Vulnerabilities > CVE-2005-1080 - Directory Traversal vulnerability in Sun J2SE Software Development Kit Java Archive Tool

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
sun
nessus

Summary

Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.

Vulnerable Configurations

Part Description Count
Application
Sun
2

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-212.NASL
    descriptionUpdated java-1.7.0 packages fix security vulnerabilities : An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions (CVE-2015-0469). A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions (CVE-2015-0460). A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly (CVE-2015-0488). A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions (CVE-2015-0477). A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted (CVE-2005-1080, CVE-2015-0480). It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures (CVE-2015-0478).
    last seen2020-06-01
    modified2020-06-02
    plugin id83104
    published2015-04-28
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83104
    titleMandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2015:212)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2015:212. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83104);
      script_version("2.3");
      script_cvs_date("Date: 2019/08/02 13:32:57");
    
      script_cve_id("CVE-2005-1080", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488");
      script_bugtraq_id(13083, 74072, 74097, 74104, 74111, 74119, 74147);
      script_xref(name:"MDVSA", value:"2015:212");
    
      script_name(english:"Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2015:212)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.7.0 packages fix security vulnerabilities :
    
    An off-by-one flaw, leading to a buffer overflow, was found in the
    font parsing code in the 2D component in OpenJDK. A specially crafted
    font file could possibly cause the Java Virtual Machine to execute
    arbitrary code, allowing an untrusted Java application or applet to
    bypass Java sandbox restrictions (CVE-2015-0469).
    
    A flaw was found in the way the Hotspot component in OpenJDK handled
    phantom references. An untrusted Java application or applet could use
    this flaw to corrupt the Java Virtual Machine memory and, possibly,
    execute arbitrary code, bypassing Java sandbox restrictions
    (CVE-2015-0460).
    
    A flaw was found in the way the JSSE component in OpenJDK parsed X.509
    certificate options. A specially crafted certificate could cause JSSE
    to raise an exception, possibly causing an application using JSSE to
    exit unexpectedly (CVE-2015-0488).
    
    A flaw was discovered in the Beans component in OpenJDK. An untrusted
    Java application or applet could use this flaw to bypass certain Java
    sandbox restrictions (CVE-2015-0477).
    
    A directory traversal flaw was found in the way the jar tool extracted
    JAR archive files. A specially crafted JAR archive could cause jar to
    overwrite arbitrary files writable by the user running jar when the
    archive was extracted (CVE-2005-1080, CVE-2015-0480).
    
    It was found that the RSA implementation in the JCE component in
    OpenJDK did not follow recommended practices for implementing RSA
    signatures (CVE-2015-0478)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2015-0158.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"java-1.7.0-openjdk-1.7.0.65-2.5.5.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"java-1.7.0-openjdk-accessibility-1.7.0.65-2.5.5.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"java-1.7.0-openjdk-demo-1.7.0.65-2.5.5.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"java-1.7.0-openjdk-devel-1.7.0.65-2.5.5.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"java-1.7.0-openjdk-headless-1.7.0.65-2.5.5.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"java-1.7.0-openjdk-javadoc-1.7.0.65-2.5.5.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"java-1.7.0-openjdk-src-1.7.0.65-2.5.5.1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0806.NASL
    descriptionUpdated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82801
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82801
    titleCentOS 6 / 7 : java-1.7.0-openjdk (CESA-2015:0806)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:0806 and 
    # CentOS Errata and Security Advisory 2015:0806 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82801);
      script_version("1.12");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2005-1080", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488");
      script_bugtraq_id(13083, 74072, 74097, 74104, 74111, 74119, 74147);
      script_xref(name:"RHSA", value:"2015:0806");
    
      script_name(english:"CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2015:0806)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.7.0-openjdk packages that fix multiple security issues
    are now available for Red Hat Enterprise Linux 6 and 7.
    
    Red Hat Product Security has rated this update as having Critical
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
    Environment and the OpenJDK 7 Java Software Development Kit.
    
    An off-by-one flaw, leading to a buffer overflow, was found in the
    font parsing code in the 2D component in OpenJDK. A specially crafted
    font file could possibly cause the Java Virtual Machine to execute
    arbitrary code, allowing an untrusted Java application or applet to
    bypass Java sandbox restrictions. (CVE-2015-0469)
    
    A flaw was found in the way the Hotspot component in OpenJDK handled
    phantom references. An untrusted Java application or applet could use
    this flaw to corrupt the Java Virtual Machine memory and, possibly,
    execute arbitrary code, bypassing Java sandbox restrictions.
    (CVE-2015-0460)
    
    A flaw was found in the way the JSSE component in OpenJDK parsed X.509
    certificate options. A specially crafted certificate could cause JSSE
    to raise an exception, possibly causing an application using JSSE to
    exit unexpectedly. (CVE-2015-0488)
    
    A flaw was discovered in the Beans component in OpenJDK. An untrusted
    Java application or applet could use this flaw to bypass certain Java
    sandbox restrictions. (CVE-2015-0477)
    
    A directory traversal flaw was found in the way the jar tool extracted
    JAR archive files. A specially crafted JAR archive could cause jar to
    overwrite arbitrary files writable by the user running jar when the
    archive was extracted. (CVE-2005-1080, CVE-2015-0480)
    
    It was found that the RSA implementation in the JCE component in
    OpenJDK did not follow recommended practices for implementing RSA
    signatures. (CVE-2015-0478)
    
    The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat
    Product Security.
    
    Note: If the web browser plug-in provided by the icedtea-web package
    was installed, the issues exposed via Java applets could have been
    exploited without user interaction if a user visited a malicious
    website.
    
    All users of java-1.7.0-openjdk are advised to upgrade to these
    updated packages, which resolve these issues. All running instances of
    OpenJDK Java must be restarted for the update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2015-April/021066.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9af97afb"
      );
      # https://lists.centos.org/pipermail/centos-announce/2015-April/021069.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a9212bd5"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1.7.0-openjdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0469");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x / 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6")) flag++;
    
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.el7_1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el7_1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el7_1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.el7_1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el7_1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el7_1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1091.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Satellite 5.6 and 5.7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to from the References section, for additional details about this change. Users of Red Hat Satellite 5.6 and 5.7 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16-FP4 release. For this update to take effect, Red Hat Satellite must be restarted (
    last seen2020-06-01
    modified2020-06-02
    plugin id84143
    published2015-06-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84143
    titleRHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:1091) (Bar Mitzvah)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:1091. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84143);
      script_version("2.13");
      script_cvs_date("Date: 2019/10/24 15:35:40");
    
      script_cve_id("CVE-2005-1080", "CVE-2015-0138", "CVE-2015-0192", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488", "CVE-2015-0491", "CVE-2015-1914", "CVE-2015-2808");
      script_xref(name:"RHSA", value:"2015:1091");
    
      script_name(english:"RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:1091) (Bar Mitzvah)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.6.0-ibm packages that fix several security issues are
    now available for Red Hat Satellite 5.6 and 5.7.
    
    Red Hat Product Security has rated this update as having Low security
    impact. Common Vulnerability Scoring System (CVSS) base scores, which
    give detailed severity ratings, are available for each vulnerability
    from the CVE links in the References section.
    
    IBM Java SE version 6 includes the IBM Java Runtime Environment and
    the IBM Java Software Development Kit.
    
    This update corrects several security vulnerabilities in the IBM Java
    Runtime Environment shipped as part of Red Hat Satellite 5. In a
    typical operating environment, these are of low security risk as the
    runtime is not used on untrusted applets. Further information about
    these flaws can be found on the IBM Java Security alerts page, listed
    in the References section. (CVE-2005-1080, CVE-2015-0138,
    CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469,
    CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488,
    CVE-2015-0491, CVE-2015-1914, CVE-2015-2808)
    
    The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat
    Product Security.
    
    Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher
    suites by default to address the CVE-2015-2808 issue. Refer to Red Hat
    Bugzilla bug 1207101, linked to from the References section, for
    additional details about this change.
    
    Users of Red Hat Satellite 5.6 and 5.7 are advised to upgrade to these
    updated packages, which contain the IBM Java SE 6 SR16-FP4 release.
    For this update to take effect, Red Hat Satellite must be restarted
    ('/usr/sbin/rhn-satellite restart'), as well as all running instances
    of IBM Java."
      );
      # https://www.ibm.com/developerworks/java/jdk/alerts/
      script_set_attribute(
        attribute:"see_also",
        value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:1091"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-1080"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0469"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0478"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0480"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0488"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0491"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0459"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0458"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-1914"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-2808"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0138"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected java-1.6.0-ibm and / or java-1.6.0-ibm-devel
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:1091";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-ibm / java-1.6.0-ibm-devel");
      }
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-122.NASL
    descriptionA vulnerability has been discovered and corrected in fastjar : Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619 (CVE-2010-0831). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90 The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id47116
    published2010-06-23
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47116
    titleMandriva Linux Security Advisory : fastjar (MDVSA-2010:122)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2010:122. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47116);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:53");
    
      script_cve_id("CVE-2010-0831");
      script_bugtraq_id(41006);
      script_xref(name:"MDVSA", value:"2010:122");
    
      script_name(english:"Mandriva Linux Security Advisory : fastjar (MDVSA-2010:122)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Mandriva Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability has been discovered and corrected in fastjar :
    
    Directory traversal vulnerability in the extract_jar function in
    jartool.c in FastJar 0.98 allows remote attackers to create or
    overwrite arbitrary files via a .. (dot dot) in a non-initial pathname
    component in a filename within a .jar archive, a related issue to
    CVE-2005-1080. NOTE: this vulnerability exists because of an
    incomplete fix for CVE-2006-3619 (CVE-2010-0831).
    
    Packages for 2008.0 and 2009.0 are provided as of the Extended
    Maintenance Program. Please visit this link to learn more:
    http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4
    90
    
    The updated packages have been patched to correct this issue."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected fastjar package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fastjar");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/06/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2008.0", reference:"fastjar-0.95-1.1mdv2008.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2009.0", reference:"fastjar-0.95-3.1mdv2009.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2009.1", reference:"fastjar-0.97-1.1mdv2009.1", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2010.0", reference:"fastjar-0.98-1.1mdv2010.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1006.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to from the References section, for additional details about this change. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP4 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id83432
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83432
    titleRHEL 5 / 6 : java-1.6.0-ibm (RHSA-2015:1006) (Bar Mitzvah)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0808.NASL
    descriptionUpdated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82810
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82810
    titleRHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2015:0808)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150415_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL
    descriptionAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-03-18
    modified2015-04-16
    plugin id82813
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82813
    titleScientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/srpm/x86_64 (20150415)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1021.NASL
    descriptionUpdated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. IBM Java SDK and JRE 5.0 will not receive software updates after September 2015. This date is referred to as the End of Service (EOS) date. Customers are advised to migrate to current versions of IBM Java at this time. IBM Java SDK and JRE versions 6 and 7 are available via the Red Hat Enterprise Linux 5 and 6 Supplementary content sets and will continue to receive updates based on IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id83754
    published2015-05-21
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83754
    titleRHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:1021) (Bar Mitzvah)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0808.NASL
    descriptionUpdated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82803
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82803
    titleCentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2015:0808)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0807.NASL
    descriptionUpdated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82802
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82802
    titleCentOS 5 : java-1.7.0-openjdk (CESA-2015:0807)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0807.NASL
    descriptionFrom Red Hat Security Advisory 2015:0807 : Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82808
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82808
    titleOracle Linux 5 : java-1.7.0-openjdk (ELSA-2015-0807)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0806.NASL
    descriptionUpdated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82809
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82809
    titleRHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2015:0806)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150415_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL
    descriptionAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) Multiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-03-18
    modified2015-04-16
    plugin id82816
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82816
    titleScientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/srpm/x86_64 (20150415)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-517.NASL
    descriptionAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) Multiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-0477 , CVE-2015-0470) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080 , CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478)
    last seen2020-06-01
    modified2020-06-02
    plugin id83268
    published2015-05-07
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83268
    titleAmazon Linux AMI : java-1.8.0-openjdk (ALAS-2015-517)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0854.NASL
    descriptionUpdated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 45 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82897
    published2015-04-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82897
    titleRHEL 6 / 7 : java-1.8.0-oracle (RHSA-2015:0854)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150415_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL
    descriptionAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-03-18
    modified2015-04-16
    plugin id82815
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82815
    titleScientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/srpm/x86_64 (20150415)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_18E5428FAE7C11D9837D000E0C2E438A.NASL
    descriptionPluf has discovered a vulnerability in Sun Java JDK/SDK, which potentially can be exploited by malicious people to compromise a user
    last seen2020-06-01
    modified2020-06-02
    plugin id18852
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18852
    titleFreeBSD : jdk -- jar directory traversal vulnerability (18e5428f-ae7c-11d9-837d-000e0c2e438a)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-516.NASL
    descriptionAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080 , CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478)
    last seen2020-06-01
    modified2020-06-02
    plugin id83059
    published2015-04-27
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83059
    titleAmazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-516)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0806.NASL
    descriptionFrom Red Hat Security Advisory 2015:0806 : Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82787
    published2015-04-15
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82787
    titleOracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2015-0806)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0808.NASL
    descriptionFrom Red Hat Security Advisory 2015:0808 : Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82788
    published2015-04-15
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82788
    titleOracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2015-0808)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0858.NASL
    descriptionUpdated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 95 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82910
    published2015-04-21
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82910
    titleRHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2015:0858)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0809.NASL
    descriptionUpdated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) Multiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82804
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82804
    titleCentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:0809)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150415_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL
    descriptionAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-03-18
    modified2015-04-16
    plugin id82814
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82814
    titleScientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20150415)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0807.NASL
    descriptionUpdated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82791
    published2015-04-15
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82791
    titleRHEL 5 : java-1.7.0-openjdk (RHSA-2015:0807)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0809.NASL
    descriptionUpdated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) Multiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82811
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82811
    titleRHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2015:0809)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-515.NASL
    descriptionAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080 , CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478)
    last seen2020-06-01
    modified2020-06-02
    plugin id83058
    published2015-04-27
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83058
    titleAmazon Linux AMI : java-1.6.0-openjdk (ALAS-2015-515)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0857.NASL
    descriptionUpdated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 79 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82909
    published2015-04-21
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82909
    titleRHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:0857)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1020.NASL
    descriptionUpdated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR3 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id83753
    published2015-05-21
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83753
    titleRHEL 6 / 7 : java-1.7.1-ibm (RHSA-2015:1020) (Bar Mitzvah)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1007.NASL
    descriptionUpdated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to from the References section, for additional details about this change. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR9 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id83433
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83433
    titleRHEL 5 : java-1.7.0-ibm (RHSA-2015:1007) (Bar Mitzvah)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0809.NASL
    descriptionFrom Red Hat Security Advisory 2015:0809 : Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) Multiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82789
    published2015-04-15
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82789
    titleOracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2015-0809)

Redhat

advisories
  • rhsa
    idRHSA-2015:0806
  • rhsa
    idRHSA-2015:0807
  • rhsa
    idRHSA-2015:0808
  • rhsa
    idRHSA-2015:0809
  • rhsa
    idRHSA-2015:0854
  • rhsa
    idRHSA-2015:0857
  • rhsa
    idRHSA-2015:0858
  • rhsa
    idRHSA-2015:1006
  • rhsa
    idRHSA-2015:1007
  • rhsa
    idRHSA-2015:1020
  • rhsa
    idRHSA-2015:1021
  • rhsa
    idRHSA-2015:1091
rpms
  • java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.el6_6
  • java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-accessibility-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-accessibility-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.79-2.5.5.1.el6_6
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-demo-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-demo-1:1.7.0.79-2.5.5.1.el6_6
  • java-1.7.0-openjdk-demo-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-devel-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-devel-1:1.7.0.79-2.5.5.1.el6_6
  • java-1.7.0-openjdk-devel-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-headless-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-headless-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-javadoc-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-javadoc-1:1.7.0.79-2.5.5.1.el6_6
  • java-1.7.0-openjdk-javadoc-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-src-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-src-1:1.7.0.79-2.5.5.1.el6_6
  • java-1.7.0-openjdk-src-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-1:1.7.0.79-2.5.5.2.el5_11
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.79-2.5.5.2.el5_11
  • java-1.7.0-openjdk-demo-1:1.7.0.79-2.5.5.2.el5_11
  • java-1.7.0-openjdk-devel-1:1.7.0.79-2.5.5.2.el5_11
  • java-1.7.0-openjdk-javadoc-1:1.7.0.79-2.5.5.2.el5_11
  • java-1.7.0-openjdk-src-1:1.7.0.79-2.5.5.2.el5_11
  • java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el5_11
  • java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el6_6
  • java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el7_1
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.35-1.13.7.1.el5_11
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.35-1.13.7.1.el6_6
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.35-1.13.7.1.el7_1
  • java-1.6.0-openjdk-demo-1:1.6.0.35-1.13.7.1.el5_11
  • java-1.6.0-openjdk-demo-1:1.6.0.35-1.13.7.1.el6_6
  • java-1.6.0-openjdk-demo-1:1.6.0.35-1.13.7.1.el7_1
  • java-1.6.0-openjdk-devel-1:1.6.0.35-1.13.7.1.el5_11
  • java-1.6.0-openjdk-devel-1:1.6.0.35-1.13.7.1.el6_6
  • java-1.6.0-openjdk-devel-1:1.6.0.35-1.13.7.1.el7_1
  • java-1.6.0-openjdk-javadoc-1:1.6.0.35-1.13.7.1.el5_11
  • java-1.6.0-openjdk-javadoc-1:1.6.0.35-1.13.7.1.el6_6
  • java-1.6.0-openjdk-javadoc-1:1.6.0.35-1.13.7.1.el7_1
  • java-1.6.0-openjdk-src-1:1.6.0.35-1.13.7.1.el5_11
  • java-1.6.0-openjdk-src-1:1.6.0.35-1.13.7.1.el6_6
  • java-1.6.0-openjdk-src-1:1.6.0.35-1.13.7.1.el7_1
  • java-1.8.0-openjdk-1:1.8.0.45-28.b13.el6_6
  • java-1.8.0-openjdk-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-openjdk-accessibility-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-accessibility-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.45-28.b13.el6_6
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-openjdk-demo-1:1.8.0.45-28.b13.el6_6
  • java-1.8.0-openjdk-demo-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-demo-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-openjdk-devel-1:1.8.0.45-28.b13.el6_6
  • java-1.8.0-openjdk-devel-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-devel-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-openjdk-headless-1:1.8.0.45-28.b13.el6_6
  • java-1.8.0-openjdk-headless-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-headless-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-openjdk-javadoc-1:1.8.0.45-28.b13.el6_6
  • java-1.8.0-openjdk-javadoc-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-javadoc-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-openjdk-src-1:1.8.0.45-28.b13.el6_6
  • java-1.8.0-openjdk-src-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-src-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el7_1
  • java-1.8.0-oracle-devel-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-devel-1:1.8.0.45-1jpp.2.el7_1
  • java-1.8.0-oracle-javafx-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-javafx-1:1.8.0.45-1jpp.2.el7_1
  • java-1.8.0-oracle-jdbc-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-jdbc-1:1.8.0.45-1jpp.2.el7_1
  • java-1.8.0-oracle-plugin-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-plugin-1:1.8.0.45-1jpp.2.el7_1
  • java-1.8.0-oracle-src-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-src-1:1.8.0.45-1jpp.2.el7_1
  • java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el7_1
  • java-1.7.0-oracle-devel-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-devel-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-devel-1:1.7.0.79-1jpp.1.el7_1
  • java-1.7.0-oracle-javafx-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-javafx-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-javafx-1:1.7.0.79-1jpp.1.el7_1
  • java-1.7.0-oracle-jdbc-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-jdbc-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-jdbc-1:1.7.0.79-1jpp.1.el7_1
  • java-1.7.0-oracle-plugin-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-plugin-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-plugin-1:1.7.0.79-1jpp.1.el7_1
  • java-1.7.0-oracle-src-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-src-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-src-1:1.7.0.79-1jpp.1.el7_1
  • java-1.6.0-sun-1:1.6.0.95-1jpp.3.el5_11
  • java-1.6.0-sun-1:1.6.0.95-1jpp.3.el6_6
  • java-1.6.0-sun-1:1.6.0.95-1jpp.3.el7_1
  • java-1.6.0-sun-demo-1:1.6.0.95-1jpp.3.el5_11
  • java-1.6.0-sun-demo-1:1.6.0.95-1jpp.3.el6_6
  • java-1.6.0-sun-demo-1:1.6.0.95-1jpp.3.el7_1
  • java-1.6.0-sun-devel-1:1.6.0.95-1jpp.3.el5_11
  • java-1.6.0-sun-devel-1:1.6.0.95-1jpp.3.el6_6
  • java-1.6.0-sun-devel-1:1.6.0.95-1jpp.3.el7_1
  • java-1.6.0-sun-jdbc-1:1.6.0.95-1jpp.3.el5_11
  • java-1.6.0-sun-jdbc-1:1.6.0.95-1jpp.3.el6_6
  • java-1.6.0-sun-jdbc-1:1.6.0.95-1jpp.3.el7_1
  • java-1.6.0-sun-plugin-1:1.6.0.95-1jpp.3.el5_11
  • java-1.6.0-sun-plugin-1:1.6.0.95-1jpp.3.el6_6
  • java-1.6.0-sun-plugin-1:1.6.0.95-1jpp.3.el7_1
  • java-1.6.0-sun-src-1:1.6.0.95-1jpp.3.el5_11
  • java-1.6.0-sun-src-1:1.6.0.95-1jpp.3.el6_6
  • java-1.6.0-sun-src-1:1.6.0.95-1jpp.3.el7_1
  • java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6
  • java-1.6.0-ibm-accessibility-1:1.6.0.16.4-1jpp.1.el5
  • java-1.6.0-ibm-demo-1:1.6.0.16.4-1jpp.1.el5
  • java-1.6.0-ibm-demo-1:1.6.0.16.4-1jpp.1.el6_6
  • java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.4-1jpp.1.el5
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.4-1jpp.1.el6_6
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.4-1jpp.1.el5
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.4-1jpp.1.el6_6
  • java-1.6.0-ibm-plugin-1:1.6.0.16.4-1jpp.1.el5
  • java-1.6.0-ibm-plugin-1:1.6.0.16.4-1jpp.1.el6_6
  • java-1.6.0-ibm-src-1:1.6.0.16.4-1jpp.1.el5
  • java-1.6.0-ibm-src-1:1.6.0.16.4-1jpp.1.el6_6
  • java-1.7.0-ibm-1:1.7.0.9.0-1jpp.1.el5
  • java-1.7.0-ibm-demo-1:1.7.0.9.0-1jpp.1.el5
  • java-1.7.0-ibm-devel-1:1.7.0.9.0-1jpp.1.el5
  • java-1.7.0-ibm-jdbc-1:1.7.0.9.0-1jpp.1.el5
  • java-1.7.0-ibm-plugin-1:1.7.0.9.0-1jpp.1.el5
  • java-1.7.0-ibm-src-1:1.7.0.9.0-1jpp.1.el5
  • java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.ael7b_1
  • java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el6_6
  • java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el7_1
  • java-1.7.1-ibm-demo-1:1.7.1.3.0-1jpp.2.ael7b_1
  • java-1.7.1-ibm-demo-1:1.7.1.3.0-1jpp.2.el6_6
  • java-1.7.1-ibm-demo-1:1.7.1.3.0-1jpp.2.el7_1
  • java-1.7.1-ibm-devel-1:1.7.1.3.0-1jpp.2.ael7b_1
  • java-1.7.1-ibm-devel-1:1.7.1.3.0-1jpp.2.el6_6
  • java-1.7.1-ibm-devel-1:1.7.1.3.0-1jpp.2.el7_1
  • java-1.7.1-ibm-jdbc-1:1.7.1.3.0-1jpp.2.ael7b_1
  • java-1.7.1-ibm-jdbc-1:1.7.1.3.0-1jpp.2.el6_6
  • java-1.7.1-ibm-jdbc-1:1.7.1.3.0-1jpp.2.el7_1
  • java-1.7.1-ibm-plugin-1:1.7.1.3.0-1jpp.2.el6_6
  • java-1.7.1-ibm-plugin-1:1.7.1.3.0-1jpp.2.el7_1
  • java-1.7.1-ibm-src-1:1.7.1.3.0-1jpp.2.ael7b_1
  • java-1.7.1-ibm-src-1:1.7.1.3.0-1jpp.2.el6_6
  • java-1.7.1-ibm-src-1:1.7.1.3.0-1jpp.2.el7_1
  • java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el5
  • java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el6_6
  • java-1.5.0-ibm-accessibility-1:1.5.0.16.10-1jpp.1.el5
  • java-1.5.0-ibm-demo-1:1.5.0.16.10-1jpp.1.el5
  • java-1.5.0-ibm-demo-1:1.5.0.16.10-1jpp.1.el6_6
  • java-1.5.0-ibm-devel-1:1.5.0.16.10-1jpp.1.el5
  • java-1.5.0-ibm-devel-1:1.5.0.16.10-1jpp.1.el6_6
  • java-1.5.0-ibm-javacomm-1:1.5.0.16.10-1jpp.1.el5
  • java-1.5.0-ibm-javacomm-1:1.5.0.16.10-1jpp.1.el6_6
  • java-1.5.0-ibm-jdbc-1:1.5.0.16.10-1jpp.1.el5
  • java-1.5.0-ibm-jdbc-1:1.5.0.16.10-1jpp.1.el6_6
  • java-1.5.0-ibm-plugin-1:1.5.0.16.10-1jpp.1.el5
  • java-1.5.0-ibm-plugin-1:1.5.0.16.10-1jpp.1.el6_6
  • java-1.5.0-ibm-src-1:1.5.0.16.10-1jpp.1.el5
  • java-1.5.0-ibm-src-1:1.5.0.16.10-1jpp.1.el6_6
  • java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6
  • java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6