-accessibility", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-headless", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2019-1839.NASL", "href": "https://www.tenable.com/plugins/nessus/126971", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1839 and \n# Oracle Linux Security Advisory ELSA-2019-1839 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126971);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1839\");\n\n script_name(english:\"Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2019-1839)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:1839 :\n\nAn update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-July/008909.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.7.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.231-2.6.19.1.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.231-2.6.19.1.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.231-2.6.19.1.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.0.1.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.0.1.el7_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:11", "description": "From Red Hat Security Advisory 2019:1840 :\n\nAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-25T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2019-1840)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.7.0-openjdk", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2019-1840.NASL", "href": "https://www.tenable.com/plugins/nessus/127031", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1840 and \n# Oracle Linux Security Advisory ELSA-2019-1840 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127031);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1840\");\n\n script_name(english:\"Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2019-1840)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:1840 :\n\nAn update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-July/008913.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.7.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-1.7.0.231-2.6.19.1.0.1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.0.1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.0.1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.0.1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.0.1.el6_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:56", "description": "From Red Hat Security Advisory 2019:1811 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2019-1811)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.8.0-openjdk", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2019-1811.NASL", "href": "https://www.tenable.com/plugins/nessus/126937", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1811 and \n# Oracle Linux Security Advisory ELSA-2019-1811 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126937);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1811\");\n\n script_name(english:\"Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2019-1811)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:1811 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-July/008906.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.8.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-debug-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.el6_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:57", "description": "An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-25T00:00:00", "type": "nessus", "title": "CentOS 7 : java-1.8.0-openjdk (CESA-2019:1815)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.8.0-openjdk", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-1815.NASL", "href": "https://www.tenable.com/plugins/nessus/126991", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1815 and \n# CentOS Errata and Security Advisory 2019:1815 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126991);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1815\");\n\n script_name(english:\"CentOS 7 : java-1.8.0-openjdk (CESA-2019:1815)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Side-channel attack risks in Elliptic Curve (EC)\ncryptography (Security, 8208698) (CVE-2019-2745)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in\ndeserialization (Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Missing array bounds check in crypto providers (JCE,\n8223511) (CVE-2019-2842)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n # https://lists.centos.org/pipermail/centos-announce/2019-July/023373.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ad978b6b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.8.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.el7_6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:54", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 231, 8 Update 221, 11 Update 4, or 12 Update 2. It is, therefore, affected by multiple vulnerabilities:\n\n - Unspecified vulnerabilities in the utilities and JCE subcomponents of Oracle Java SE, which could allow an unauthenticated remote attacker to cause a partial denial of service. (CVE-2019-2762, CVE-2019-2769, CVE-2019-2842)\n\n - An unspecified vulnerability in the security subcomponent of Oracle Java SE, which could allow an unauthenticated local attacker to gain unauthorized access to critical Java SE data. (CVE-2019-2745)\n\n - Unspecified vulnerabilities in the networking and security subcomponents of Oracle Java SE, which could allow an unauthenticated remote attacker to gain unauthorized access to Java SE data. Exploitation of this vulnerability requires user interaction. (CVE-2019-2766, CVE-2019-2786, CVE-2019-2818)\n\n - An unspecified vulnerability in the networking subcomponent of Oracle Java SE, which could allow an unauthenticated remote attacker unauthorized read, update, insert or delete access to Java SE data. (CVE-2019-2816)\n\n - An unspecified vulnerability in the JSSE subcomponent of Oracle Java SE, which could allow an unauthenticated, remote attacker to gain unauthorized access to critical Java SE data. Exploitation of this vulnerability requires user interaction. (CVE-2019-2821)\n\n - A use after free vulnerability exists in the libpng subcomponent of Oracle Java SE. An unauthenticated, remote attacker can exploit this to cause a complete denial of service condition in Java SE. Exploitation of this vulnerability requires user interaction.\n (CVE-2019-7317)\n\nNessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-07-19T00:00:00", "type": "nessus", "title": "Oracle Java SE 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2 Multiple Vulnerabilities (Jul 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821", "CVE-2019-2842", "CVE-2019-6129", "CVE-2019-7317"], "modified": "2022-12-06T00:00:00", "cpe": ["cpe:/a:oracle:jre", "cpe:/a:oracle:jdk"], "id": "ORACLE_JAVA_CPU_JUL_2019.NASL", "href": "https://www.tenable.com/plugins/nessus/126821", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126821);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2766\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2818\",\n \"CVE-2019-2821\",\n \"CVE-2019-2842\",\n \"CVE-2019-6129\",\n \"CVE-2019-7317\"\n );\n script_bugtraq_id(\n 108098,\n 109184,\n 109185,\n 109186,\n 109187,\n 109188,\n 109189,\n 109201,\n 109206,\n 109210,\n 109212\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0255\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Java SE 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2 Multiple Vulnerabilities (Jul 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a programming platform that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is prior to 7 Update 231, 8 Update 221,\n11 Update 4, or 12 Update 2. It is, therefore, affected by multiple\nvulnerabilities:\n\n - Unspecified vulnerabilities in the utilities and JCE \n subcomponents of Oracle Java SE, which could allow an \n unauthenticated remote attacker to cause a partial denial \n of service. (CVE-2019-2762, CVE-2019-2769, CVE-2019-2842)\n\n - An unspecified vulnerability in the security subcomponent \n of Oracle Java SE, which could allow an unauthenticated \n local attacker to gain unauthorized access to critical Java \n SE data. (CVE-2019-2745)\n\n - Unspecified vulnerabilities in the networking and security \n subcomponents of Oracle Java SE, which could allow an \n unauthenticated remote attacker to gain unauthorized \n access to Java SE data. Exploitation of this vulnerability \n requires user interaction. \n (CVE-2019-2766, CVE-2019-2786, CVE-2019-2818)\n\n - An unspecified vulnerability in the networking subcomponent\n of Oracle Java SE, which could allow an unauthenticated \n remote attacker unauthorized read, update, insert or\n delete access to Java SE data. (CVE-2019-2816)\n\n - An unspecified vulnerability in the JSSE subcomponent of \n Oracle Java SE, which could allow an unauthenticated, \n remote attacker to gain unauthorized access to critical\n Java SE data. Exploitation of this vulnerability requires \n user interaction. (CVE-2019-2821)\n\n - A use after free vulnerability exists in the libpng \n subcomponent of Oracle Java SE. An unauthenticated, \n remote attacker can exploit this to cause a complete\n denial of service condition in Java SE. Exploitation \n of this vulnerability requires user interaction.\n (CVE-2019-7317)\n\nNessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9aa2b901\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle JDK / JRE 12 Update 2 , 11 Update 4, 8 Update 221\n/ 7 Update 231 or later. If necessary, remove any affected versions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit('SMB/Java/JRE/*');\n\ninfo = '';\nvuln = 0;\ninstalled_versions = '';\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - 'SMB/Java/JRE/';\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + ' & ' + ver;\n\n # Fixes : (JDK|JRE) 12 Update 2 / 11 Update 4 / 8 Update 221 / 7 Update 231 \n if (\n ver_compare(minver:'1.7.0', ver:ver, fix:'1.7.0_231', regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0 ||\n ver_compare(minver:'1.8.0', ver:ver, fix:'1.8.0_221', regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0 ||\n ver_compare(minver:'1.11.0', ver:ver, fix:'1.11.0_4', regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0 ||\n ver_compare(minver:'1.12.0', ver:ver, fix:'1.12.0_2', regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2\\n';\n }\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n if (vuln > 1) s = 's of Java are';\n else s = ' of Java is';\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_report_v4(severity:SECURITY_WARNING, port:port, extra:report);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (' & ' >< installed_versions)\n exit(0, 'The Java '+installed_versions+' installations on the remote host are not affected.');\n else\n audit(AUDIT_INST_VER_NOT_VULN, 'Java', installed_versions);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:53", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 231, 8 Update 221, 11 Update 4, or 12 Update 2. It is, therefore, affected by multiple vulnerabilities:\n\n - Unspecified vulnerabilities in the utilities and JCE subcomponents of Oracle Java SE, which could allow an unauthenticated remote attacker to cause a partial denial of service. (CVE-2019-2762, CVE-2019-2769, CVE-2019-2842)\n\n - An unspecified vulnerability in the security subcomponent of Oracle Java SE, which could allow an unauthenticated local attacker to gain unauthorized access to critical Java SE data. (CVE-2019-2745)\n\n - Unspecified vulnerabilities in the networking and security subcomponents of Oracle Java SE, which could allow an unauthenticated remote attacker to gain unauthorized access to Java SE data. Exploitation of this vulnerability requires user interaction. (CVE-2019-2766, CVE-2019-2786, CVE-2019-2818)\n\n - An unspecified vulnerability in the networking subcomponent of Oracle Java SE, which could allow an unauthenticated remote attacker unauthorized read, update, insert or delete access to Java SE data. (CVE-2019-2816)\n\n - An unspecified vulnerability in the JSSE subcomponent of Oracle Java SE, which could allow an unauthenticated, remote attacker to gain unauthorized access to critical Java SE data. Exploitation of this vulnerability requires user interaction. (CVE-2019-2821)\n\n - A use after free vulnerability exists in the libpng subcomponent of Oracle Java SE. An unauthenticated, remote attacker can exploit this to cause a complete denial of service condition in Java SE. Exploitation of this vulnerability requires user interaction.\n (CVE-2019-7317)\n\nNessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-07-19T00:00:00", "type": "nessus", "title": "Oracle Java SE 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2 Multiple Vulnerabilities (Jul 2019 CPU) (Unix)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821", "CVE-2019-2842", "CVE-2019-6129", "CVE-2019-7317"], "modified": "2022-12-06T00:00:00", "cpe": ["cpe:/a:oracle:jre", "cpe:/a:oracle:jdk"], "id": "ORACLE_JAVA_CPU_JUL_2019_UNIX.NASL", "href": "https://www.tenable.com/plugins/nessus/126820", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126820);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2766\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2818\",\n \"CVE-2019-2821\",\n \"CVE-2019-2842\",\n \"CVE-2019-6129\",\n \"CVE-2019-7317\"\n );\n script_bugtraq_id(\n 108098,\n 109184,\n 109185,\n 109186,\n 109187,\n 109188,\n 109189,\n 109201,\n 109206,\n 109210,\n 109212\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0255\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Java SE 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2 Multiple Vulnerabilities (Jul 2019 CPU) (Unix)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Unix host contains a programming platform that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is prior to 7 Update 231, 8 Update 221,\n11 Update 4, or 12 Update 2. It is, therefore, affected by multiple\nvulnerabilities:\n\n - Unspecified vulnerabilities in the utilities and JCE \n subcomponents of Oracle Java SE, which could allow an \n unauthenticated remote attacker to cause a partial denial \n of service. (CVE-2019-2762, CVE-2019-2769, CVE-2019-2842)\n\n - An unspecified vulnerability in the security subcomponent \n of Oracle Java SE, which could allow an unauthenticated \n local attacker to gain unauthorized access to critical Java \n SE data. (CVE-2019-2745)\n\n - Unspecified vulnerabilities in the networking and security \n subcomponents of Oracle Java SE, which could allow an \n unauthenticated remote attacker to gain unauthorized \n access to Java SE data. Exploitation of this vulnerability \n requires user interaction. \n (CVE-2019-2766, CVE-2019-2786, CVE-2019-2818)\n\n - An unspecified vulnerability in the networking subcomponent\n of Oracle Java SE, which could allow an unauthenticated \n remote attacker unauthorized read, update, insert or\n delete access to Java SE data. (CVE-2019-2816)\n\n - An unspecified vulnerability in the JSSE subcomponent of \n Oracle Java SE, which could allow an unauthenticated, \n remote attacker to gain unauthorized access to critical\n Java SE data. Exploitation of this vulnerability requires \n user interaction. (CVE-2019-2821)\n\n - A use after free vulnerability exists in the libpng \n subcomponent of Oracle Java SE. An unauthenticated, \n remote attacker can exploit this to cause a complete\n denial of service condition in Java SE. Exploitation \n of this vulnerability requires user interaction.\n (CVE-2019-7317)\n\nNessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9aa2b901\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle JDK / JRE 12 Update 2 , 11 Update 4, 8 Update 221\n/ 7 Update 231 or later. If necessary, remove any affected versions.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit('Host/Java/JRE/Unmanaged/*');\n\ninfo = '';\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = '';\ngranular = '';\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - 'Host/Java/JRE/Unmanaged/';\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + ' & ' + ver;\n\n# Fixes : (JDK|JRE) 12 Update 2 / 11 Update 4 / 8 Update 221 / 7 Update 231 \n if (\n ver_compare(minver:'1.7.0', ver:ver, fix:'1.7.0_231', regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0 ||\n ver_compare(minver:'1.8.0', ver:ver, fix:'1.8.0_221', regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0 ||\n ver_compare(minver:'1.11.0', ver:ver, fix:'1.11.0_4', regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0 ||\n ver_compare(minver:'1.12.0', ver:ver, fix:'1.12.0_2', regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += 'The Oracle Java version '+ver+' at '+dir+' is not granular enough to make a determination.'+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (vuln > 1) s = 's of Java are';\n else s = ' of Java is';\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, 'The Java '+installed_versions+' installations on the remote host are not affected.');\n else\n audit(AUDIT_INST_VER_NOT_VULN, 'Java', installed_versions);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:52", "description": "The version of Amazon Corretto installed on the remote host is prior to 8 < 8.222.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2019-Jul-16 advisory.\n\n - Security (CVE-2019-2745, CVE-2019-2786)\n\n - Utilities (CVE-2019-2762, CVE-2019-2769)\n\n - Networking (CVE-2019-2766, CVE-2019-2816)\n\n - JCE (CVE-2019-2842)\n\n - AWT (libpng) (CVE-2019-7317)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-01T00:00:00", "type": "nessus", "title": "Amazon Corretto Java 8.x < 8.222.10.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842", "CVE-2019-7317"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:amazon:corretto"], "id": "AMAZON_CORRETTO_8_222_10_1.NASL", "href": "https://www.tenable.com/plugins/nessus/159424", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159424);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2766\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\",\n \"CVE-2019-7317\"\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0164-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Amazon Corretto Java 8.x < 8.222.10.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Amazon Corretto is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Amazon Corretto installed on the remote host is prior to 8 < 8.222.10.1. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the corretto-8-2019-Jul-16 advisory.\n\n - Security (CVE-2019-2745, CVE-2019-2786)\n\n - Utilities (CVE-2019-2762, CVE-2019-2769)\n\n - Networking (CVE-2019-2766, CVE-2019-2816)\n\n - JCE (CVE-2019-2842)\n\n - AWT (libpng) (CVE-2019-7317)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/corretto/corretto-8/blob/develop/CHANGELOG.md#july-2019-critical-patch-update-corretto-version-8222101\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0f77c73\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Amazon Corretto Java 8.222.10.1 or later\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:amazon:corretto\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"amazon_corretto_win_installed.nbin\", \"amazon_corretto_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Java\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_list = ['Amazon Corretto Java'];\nvar app_info = vcf::java::get_app_info(app:app_list);\n\nvar constraints = [\n { 'min_version' : '8.0', 'fixed_version' : '8.222.10.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:12", "description": "This update for java-1_8_0-openjdk to version 8u222 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-2745: Improved ECC Implementation (bsc#1141784).\n\nCVE-2019-2762: Exceptional throw cases (bsc#1141782).\n\nCVE-2019-2766: Improve file protocol handling (bsc#1141789).\n\nCVE-2019-2769: Better copies of CopiesList (bsc#1141783).\n\nCVE-2019-2786: More limited privilege usage (bsc#1141787).\n\nCVE-2019-2816: Normalize normalization (bsc#1141785).\n\nCVE-2019-2842: Extended AES support (bsc#1141786).\n\nCVE-2019-7317: Improve PNG support (bsc#1141780).\n\nCertificate validation improvements\n\nNon-security issue fixed: Fixed an issue where the installation failed when the manpages are not present (bsc#1115375)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:2021-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842", "CVE-2019-7317"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-accessibility", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-src", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2021-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127757", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2021-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127757);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2766\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\",\n \"CVE-2019-7317\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:2021-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for java-1_8_0-openjdk to version 8u222 fixes the\nfollowing issues :\n\nSecurity issues fixed :\n\nCVE-2019-2745: Improved ECC Implementation (bsc#1141784).\n\nCVE-2019-2762: Exceptional throw cases (bsc#1141782).\n\nCVE-2019-2766: Improve file protocol handling (bsc#1141789).\n\nCVE-2019-2769: Better copies of CopiesList (bsc#1141783).\n\nCVE-2019-2786: More limited privilege usage (bsc#1141787).\n\nCVE-2019-2816: Normalize normalization (bsc#1141785).\n\nCVE-2019-2842: Extended AES support (bsc#1141786).\n\nCVE-2019-7317: Improve PNG support (bsc#1141780).\n\nCertificate validation improvements\n\nNon-security issue fixed: Fixed an issue where the installation failed\nwhen the manpages are not present (bsc#1115375)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141783\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2745/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2762/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2766/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2769/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2816/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2842/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7317/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192021-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e550dbfc\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15:zypper in\n-t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2021=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2021=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-2021=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Legacy-15-SP1-2019-2021=1\n\nSUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch\nSUSE-SLE-Module-Legacy-15-2019-2021=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-demo-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-devel-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-headless-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-src-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-demo-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-devel-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-headless-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-src-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-1_8_0-openjdk-src-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.222-3.24.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-1_8_0-openjdk-src-1.8.0.222-3.24.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:08", "description": "This update for java-1_8_0-openjdk to version 8u222 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-2745: Improved ECC Implementation (bsc#1141784).\n\nCVE-2019-2762: Exceptional throw cases (bsc#1141782).\n\nCVE-2019-2766: Improve file protocol handling (bsc#1141789).\n\nCVE-2019-2769: Better copies of CopiesList (bsc#1141783).\n\nCVE-2019-2786: More limited privilege usage (bsc#1141787).\n\nCVE-2019-2816: Normalize normalization (bsc#1141785).\n\nCVE-2019-2842: Extended AES support (bsc#1141786).\n\nCVE-2019-7317: Improve PNG support (bsc#1141780).\n\nCertificate validation improvements\n\nNon-security issue fixed: Fixed an issue where the installation failed when the manpages are not present (bsc#1115375)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:2036-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842", "CVE-2019-7317"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2036-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127762", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2036-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127762);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2766\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\",\n \"CVE-2019-7317\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:2036-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for java-1_8_0-openjdk to version 8u222 fixes the\nfollowing issues :\n\nSecurity issues fixed :\n\nCVE-2019-2745: Improved ECC Implementation (bsc#1141784).\n\nCVE-2019-2762: Exceptional throw cases (bsc#1141782).\n\nCVE-2019-2766: Improve file protocol handling (bsc#1141789).\n\nCVE-2019-2769: Better copies of CopiesList (bsc#1141783).\n\nCVE-2019-2786: More limited privilege usage (bsc#1141787).\n\nCVE-2019-2816: Normalize normalization (bsc#1141785).\n\nCVE-2019-2842: Extended AES support (bsc#1141786).\n\nCVE-2019-7317: Improve PNG support (bsc#1141780).\n\nCertificate validation improvements\n\nNon-security issue fixed: Fixed an issue where the installation failed\nwhen the manpages are not present (bsc#1115375)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141783\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2745/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2762/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2766/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2769/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2816/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2842/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7317/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192036-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bd3e8567\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2019-2036=1\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2019-2036=1\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-2036=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-2036=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-2036=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-2036=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2019-2036=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2036=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-2036=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2019-2036=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-2036=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-2036=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-2036=1\n\nSUSE Linux Enterprise Desktop 12-SP5:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP5-2019-2036=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-2036=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-2036=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-2036=1\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2019-2036=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3/4/5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-demo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-devel-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-headless-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-demo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-devel-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-headless-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-demo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-devel-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-headless-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-demo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-devel-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-headless-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-demo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-devel-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-headless-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-1.8.0.222-27.35.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:27:54", "description": "This update for java-1_8_0-openjdk to version 8u222 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-2745: Improved ECC Implementation (bsc#1141784).\n\n - CVE-2019-2762: Exceptional throw cases (bsc#1141782).\n\n - CVE-2019-2766: Improve file protocol handling (bsc#1141789).\n\n - CVE-2019-2769: Better copies of CopiesList (bsc#1141783).\n\n - CVE-2019-2786: More limited privilege usage (bsc#1141787).\n\n - CVE-2019-2816: Normalize normalization (bsc#1141785).\n\n - CVE-2019-2842: Extended AES support (bsc#1141786).\n\n - CVE-2019-7317: Improve PNG support (bsc#1141780).\n\n - Certificate validation improvements\n\nNon-security issue fixed :\n\n - Fixed an issue where the installation failed when the manpages are not present (bsc#1115375)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-1912)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842", "CVE-2019-7317"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_8_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-1912.NASL", "href": "https://www.tenable.com/plugins/nessus/128004", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1912.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128004);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2766\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\",\n \"CVE-2019-7317\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-1912)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for java-1_8_0-openjdk to version 8u222 fixes the\nfollowing issues :\n\nSecurity issues fixed :\n\n - CVE-2019-2745: Improved ECC Implementation\n (bsc#1141784).\n\n - CVE-2019-2762: Exceptional throw cases (bsc#1141782).\n\n - CVE-2019-2766: Improve file protocol handling\n (bsc#1141789).\n\n - CVE-2019-2769: Better copies of CopiesList\n (bsc#1141783).\n\n - CVE-2019-2786: More limited privilege usage\n (bsc#1141787).\n\n - CVE-2019-2816: Normalize normalization (bsc#1141785).\n\n - CVE-2019-2842: Extended AES support (bsc#1141786).\n\n - CVE-2019-7317: Improve PNG support (bsc#1141780).\n\n - Certificate validation improvements\n\nNon-security issue fixed :\n\n - Fixed an issue where the installation failed when the\n manpages are not present (bsc#1115375)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141783\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141789\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1_8_0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.222-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.222-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk / java-1_8_0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:28:53", "description": "An update of the openjdk package has been released.", "cvss3": {}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Openjdk PHSA-2019-1.0-0250", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2816", "CVE-2019-2821"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:openjdk", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0250_OPENJDK.NASL", "href": "https://www.tenable.com/plugins/nessus/128710", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0250. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128710);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2816\",\n \"CVE-2019-2821\"\n );\n\n script_name(english:\"Photon OS 1.0: Openjdk PHSA-2019-1.0-0250\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the openjdk package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-250.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.222-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.222-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.222-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.222-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.222-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:30", "description": "An update of the openjdk8 package has been released.", "cvss3": {}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Openjdk8 PHSA-2019-2.0-0173", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2816", "CVE-2019-2821"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:openjdk8", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0173_OPENJDK8.NASL", "href": "https://www.tenable.com/plugins/nessus/128736", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0173. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128736);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2816\",\n \"CVE-2019-2821\"\n );\n\n script_name(english:\"Photon OS 2.0: Openjdk8 PHSA-2019-2.0-0173\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the openjdk8 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-173.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openjdk8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"openjdk8-1.8.0.222-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"openjdk8-debuginfo-1.8.0.222-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"openjdk8-doc-1.8.0.222-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"openjdk8-sample-1.8.0.222-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"openjdk8-src-1.8.0.222-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjdk8\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:52", "description": "It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations.\nAn attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. (CVE-2019-2762)\n\nIt was discovered that in some situations OpenJDK did not properly bound the amount of memory allocated during object deserialization. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service (excessive memory consumption). (CVE-2019-2769)\n\nIt was discovered that OpenJDK did not properly restrict privileges in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2019-2786)\n\nJonathan Birch discovered that the Networking component of OpenJDK did not properly validate URLs in some situations. An attacker could use this to bypass restrictions on characters in URLs. (CVE-2019-2816)\n\nIt was discovered that the ChaCha20Cipher implementation in OpenJDK did not use constant time computations in some situations. An attacker could use this to expose sensitive information. (CVE-2019-2818)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) component in OpenJDK did not properly handle OCSP stapling messages during TLS handshake in some situations. An attacker could use this to expose sensitive information. (CVE-2019-2821)\n\nIt was discovered that OpenJDK incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause OpenJDK to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-7317).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 19.04 : OpenJDK 11 vulnerabilities (USN-4083-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821", "CVE-2019-7317"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-zero", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4083-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127800", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4083-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127800);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-2762\", \"CVE-2019-2769\", \"CVE-2019-2786\", \"CVE-2019-2816\", \"CVE-2019-2818\", \"CVE-2019-2821\", \"CVE-2019-7317\");\n script_xref(name:\"USN\", value:\"4083-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 19.04 : OpenJDK 11 vulnerabilities (USN-4083-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that OpenJDK did not sufficiently validate serial\nstreams before deserializing suppressed exceptions in some situations.\nAn attacker could use this to specially craft an object that, when\ndeserialized, would cause a denial of service. (CVE-2019-2762)\n\nIt was discovered that in some situations OpenJDK did not properly\nbound the amount of memory allocated during object deserialization. An\nattacker could use this to specially craft an object that, when\ndeserialized, would cause a denial of service (excessive memory\nconsumption). (CVE-2019-2769)\n\nIt was discovered that OpenJDK did not properly restrict privileges in\ncertain situations. An attacker could use this to specially construct\nan untrusted Java application or applet that could escape sandbox\nrestrictions. (CVE-2019-2786)\n\nJonathan Birch discovered that the Networking component of OpenJDK did\nnot properly validate URLs in some situations. An attacker could use\nthis to bypass restrictions on characters in URLs. (CVE-2019-2816)\n\nIt was discovered that the ChaCha20Cipher implementation in OpenJDK\ndid not use constant time computations in some situations. An attacker\ncould use this to expose sensitive information. (CVE-2019-2818)\n\nIt was discovered that the Java Secure Socket Extension (JSSE)\ncomponent in OpenJDK did not properly handle OCSP stapling messages\nduring TLS handshake in some situations. An attacker could use this to\nexpose sensitive information. (CVE-2019-2821)\n\nIt was discovered that OpenJDK incorrectly handled certain memory\noperations. If a user or automated system were tricked into opening a\nspecially crafted PNG file, a remote attacker could use this issue to\ncause OpenJDK to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2019-7317).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4083-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"openjdk-11-jdk\", pkgver:\"11.0.4+11-1ubuntu2~18.04.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"openjdk-11-jdk-headless\", pkgver:\"11.0.4+11-1ubuntu2~18.04.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"openjdk-11-jre\", pkgver:\"11.0.4+11-1ubuntu2~18.04.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"openjdk-11-jre-headless\", pkgver:\"11.0.4+11-1ubuntu2~18.04.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"openjdk-11-jre-zero\", pkgver:\"11.0.4+11-1ubuntu2~18.04.3\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"openjdk-11-jdk\", pkgver:\"11.0.4+11-1ubuntu2~19.04\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"openjdk-11-jdk-headless\", pkgver:\"11.0.4+11-1ubuntu2~19.04\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"openjdk-11-jre\", pkgver:\"11.0.4+11-1ubuntu2~19.04\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"openjdk-11-jre-headless\", pkgver:\"11.0.4+11-1ubuntu2~19.04\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"openjdk-11-jre-zero\", pkgver:\"11.0.4+11-1ubuntu2~19.04\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjdk-11-jdk / openjdk-11-jdk-headless / openjdk-11-jre / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:47", "description": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2019-2762)\n\nVulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2019-2842)\n\nVulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts).\nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).\n(CVE-2019-2745)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2019-27690)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). (CVE-2019-2816)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). (CVE-2019-2786)", "cvss3": {}, "published": "2019-08-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2019-1268)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-27690", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.7.0-openjdk", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-accessibility", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-headless", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1268.NASL", "href": "https://www.tenable.com/plugins/nessus/128284", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1268.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128284);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-2745\", \"CVE-2019-2762\", \"CVE-2019-2769\", \"CVE-2019-2786\", \"CVE-2019-2816\", \"CVE-2019-2842\");\n script_xref(name:\"ALAS\", value:\"2019-1268\");\n\n script_name(english:\"Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2019-1268)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Vulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Utilities). Supported versions that are\naffected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE\nEmbedded: 8u211. Easily exploitable vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a partial\ndenial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2019-2762)\n\nVulnerability in the Java SE component of Oracle Java SE\n(subcomponent: JCE). The supported version that is affected is Java\nSE: 8u212. Difficult to exploit vulnerability allows unauthenticated\nattacker with network access via multiple protocols to compromise Java\nSE. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a partial denial of service (partial\nDOS) of Java SE. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets (in Java SE 8), that load and run untrusted\ncode (e.g., code that comes from the internet) and rely on the Java\nsandbox for security. This vulnerability can also be exploited by\nusing APIs in the specified Component, e.g., through a web service\nwhich supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2019-2842)\n\nVulnerability in the Java SE component of Oracle Java SE\n(subcomponent: Security). Supported versions that are affected are\nJava SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability\nallows unauthenticated attacker with logon to the infrastructure where\nJava SE executes to compromise Java SE. Successful attacks of this\nvulnerability can result in unauthorized access to critical data or\ncomplete access to all Java SE accessible data. Note: This\nvulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts).\nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).\n(CVE-2019-2745)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Utilities). Supported versions that are\naffected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE\nEmbedded: 8u211. Easily exploitable vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a partial\ndenial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2019-27690)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Networking). Supported versions that are\naffected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE\nEmbedded: 8u211. Difficult to exploit vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Java SE, Java SE Embedded accessible data as well as\nunauthorized read access to a subset of Java SE, Java SE Embedded\naccessible data. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets (in Java SE 8), that load and run untrusted\ncode (e.g., code that comes from the internet) and rely on the Java\nsandbox for security. This vulnerability can also be exploited by\nusing APIs in the specified Component, e.g., through a web service\nwhich supplies data to the APIs. CVSS 3.0 Base Score 4.8\n(Confidentiality and Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). (CVE-2019-2816)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Security). Supported versions that are affected\nare Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via multiple protocols to compromise Java SE, Java\nSE Embedded. Successful attacks require human interaction from a\nperson other than the attacker and while the vulnerability is in Java\nSE, Java SE Embedded, attacks may significantly impact additional\nproducts. Successful attacks of this vulnerability can result in\nunauthorized read access to a subset of Java SE, Java SE Embedded\naccessible data. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets (in Java SE 8), that load and run untrusted\ncode (e.g., code that comes from the internet) and rely on the Java\nsandbox for security. This vulnerability can also be exploited by\nusing APIs in the specified Component, e.g., through a web service\nwhich supplies data to the APIs. CVSS 3.0 Base Score 3.4\n(Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). (CVE-2019-2786)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1268.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update java-1.7.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-1.7.0.231-2.6.19.1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.231-2.6.19.1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-headless-1.7.0.231-2.6.19.1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:10", "description": "Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side-channel attacks. An attacker could possibly use this to expose sensitive information. (CVE-2019-2745)\n\nIt was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations.\nAn attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. (CVE-2019-2762)\n\nIt was discovered that in some situations OpenJDK did not properly bound the amount of memory allocated during object deserialization. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service (excessive memory consumption). (CVE-2019-2769)\n\nIt was discovered that OpenJDK did not properly restrict privileges in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2019-2786)\n\nJonathan Birch discovered that the Networking component of OpenJDK did not properly validate URLs in some situations. An attacker could use this to bypass restrictions on characters in URLs. (CVE-2019-2816)\n\nNati Nimni discovered that the Java Cryptography Extension component in OpenJDK did not properly perform array bounds checking in some situations. An attacker could use this to cause a denial of service.\n(CVE-2019-2842)\n\nIt was discovered that OpenJDK incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause OpenJDK to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-7317).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-4080-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842", "CVE-2019-7317"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-4080-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127797", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4080-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127797);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-2745\", \"CVE-2019-2762\", \"CVE-2019-2769\", \"CVE-2019-2786\", \"CVE-2019-2816\", \"CVE-2019-2842\", \"CVE-2019-7317\");\n script_xref(name:\"USN\", value:\"4080-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-4080-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Keegan Ryan discovered that the ECC implementation in OpenJDK was not\nsufficiently resilient to side-channel attacks. An attacker could\npossibly use this to expose sensitive information. (CVE-2019-2745)\n\nIt was discovered that OpenJDK did not sufficiently validate serial\nstreams before deserializing suppressed exceptions in some situations.\nAn attacker could use this to specially craft an object that, when\ndeserialized, would cause a denial of service. (CVE-2019-2762)\n\nIt was discovered that in some situations OpenJDK did not properly\nbound the amount of memory allocated during object deserialization. An\nattacker could use this to specially craft an object that, when\ndeserialized, would cause a denial of service (excessive memory\nconsumption). (CVE-2019-2769)\n\nIt was discovered that OpenJDK did not properly restrict privileges in\ncertain situations. An attacker could use this to specially construct\nan untrusted Java application or applet that could escape sandbox\nrestrictions. (CVE-2019-2786)\n\nJonathan Birch discovered that the Networking component of OpenJDK did\nnot properly validate URLs in some situations. An attacker could use\nthis to bypass restrictions on characters in URLs. (CVE-2019-2816)\n\nNati Nimni discovered that the Java Cryptography Extension component\nin OpenJDK did not properly perform array bounds checking in some\nsituations. An attacker could use this to cause a denial of service.\n(CVE-2019-2842)\n\nIt was discovered that OpenJDK incorrectly handled certain memory\noperations. If a user or automated system were tricked into opening a\nspecially crafted PNG file, a remote attacker could use this issue to\ncause OpenJDK to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2019-7317).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4080-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jdk\", pkgver:\"8u222-b10-1ubuntu1~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jdk-headless\", pkgver:\"8u222-b10-1ubuntu1~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre\", pkgver:\"8u222-b10-1ubuntu1~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre-headless\", pkgver:\"8u222-b10-1ubuntu1~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre-jamvm\", pkgver:\"8u222-b10-1ubuntu1~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre-zero\", pkgver:\"8u222-b10-1ubuntu1~16.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjdk-8-jdk / openjdk-8-jdk-headless / openjdk-8-jre / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:07:23", "description": "According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).\n Supported versions that are affected are Java SE:\n 7u221, 8u212, 11.0.3 and 12.0.1 Java SE Embedded:\n 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2019-2762)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).\n Supported versions that are affected are Java SE:\n 7u221, 8u212, 11.0.3 and 12.0.1 Java SE Embedded:\n 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2019-2769)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.(CVE-2019-2842)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).\n Supported versions that are affected are Java SE:\n 8u212, 11.0.3 and 12.0.1 Java SE Embedded: 8u211.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products.\n Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.(CVE-2019-2786)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2021-1806)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2842"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:java-1.8.0-openjdk", "p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel", "p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1806.NASL", "href": "https://www.tenable.com/plugins/nessus/149158", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149158);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\n \"CVE-2019-2762\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2842\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2021-1806)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the java-1.8.0-openjdk packages\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Vulnerability in the Java SE, Java SE Embedded\n component of Oracle Java SE (subcomponent: Utilities).\n Supported versions that are affected are Java SE:\n 7u221, 8u212, 11.0.3 and 12.0.1 Java SE Embedded:\n 8u211. Easily exploitable vulnerability allows\n unauthenticated attacker with network access via\n multiple protocols to compromise Java SE, Java SE\n Embedded. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a partial\n denial of service (partial DOS) of Java SE, Java SE\n Embedded.(CVE-2019-2762)\n\n - Vulnerability in the Java SE, Java SE Embedded\n component of Oracle Java SE (subcomponent: Utilities).\n Supported versions that are affected are Java SE:\n 7u221, 8u212, 11.0.3 and 12.0.1 Java SE Embedded:\n 8u211. Easily exploitable vulnerability allows\n unauthenticated attacker with network access via\n multiple protocols to compromise Java SE, Java SE\n Embedded. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a partial\n denial of service (partial DOS) of Java SE, Java SE\n Embedded.(CVE-2019-2769)\n\n - Vulnerability in the Java SE component of Oracle Java\n SE (subcomponent: JCE). The supported version that is\n affected is Java SE: 8u212. Difficult to exploit\n vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise\n Java SE. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a partial\n denial of service (partial DOS) of Java\n SE.(CVE-2019-2842)\n\n - Vulnerability in the Java SE, Java SE Embedded\n component of Oracle Java SE (subcomponent: Security).\n Supported versions that are affected are Java SE:\n 8u212, 11.0.3 and 12.0.1 Java SE Embedded: 8u211.\n Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via\n multiple protocols to compromise Java SE, Java SE\n Embedded. Successful attacks require human interaction\n from a person other than the attacker and while the\n vulnerability is in Java SE, Java SE Embedded, attacks\n may significantly impact additional products.\n Successful attacks of this vulnerability can result in\n unauthorized read access to a subset of Java SE, Java\n SE Embedded accessible data.(CVE-2019-2786)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1806\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fe0123cf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.8.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2786\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"java-1.8.0-openjdk-1.8.0.191.b12-0.h14\",\n \"java-1.8.0-openjdk-devel-1.8.0.191.b12-0.h14\",\n \"java-1.8.0-openjdk-headless-1.8.0.191.b12-0.h14\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:49", "description": "The version of IBM Java installed on the remote host is prior to 7.0 < 7.0.10.50 / 7.1 < 7.1.4.50 / 8.0 < 8.0.5.40. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle July 16 2019 CPU advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).\n Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded:\n 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2762, CVE-2019-2769)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).\n Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded:\n 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2766)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).\n Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2786)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).\n Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded:\n 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2816)\n\n - png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. (CVE-2019-7317)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-29T00:00:00", "type": "nessus", "title": "IBM Java 7.0 < 7.0.10.50 / 7.1 < 7.1.4.50 / 8.0 < 8.0.5.40 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-7317"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:ibm:java"], "id": "IBM_JAVA_2019_07_16.NASL", "href": "https://www.tenable.com/plugins/nessus/160365", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160365);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-2762\",\n \"CVE-2019-2766\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-7317\"\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0255\");\n script_xref(name:\"IAVA\", value:\"2019-A-0164-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0484\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"IBM Java 7.0 < 7.0.10.50 / 7.1 < 7.1.4.50 / 8.0 < 8.0.5.40 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"IBM Java is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM Java installed on the remote host is prior to 7.0 < 7.0.10.50 / 7.1 < 7.1.4.50 / 8.0 < 8.0.5.40. It\nis, therefore, affected by multiple vulnerabilities as referenced in the Oracle July 16 2019 CPU advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).\n Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded:\n 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web\n Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code\n that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2762, CVE-2019-2769)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).\n Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded:\n 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a\n person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read\n access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java\n deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets\n (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the\n Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified\n Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2766)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).\n Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a\n person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may\n significantly impact additional products. Successful attacks of this vulnerability can result in\n unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2786)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).\n Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded:\n 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well\n as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2816)\n\n - png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function\n is called under png_safe_execute. (CVE-2019-7317)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ17990\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ17991\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ17992\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ17993\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ17994\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ17995\");\n # https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#Oracle_July_16_2019_CPU\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?abf5efe1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the Oracle July 16 2019 CPU advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:java\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_java_nix_installed.nbin\", \"ibm_java_win_installed.nbin\");\n script_require_keys(\"installed_sw/Java\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_list = ['IBM Java'];\nvar app_info = vcf::java::get_app_info(app:app_list);\n\nvar constraints = [\n { 'min_version' : '7.0.0', 'fixed_version' : '7.0.10.50' },\n { 'min_version' : '7.1.0', 'fixed_version' : '7.1.4.50' },\n { 'min_version' : '8.0.0', 'fixed_version' : '8.0.5.40' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:23", "description": "This update for java-1_7_0-openjdk to version 7u231 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE_2019-2426: Improve web server connections (bsc#1134297).\n\nCVE-2019-2745: Improved ECC Implementation (bsc#1141784).\n\nCVE-2019-2762: Exceptional throw cases (bsc#1141782).\n\nCVE-2019-2766: Improve file protocol handling (bsc#1141789).\n\nCVE-2019-2769: Better copies of CopiesList (bsc#1141783).\n\nCVE-2019-2786: More limited privilege usage (bsc#1141787).\n\nCVE-2019-2816: Normalize normalization (bsc#1141785).\n\nCVE-2019-2842: Extended AES support (bsc#1141786).\n\nCVE-2019-7317: Improve PNG support (bsc#1141780).\n\nCVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE (bsc#1087082).\n\nCertificate validation improvements\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:2028-1) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-3639", "CVE-2019-2426", "CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842", "CVE-2019-7317"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2028-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127758", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2028-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127758);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2018-3639\",\n \"CVE-2019-2426\",\n \"CVE-2019-2745\",\n \"CVE-2019-2762\",\n \"CVE-2019-2766\",\n \"CVE-2019-2769\",\n \"CVE-2019-2786\",\n \"CVE-2019-2816\",\n \"CVE-2019-2842\",\n \"CVE-2019-7317\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:2028-1) (Spectre)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for java-1_7_0-openjdk to version 7u231 fixes the\nfollowing issues :\n\nSecurity issues fixed :\n\nCVE_2019-2426: Improve web server connections (bsc#1134297).\n\nCVE-2019-2745: Improved ECC Implementation (bsc#1141784).\n\nCVE-2019-2762: Exceptional throw cases (bsc#1141782).\n\nCVE-2019-2766: Improve file protocol handling (bsc#1141789).\n\nCVE-2019-2769: Better copies of CopiesList (bsc#1141783).\n\nCVE-2019-2786: More limited privilege usage (bsc#1141787).\n\nCVE-2019-2816: Normalize normalization (bsc#1141785).\n\nCVE-2019-2842: Extended AES support (bsc#1141786).\n\nCVE-2019-7317: Improve PNG support (bsc#1141780).\n\nCVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to\nPR_SPEC_DISABLE (bsc#1087082).\n\nCertificate validation improvements\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141783\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-3639/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2426/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2745/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2762/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2766/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2769/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2816/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2842/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7317/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192028-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e276b272\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2028=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-2028=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-3639\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-1.7.0.231-43.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.231-43.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.231-43.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-demo-1.7.0.231-43.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.231-43.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-devel-1.7.0.231-43.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.231-43.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-headless-1.7.0.231-43.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.231-43.27.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.231-43.27.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.231-43.27.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.231-43.27.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.231-43.27.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.231-43.27.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:48", "description": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).\n(CVE-2019-2684)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2019-2769)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). (CVE-2019-2816)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded:\n8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.\nCVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2602)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2019-2762)\n\nVulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2019-2842)\n\nVulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts).\nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).\n(CVE-2019-2745)\n\nVulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE:\n7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts).\nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).\n(CVE-2019-2698)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). (CVE-2019-2786)", "cvss3": {}, "published": "2019-08-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2019-1269)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2698", "CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2842"], "modified": "2019-09-24T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src-debug", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless-debug"], "id": "AL2_ALAS-2019-1269.NASL", "href": "https://www.tenable.com/plugins/nessus/128285", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1269.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128285);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/24 11:01:32\");\n\n script_cve_id(\"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2698\", \"CVE-2019-2745\", \"CVE-2019-2762\", \"CVE-2019-2769\", \"CVE-2019-2786\", \"CVE-2019-2816\", \"CVE-2019-2842\");\n script_xref(name:\"ALAS\", value:\"2019-1269\");\n\n script_name(english:\"Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2019-1269)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: RMI). Supported versions that are affected are\nJava SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via multiple protocols to compromise Java SE, Java\nSE Embedded. Successful attacks of this vulnerability can result in\nunauthorized creation, deletion or modification access to critical\ndata or all Java SE, Java SE Embedded accessible data. Note: This\nvulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).\n(CVE-2019-2684)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Utilities). Supported versions that are\naffected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE\nEmbedded: 8u211. Easily exploitable vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a partial\ndenial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2019-2769)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Networking). Supported versions that are\naffected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE\nEmbedded: 8u211. Difficult to exploit vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Java SE, Java SE Embedded accessible data as well as\nunauthorized read access to a subset of Java SE, Java SE Embedded\naccessible data. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets (in Java SE 8), that load and run untrusted\ncode (e.g., code that comes from the internet) and rely on the Java\nsandbox for security. This vulnerability can also be exploited by\nusing APIs in the specified Component, e.g., through a web service\nwhich supplies data to the APIs. CVSS 3.0 Base Score 4.8\n(Confidentiality and Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). (CVE-2019-2816)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Libraries). Supported versions that are\naffected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded:\n8u201. Easily exploitable vulnerability allows unauthenticated\nattacker with network access via multiple protocols to compromise Java\nSE, Java SE Embedded. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability can only be exploited by supplying data to APIs in\nthe specified Component without using Untrusted Java Web Start\napplications or Untrusted Java applets, such as through a web service.\nCVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2602)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Utilities). Supported versions that are\naffected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE\nEmbedded: 8u211. Easily exploitable vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a partial\ndenial of service (partial DOS) of Java SE, Java SE Embedded. Note:\nThis vulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2019-2762)\n\nVulnerability in the Java SE component of Oracle Java SE\n(subcomponent: JCE). The supported version that is affected is Java\nSE: 8u212. Difficult to exploit vulnerability allows unauthenticated\nattacker with network access via multiple protocols to compromise Java\nSE. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a partial denial of service (partial\nDOS) of Java SE. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets (in Java SE 8), that load and run untrusted\ncode (e.g., code that comes from the internet) and rely on the Java\nsandbox for security. This vulnerability can also be exploited by\nusing APIs in the specified Component, e.g., through a web service\nwhich supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2019-2842)\n\nVulnerability in the Java SE component of Oracle Java SE\n(subcomponent: Security). Supported versions that are affected are\nJava SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability\nallows unauthenticated attacker with logon to the infrastructure where\nJava SE executes to compromise Java SE. Successful attacks of this\nvulnerability can result in unauthorized access to critical data or\ncomplete access to all Java SE accessible data. Note: This\nvulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts).\nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).\n(CVE-2019-2745)\n\nVulnerability in the Java SE component of Oracle Java SE\n(subcomponent: 2D). Supported versions that are affected are Java SE:\n7u211 and 8u202. Difficult to exploit vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE. Successful attacks of this vulnerability can\nresult in takeover of Java SE. Note: This vulnerability applies to\nJava deployments, typically in clients running sandboxed Java Web\nStart applications or sandboxed Java applets (in Java SE 8), that load\nand run untrusted code (e.g., code that comes from the internet) and\nrely on the Java sandbox for security. This vulnerability does not\napply to Java deployments, typically in servers, that load and run\nonly trusted code (e.g., code installed by an administrator). CVSS 3.0\nBase Score 8.1 (Confidentiality, Integrity and Availability impacts).\nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).\n(CVE-2019-2698)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Security). Supported versions that are affected\nare Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via multiple protocols to compromise Java SE, Java\nSE Embedded. Successful attacks require human interaction from a\nperson other than the attacker and while the vulnerability is in Java\nSE, Java SE Embedded, attacks may significantly impact additional\nproducts. Successful attacks of this vulnerability can result in\nunauthorized read access to a subset of Java SE, Java SE Embedded\naccessible data. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets (in Java SE 8), that load and run untrusted\ncode (e.g., code that comes from the internet) and rely on the Java\nsandbox for security. This vulnerability can also be exploited by\nusing APIs in the specified Component, e.g., through a web service\nwhich supplies data to the APIs. CVSS 3.0 Base Score 3.4\n(Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). (CVE-2019-2786)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1269.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.8.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-debug-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-demo-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-devel-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-headless-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-src-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:24", "description": "New kernel packages are available for Slackware 14.2 to fix security issues.", "cvss3": {}, "published": "2019-08-14T00:00:00", "type": "nessus", "title": "Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-226-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18509", "CVE-2018-20856", "CVE-2019-10207", "CVE-2019-1125", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284"], "modified": "2020-02-18T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:kernel-firmware", "p-cpe:/a:slackware:slackware_linux:kernel-generic", "p-cpe:/a:slackware:slackware_linux:kernel-generic-smp", "p-cpe:/a:slackware:slackware_linux:kernel-headers", "p-cpe:/a:slackware:slackware_linux:kernel-huge", "p-cpe:/a:slackware:slackware_linux:kernel-huge-smp", "p-cpe:/a:slackware:slackware_linux:kernel-modules", "p-cpe:/a:slackware:slackware_linux:kernel-modules-smp", "p-cpe:/a:slackware:slackware_linux:kernel-source", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2019-226-01.NASL", "href": "https://www.tenable.com/plugins/nessus/127882", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-226-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127882);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2017-18509\", \"CVE-2018-20856\", \"CVE-2019-10207\", \"CVE-2019-1125\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\");\n script_xref(name:\"SSA\", value:\"2019-226-01\");\n\n script_name(english:\"Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-226-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New kernel packages are available for Slackware 14.2 to fix security\nissues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.717544\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?12c71cbb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a: