Vulnerabilities > CVE-2008-0657 - Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

sun

CWE-264

critical

nessus

NVD

Published: 2008-02-07

Updated: 2017-09-29

Summary

Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.

Vulnerable Configurations

Part	Description	Count
Application	Sun SUN JRE 1.1.8 SUN JRE 1.4.2 SUN JRE 1.5.0 SUN JRE 1.3.0 SUN JRE 1.3.1 SUN JRE 1.4.1 SUN JRE 1.6.0 SUN JDK - SUN JDK 1.1.0 SUN JDK 1.1.6 SUN JDK 1.1.7B SUN JDK 1.1.8 SUN JDK 1.2.0 SUN JDK 1.2.1 SUN JDK 1.2.2 SUN JDK 1.3.0 SUN JDK 1.3.0_01 SUN JDK 1.3.0_02 SUN JDK 1.3.0_03 SUN JDK 1.3.0_04 SUN JDK 1.3.0_05 SUN JDK 1.3.1 SUN JDK 1.3.1_01 SUN JDK 1.3.1_01A SUN JDK 1.3.1_02 SUN JDK 1.3.1_03 SUN JDK 1.3.1_04 SUN JDK 1.3.1_05 SUN JDK 1.3.1_06 SUN JDK 1.3.1_07 SUN JDK 1.3.1_08 SUN JDK 1.3.1_09 SUN JDK 1.3.1_10 SUN JDK 1.3.1_11 SUN JDK 1.3.1_12 SUN JDK 1.3.1_13 SUN JDK 1.3.1_14 SUN JDK 1.3.1_15 SUN JDK 1.3.1_16 SUN JDK 1.3.1_17 SUN JDK 1.3.1_18 SUN JDK 1.3.1_19 SUN JDK 1.3.1_20 SUN JDK 1.3.1_21 SUN JDK 1.3.1_22 SUN JDK 1.3.1_23 SUN JDK 1.3.1_24 SUN JDK 1.3.1_25 SUN JDK 1.3.1_26 SUN JDK 1.3.1_27 SUN JDK 1.3.1_28 SUN JDK 1.4.0 SUN JDK 1.4.1 SUN JDK 1.4.2 SUN JDK 1.4.2_1 SUN JDK 1.4.2_2 SUN JDK 1.4.2_3 SUN JDK 1.4.2_4 SUN JDK 1.4.2_5 SUN JDK 1.4.2_6 SUN JDK 1.4.2_7 SUN JDK 1.4.2_8 SUN JDK 1.4.2_9 SUN JDK 1.4.2_10 SUN JDK 1.4.2_11 SUN JDK 1.4.2_12 SUN JDK 1.4.2_13 SUN JDK 1.4.2_14 SUN JDK 1.4.2_15 SUN JDK 1.4.2_16 SUN JDK 1.4.2_17 SUN JDK 1.4.2_18 SUN JDK 1.4.2_19 SUN JDK 1.4.2_22 SUN JDK 1.4.2_23 SUN JDK 1.4.2_24 SUN JDK 1.4.2_25 SUN JDK 1.4.2_26 SUN JDK 1.4.2_27 SUN JDK 1.4.2_28 SUN JDK 1.4.2_29 SUN JDK 1.4.2_30 SUN JDK 1.4.2_31 SUN JDK 1.4.2_32 SUN JDK 1.4.2_33 SUN JDK 1.4.2_34 SUN JDK 1.4.2_35 SUN JDK 1.4.2_36 SUN JDK 1.4.2_37 SUN JDK 1.5.0 SUN JDK 1.5.0.180 SUN JDK 1.5.0.220 SUN JDK 1.5.0.260 SUN JDK 1.5.0.280 SUN JDK 1.5.0.300 SUN JDK 1.5.0.320 SUN JDK 1.6.0 SUN JDK 1.6.0.110 SUN JDK 1.6.0.160 SUN JDK 1.6.0.170 SUN JDK 1.6.0.180 SUN JDK 1.6.0.190 SUN JDK 1.6.0.200 SUN JDK 1.6.0.210 SUN JDK 1.6.0.220 SUN JDK 1.6.0.230 SUN JDK 1.6.0.240 SUN JDK 1.6.0.250 SUN JDK 1.6.0.260 SUN JDK 1.6.0.270 SUN JDK 1.6.0.290 SUN JDK 1.6.0.300	203

Common Weakness Enumeration (CWE)

CWE-264 - Permissions, Privileges, and Access Controls

Common Attack Pattern Enumeration and Classification (CAPEC)

Accessing, Modifying or Executing Executable Files
An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
Blue Boxing
This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
Restful Privilege Elevation
Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
Target Programs with Elevated Privileges
This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200804-20.NASL
description	The remote host is affected by the vulnerability described in GLSA-200804-20 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Sun Java: Daniel Soeder discovered that a long codebase attribute string in a JNLP file will overflow a stack variable when launched by Java WebStart (CVE-2007-3655). Multiple vulnerabilities (CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) that were previously reported as GLSA 200705-23 and GLSA 200706-08 also affect 1.4 and 1.6 SLOTs, which was not mentioned in the initial revision of said GLSAs. The Zero Day Initiative, TippingPoint and John Heasman reported multiple buffer overflows and unspecified vulnerabilities in Java Web Start (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191). Hisashi Kojima of Fujitsu and JPCERT/CC reported a security issue when performing XSLT transformations (CVE-2008-1187). CERT/CC reported a Stack-based buffer overflow in Java Web Start when using JNLP files (CVE-2008-1196). Azul Systems reported an unspecified vulnerability that allows applets to escalate their privileges (CVE-2007-5689). Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and David Byrne discovered multiple instances where Java applets or JavaScript programs run within browsers do not pin DNS hostnames to a single IP address, allowing for DNS rebinding attacks (CVE-2007-5232, CVE-2007-5273, CVE-2007-5274). Peter Csepely reported that Java Web Start does not properly enforce access restrictions for untrusted applications (CVE-2007-5237, CVE-2007-5238). Java Web Start does not properly enforce access restrictions for untrusted Java applications and applets, when handling drag-and-drop operations (CVE-2007-5239). Giorgio Maone discovered that warnings for untrusted code can be hidden under applications
last seen	2020-06-01
modified	2020-06-02
plugin id	32013
published	2008-04-22
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/32013
title	GLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200804-20. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(32013); script_version("1.29"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-2435", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3655", "CVE-2007-5232", "CVE-2007-5237", "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5273", "CVE-2007-5274", "CVE-2007-5689", "CVE-2008-0628", "CVE-2008-0657", "CVE-2008-1185", "CVE-2008-1186", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1191", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196"); script_xref(name:"GLSA", value:"200804-20"); script_name(english:"GLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200804-20 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Sun Java: Daniel Soeder discovered that a long codebase attribute string in a JNLP file will overflow a stack variable when launched by Java WebStart (CVE-2007-3655). Multiple vulnerabilities (CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) that were previously reported as GLSA 200705-23 and GLSA 200706-08 also affect 1.4 and 1.6 SLOTs, which was not mentioned in the initial revision of said GLSAs. The Zero Day Initiative, TippingPoint and John Heasman reported multiple buffer overflows and unspecified vulnerabilities in Java Web Start (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191). Hisashi Kojima of Fujitsu and JPCERT/CC reported a security issue when performing XSLT transformations (CVE-2008-1187). CERT/CC reported a Stack-based buffer overflow in Java Web Start when using JNLP files (CVE-2008-1196). Azul Systems reported an unspecified vulnerability that allows applets to escalate their privileges (CVE-2007-5689). Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and David Byrne discovered multiple instances where Java applets or JavaScript programs run within browsers do not pin DNS hostnames to a single IP address, allowing for DNS rebinding attacks (CVE-2007-5232, CVE-2007-5273, CVE-2007-5274). Peter Csepely reported that Java Web Start does not properly enforce access restrictions for untrusted applications (CVE-2007-5237, CVE-2007-5238). Java Web Start does not properly enforce access restrictions for untrusted Java applications and applets, when handling drag-and-drop operations (CVE-2007-5239). Giorgio Maone discovered that warnings for untrusted code can be hidden under applications' windows (CVE-2007-5240). Fujitsu reported two security issues where security restrictions of web applets and applications were not properly enforced (CVE-2008-1185, CVE-2008-1186). John Heasman of NGSSoftware discovered that the Java Plug-in does not properly enforce the same origin policy (CVE-2008-1192). Chris Evans of the Google Security Team discovered multiple unspecified vulnerabilities within the Java Runtime Environment Image Parsing Library (CVE-2008-1193, CVE-2008-1194). Gregory Fleischer reported that web content fetched via the 'jar:' protocol was not subject to network access restrictions (CVE-2008-1195). Chris Evans and Johannes Henkel of the Google Security Team reported that the XML parsing code retrieves external entities even when that feature is disabled (CVE-2008-0628). Multiple unspecified vulnerabilities might allow for escalation of privileges (CVE-2008-0657). Impact : A remote attacker could entice a user to run a specially crafted applet on a website or start an application in Java Web Start to execute arbitrary code outside of the Java sandbox and of the Java security restrictions with the privileges of the user running Java. The attacker could also obtain sensitive information, create, modify, rename and read local files, execute local applications, establish connections in the local network, bypass the same origin policy, and cause a Denial of Service via multiple vectors. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200705-23" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200706-08" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200804-20" ); script_set_attribute( attribute:"solution", value: "All Sun JRE 1.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.6.0.05' All Sun JRE 1.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.5.0.15' All Sun JRE 1.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.17' All Sun JDK 1.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.6.0.05' All Sun JDK 1.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.5.0.15' All Sun JDK 1.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.17' All emul-linux-x86-java 1.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.6.0.05' All emul-linux-x86-java 1.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.5.0.15' All emul-linux-x86-java 1.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.4.2.17'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(119, 189, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:emul-linux-x86-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:sun-jdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:sun-jre-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-java/sun-jre-bin", unaffected:make_list("ge 1.6.0.05", "rge 1.5.0.21", "rge 1.5.0.20", "rge 1.5.0.19", "rge 1.5.0.18", "rge 1.5.0.17", "rge 1.5.0.16", "rge 1.5.0.15", "rge 1.4.2.17", "rge 1.5.0.22"), vulnerable:make_list("lt 1.6.0.05"))) flag++; if (qpkg_check(package:"app-emulation/emul-linux-x86-java", unaffected:make_list("ge 1.6.0.05", "rge 1.5.0.21", "rge 1.5.0.20", "rge 1.5.0.19", "rge 1.5.0.18", "rge 1.5.0.17", "rge 1.5.0.16", "rge 1.5.0.15", "rge 1.4.2.17", "rge 1.5.0.22"), vulnerable:make_list("lt 1.6.0.05"))) flag++; if (qpkg_check(package:"dev-java/sun-jdk", unaffected:make_list("ge 1.6.0.05", "rge 1.5.0.21", "rge 1.5.0.20", "rge 1.5.0.19", "rge 1.5.0.18", "rge 1.5.0.17", "rge 1.5.0.16", "rge 1.5.0.15", "rge 1.4.2.17", "rge 1.5.0.22"), vulnerable:make_list("lt 1.6.0.05"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Sun JDK/JRE"); }

NASL family	Misc.
NASL id	SUN_JAVA_JRE_231261_UNIX.NASL
description	The version of Sun Java Runtime Environment (JRE) installed on the remote host reportedly contains two vulnerabilities that may independently allow an untrusted application or applet to elevate its privileges by, for example, granting itself permission to read and write local files or execute local applications subject to the privileges of the user running the application or applet.
last seen	2020-06-01
modified	2020-06-02
plugin id	64826
published	2013-02-22
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64826
title	Sun Java JRE Applet Handling Privilege Escalation (231261) (Unix)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(64826); script_version("1.8"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2008-0657"); script_bugtraq_id(27650); script_xref(name:"Secunia", value:"28795"); script_name(english:"Sun Java JRE Applet Handling Privilege Escalation (231261) (Unix)"); script_summary(english:"Checks version of Sun JRE"); script_set_attribute(attribute:"synopsis", value: "The remote Unix host has an application that is affected by privilege escalation vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Sun Java Runtime Environment (JRE) installed on the remote host reportedly contains two vulnerabilities that may independently allow an untrusted application or applet to elevate its privileges by, for example, granting itself permission to read and write local files or execute local applications subject to the privileges of the user running the application or applet."); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1018968.1.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Sun JDK and JRE 6 Update 2 / JDK and JRE 5.0 Update 14 or later and remove, if necessary, any affected versions."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-0657"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(264); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed_unix.nasl"); script_require_keys("Host/Java/JRE/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*"); info = ""; vuln = 0; vuln2 = 0; installed_versions = ""; granular = ""; foreach install (list_uniq(keys(installs))) { ver = install - "Host/Java/JRE/Unmanaged/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; if ( ver =~ "^1\.6\.0_0[01][^0-9]?" \|\| ver =~ "^1\.5\.0_(0[0-9]\|1[0-3])[^0-9]?" ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.6.0_02 / 1.5.0_14\n'; } else if (ver =~ "^[\d\.]+$") { dirs = make_list(get_kb_list(install)); foreach dir (dirs) granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n'; } else { dirs = make_list(get_kb_list(install)); vuln2 += max_index(dirs); } } # Report if any were found to be vulnerable. if (info) { if (report_verbosity > 0) { if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_hole(port:0, extra:report); } else security_hole(0); if (granular) exit(0, granular); } else { if (granular) exit(0, granular); installed_versions = substr(installed_versions, 3); if (vuln2 > 1) exit(0, "The Java "+installed_versions+" installs on the remote host are not affected."); else exit(0, "The Java "+installed_versions+" install on the remote host is not affected."); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_JAVA-1_5_0-IBM-5183.NASL
description	IBM Java 5 was updated to SR7 to fix various security issues : - A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1196) - A vulnerability in the Java Runtime Environment may allow JavaScript(TM) code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs, This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2008-1195) - Two buffer overflow vulnerabilities may allow an untrusted applet or application to cause the Java Runtime Environment to crash. (CVE-2008-1194) - A buffer overflow vulnerability in the Java Runtime Environment image parsing code may allow an untrusted applet or application to create a denial-of-service condition, by causing the Java Runtime Environment to crash. (CVE-2008-1194) - A buffer overflow vulnerability in the Java Runtime Environment image parsing code allow an untrusted applet or application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1193) - A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1192) - A vulnerability in Java Web Start may allow an untrusted Java Web Start application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1190) - A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1189) - Two buffer overflow vulnerabilities in Java Web Start may independently allow an untrusted Java Web Start application to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1188) - A vulnerability in the Java Runtime Environment with parsing XML data may allow an untrusted applet or application to elevate its privileges. For example, an applet may read certain URL resources (such as some files and web pages). (CVE-2008-1187) - A vulnerability in the Java Runtime Environment may allow an untrusted application or applet that is downloaded from a website to elevate its privileges. For example, the application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet. (CVE-2008-0657) - A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5232) - A vulnerability in the Java Runtime Environment (JRE) may allow malicious JavaScript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the JavaScript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5274) - A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5273) - An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application. (CVE-2007-5236) - Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2007-5238) - An untrusted Java Web Start application or Java applet may move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window. (CVE-2007-5239) - An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. (CVE-2007-5240) - A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-4381)
last seen	2020-06-01
modified	2020-06-02
plugin id	32050
published	2008-04-25
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/32050
title	SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5183)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(32050); script_version ("1.21"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2007-4381", "CVE-2007-5232", "CVE-2007-5236", "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5273", "CVE-2007-5274", "CVE-2008-0657", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196"); script_name(english:"SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5183)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "IBM Java 5 was updated to SR7 to fix various security issues : - A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1196) - A vulnerability in the Java Runtime Environment may allow JavaScript(TM) code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs, This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2008-1195) - Two buffer overflow vulnerabilities may allow an untrusted applet or application to cause the Java Runtime Environment to crash. (CVE-2008-1194) - A buffer overflow vulnerability in the Java Runtime Environment image parsing code may allow an untrusted applet or application to create a denial-of-service condition, by causing the Java Runtime Environment to crash. (CVE-2008-1194) - A buffer overflow vulnerability in the Java Runtime Environment image parsing code allow an untrusted applet or application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1193) - A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1192) - A vulnerability in Java Web Start may allow an untrusted Java Web Start application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1190) - A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1189) - Two buffer overflow vulnerabilities in Java Web Start may independently allow an untrusted Java Web Start application to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1188) - A vulnerability in the Java Runtime Environment with parsing XML data may allow an untrusted applet or application to elevate its privileges. For example, an applet may read certain URL resources (such as some files and web pages). (CVE-2008-1187) - A vulnerability in the Java Runtime Environment may allow an untrusted application or applet that is downloaded from a website to elevate its privileges. For example, the application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet. (CVE-2008-0657) - A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5232) - A vulnerability in the Java Runtime Environment (JRE) may allow malicious JavaScript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the JavaScript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5274) - A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5273) - An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application. (CVE-2007-5236) - Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2007-5238) - An untrusted Java Web Start application or Java applet may move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window. (CVE-2007-5239) - An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. (CVE-2007-5240) - A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-4381)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4381.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5232.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5236.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5238.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5239.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5240.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5273.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5274.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-0657.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1187.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1188.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1189.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1190.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1192.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1193.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1194.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1195.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1196.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5183."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(119, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-demo-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-devel-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-src-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-alsa-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-jdbc-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-plugin-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-32bit-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-alsa-32bit-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-devel-32bit-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"java-1_5_0-ibm-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"java-1_5_0-ibm-devel-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"java-1_5_0-ibm-fonts-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-alsa-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-jdbc-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-plugin-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-32bit-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-alsa-32bit-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-devel-32bit-1.5.0_sr7-0.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0123.NASL
description	Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. These updated java-1.5.0-sun packages resolve the following security issues : Two vulnerabilities in the Java Runtime Environment allowed an untrusted application or applet to elevate the assigned privileges. This could be misused by a malicious website to read and write local files or execute local applications in the context of the user running the Java process. (CVE-2008-0657) Users of java-1.5.0-sun should upgrade to these updated packages, which contain backported patches to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	40713
published	2009-08-24
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40713
title	RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:0123)

NASL family	VMware ESX Local Security Checks
NASL id	VMWARE_VMSA-2008-00010.NASL
description	Updated ESX patches and VirtualCenter update 2 fix the following application vulnerabilities. a. Tomcat Server Security Update This release of ESX updates the Tomcat Server package to version 5.5.26, which addresses multiple security issues that existed in earlier releases of Tomcat Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286 to the security issues fixed in Tomcat 5.5.26. b. JRE Security Update This release of ESX and VirtualCenter updates the JRE package to version 1.5.0_15, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-0657, CVE-2007-5689, CVE-2007-5232, CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5274 to the security issues fixed in JRE 1.5.0_12, JRE 1.5.0_13, JRE 1.5.0_14, JRE 1.5.0_15. Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices.
last seen	2017-10-29
modified	2012-04-26
plugin id	40371
published	2009-07-27
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=40371
title	VMSA-2008-00010 : Updated Tomcat and Java JRE packages for VMware, ESX 3.5 and VirtualCenter 2.5 (DEPRECATED)

NASL family	VMware ESX Local Security Checks
NASL id	VMWARE_VMSA-2008-0010.NASL
description	ESX patches and updates for VirtualCenter fix the following application vulnerabilities. a. Tomcat Server Security Update The ESX patches and the updates for VirtualCenter update the Tomcat Server package to version 5.5.26, which addresses multiple security issues that existed in earlier releases of Tomcat Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286 to the security issues fixed in Tomcat 5.5.26. b. JRE Security Update The ESX patches and the updates for VirtualCenter update the JRE package to version 1.5.0_15, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-0657, CVE-2007-5689, CVE-2007-5232, CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5274 to the security issues fixed in JRE 1.5.0_12, JRE 1.5.0_13, JRE 1.5.0_14, JRE 1.5.0_15.
last seen	2020-06-01
modified	2020-06-02
plugin id	40379
published	2009-07-27
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40379
title	VMSA-2008-0010 : Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0210.NASL
description	Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM
last seen	2020-06-01
modified	2020-06-02
plugin id	40718
published	2009-08-24
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40718
title	RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2008:0210)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0156.NASL
description	Updated java-1.5.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.5.0_14 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.5.0_14 and are certified for the Java 5 Platform, Standard Edition, v1.5.0. A flaw in the applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from. (CVE-2007-5232) Untrusted Java Applets were able to drag and drop a file to a Desktop Application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files. (CVE-2007-5239) The Java Runtime Environment (JRE) allowed untrusted Java Applets or applications to display oversized windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240) Unsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5273) Two vulnerabilities in the Java Runtime Environment allowed an untrusted application or applet to elevate the assigned privileges. This could be misused by a malicious website to read and write local files or execute local applications in the context of the user running the Java process. (CVE-2008-0657) Those vulnerabilities concerned with applets can only be triggered in java-1.5.0-bea by calling the
last seen	2020-06-01
modified	2020-06-02
plugin id	40716
published	2009-08-24
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40716
title	RHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:0156)

NASL family	Windows
NASL id	SUN_JAVA_JRE_231261.NASL
description	The version of Sun Java Runtime Environment (JRE) installed on the remote host reportedly contains two vulnerabilities that may independently allow an untrusted application or applet to elevate its privileges by, for example, granting itself permission to read and write local files or execute local applications subject to the privileges of the user running the application or applet.
last seen	2020-06-01
modified	2020-06-02
plugin id	31344
published	2008-03-04
reporter	This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31344
title	Sun Java JRE Applet Handling Privilege Escalation (231261)

Oval

accepted

2010-09-06T04:10:29.495-04:00

class

vulnerability

contributors

name	Aharon Chernin
organization	SCAP.com, LLC

description

family

unix

oval:org.mitre.oval:def:11505

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa
id RHSA-2008:0123
rhsa
id RHSA-2008:0156
rhsa
id RHSA-2008:0210

rpms

java-1.5.0-sun-0:1.5.0.14-1jpp.2.el4
java-1.5.0-sun-0:1.5.0.14-1jpp.2.el5
java-1.5.0-sun-demo-0:1.5.0.14-1jpp.2.el4
java-1.5.0-sun-demo-0:1.5.0.14-1jpp.2.el5
java-1.5.0-sun-devel-0:1.5.0.14-1jpp.2.el4
java-1.5.0-sun-devel-0:1.5.0.14-1jpp.2.el5
java-1.5.0-sun-jdbc-0:1.5.0.14-1jpp.2.el4
java-1.5.0-sun-jdbc-0:1.5.0.14-1jpp.2.el5
java-1.5.0-sun-plugin-0:1.5.0.14-1jpp.2.el4
java-1.5.0-sun-plugin-0:1.5.0.14-1jpp.2.el5
java-1.5.0-sun-src-0:1.5.0.14-1jpp.2.el4
java-1.5.0-sun-src-0:1.5.0.14-1jpp.2.el5
java-1.5.0-bea-0:1.5.0.14-1jpp.1.el5
java-1.5.0-bea-demo-0:1.5.0.14-1jpp.1.el5
java-1.5.0-bea-devel-0:1.5.0.14-1jpp.1.el5
java-1.5.0-bea-jdbc-0:1.5.0.14-1jpp.1.el5
java-1.5.0-bea-missioncontrol-0:1.5.0.14-1jpp.1.el5
java-1.5.0-bea-src-0:1.5.0.14-1jpp.1.el5
java-1.5.0-ibm-1:1.5.0.7-1jpp.2.el4
java-1.5.0-ibm-1:1.5.0.7-1jpp.2.el5
java-1.5.0-ibm-accessibility-1:1.5.0.7-1jpp.2.el5
java-1.5.0-ibm-demo-1:1.5.0.7-1jpp.2.el4
java-1.5.0-ibm-demo-1:1.5.0.7-1jpp.2.el5
java-1.5.0-ibm-devel-1:1.5.0.7-1jpp.2.el4
java-1.5.0-ibm-devel-1:1.5.0.7-1jpp.2.el5
java-1.5.0-ibm-javacomm-1:1.5.0.7-1jpp.2.el4
java-1.5.0-ibm-javacomm-1:1.5.0.7-1jpp.2.el5
java-1.5.0-ibm-jdbc-1:1.5.0.7-1jpp.2.el4
java-1.5.0-ibm-jdbc-1:1.5.0.7-1jpp.2.el5
java-1.5.0-ibm-plugin-1:1.5.0.7-1jpp.2.el4
java-1.5.0-ibm-plugin-1:1.5.0.7-1jpp.2.el5
java-1.5.0-ibm-src-1:1.5.0.7-1jpp.2.el4
java-1.5.0-ibm-src-1:1.5.0.7-1jpp.2.el5
java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4
java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Oval

Redhat

References