Vulnerabilities > CVE-2008-3105 - Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE

047910
CVSS 8.3 - HIGH
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
COMPLETE
network
sun
CWE-264
nessus

Summary

Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application.

Vulnerable Configurations

Part Description Count
Application
Sun
12

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.

Nessus

  • NASL familyMisc.
    NASL idSUN_JAVA_JRE_6_7_UNIX.NASL
    descriptionThe version of Sun Java Runtime Environment (JRE) 6.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the JRE could allow unauthorized access to certain URL resources or cause a denial of service condition while processing XML data. In order to successfully exploit this issue, a JAX-WS client/service included with a trusted application should process the malicious XML content (238628). - A vulnerability in the JRE may allow an untrusted applet to access information from another applet (238687). - A buffer overflow vulnerability in Java Web Start could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start may disclose the location of Java Web Start cache (238905). - A vulnerability in Sun Java Management Extensions (JMX) could allow a JMX client running on a remote host to perform unauthorized actions on a host running JMX with local monitoring enabled (238965). - A vulnerability in the JRE could allow an untrusted applet / application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238967, 238687). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968).
    last seen2020-06-01
    modified2020-06-02
    plugin id64833
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64833
    titleSun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities (Unix)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64833);
      script_version("1.13");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2008-3103",
        "CVE-2008-3104",
        "CVE-2008-3105",
        "CVE-2008-3106",
        "CVE-2008-3107",
        "CVE-2008-3109",
        "CVE-2008-3110",
        "CVE-2008-3111",
        "CVE-2008-3112",
        "CVE-2008-3113",
        "CVE-2008-3114",
        "CVE-2008-3115"
      );
      script_bugtraq_id(
        30140,
        30141,
        30142,
        30143,
        30144,
        30146,
        30148
      );
    
      script_name(english:"Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities (Unix)");
      script_summary(english:"Checks version of Sun JRE");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Unix host has an application that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Sun Java Runtime Environment (JRE) 6.0 installed on the
    remote host is affected by multiple security issues :
    
      - A vulnerability in the JRE could allow unauthorized
        access to certain URL resources or cause a denial of
        service condition while processing XML data. In order to
        successfully exploit this issue, a JAX-WS client/service
        included with a trusted application should process the
        malicious XML content (238628).
    
      - A vulnerability in the JRE may allow an untrusted applet
        to access information from another applet (238687).
    
      - A buffer overflow vulnerability in Java Web Start could
        allow an untrusted applet to elevate its privileges to
        read, write and execute local applications available to
        users running an untrusted application (238905).
    
      - A vulnerability in Java Web Start could allow an
        untrusted application to create or delete arbitrary
        files subject to the privileges of the user running the
        application (238905).
    
      - A vulnerability in Java Web Start may disclose the
        location of Java Web Start cache (238905).
    
      - A vulnerability in Sun Java Management Extensions (JMX)
        could allow a JMX client running on a remote host to
        perform unauthorized actions on a host running JMX with
        local monitoring enabled (238965).
    
      - A vulnerability in the JRE could allow an untrusted
        applet / application to elevate its privileges to
        read, write and execute local applications with the
        privileges of the user running an untrusted applet
        (238967, 238687).
    
      - A vulnerability in the JRE may allow an untrusted
        applet to establish connections to services running on
        the localhost and potentially exploit vulnerabilities
        existing in the underlying JRE (238968).");
      script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019338.1.html");
      script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019344.1.html");
      script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019367.1.html");
      script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019373.1.html");
      script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019375.1.html");
      script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019376.1.html");
      script_set_attribute(attribute:"solution", value:
    "Update to Sun Java JDK and JRE 6 Update 7 or later and remove, if
    necessary, any affected versions.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-3113");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(16, 20, 119, 200, 264);
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("sun_java_jre_installed_unix.nasl");
      script_require_keys("Host/Java/JRE/Installed");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*");
    
    info = "";
    vuln = 0;
    vuln2 = 0;
    installed_versions = "";
    granular = "";
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "Host/Java/JRE/Unmanaged/";
      if (ver !~ "^[0-9.]+") continue;
      installed_versions = installed_versions + " & " + ver;
      if (ver =~ "^1\.6\.0_0[0-6][^0-9]?")
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.6.0_07\n';
      }
      else if (ver =~ "^[\d\.]+$")
      {
        dirs = make_list(get_kb_list(install));
        foreach dir (dirs)
          granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n';
      }
      else
      {
        dirs = make_list(get_kb_list(install));
        vuln2 += max_index(dirs);
      }
    
    }
    
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
          info;
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
      if (granular) exit(0, granular);
    }
    else
    {
      if (granular) exit(0, granular);
    
      installed_versions = substr(installed_versions, 3);
      if (vuln2 > 1)
        exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
      else
        exit(0, "The Java "+installed_versions+" install on the remote host is not affected.");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-1044.NASL
    descriptionjava-1.5.0-bea as shipped in Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, contains security flaws and should not be used. This update has been rated as having important security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit JRE and SDK contains BEA WebLogic JRockit Virtual Machine and is certified for the Java(tm) 2 Platform, Standard Edition, v1.5.0. The java-1.5.0-bea packages are vulnerable to important security flaws and should no longer be used. A flaw was found in the Java Management Extensions (JMX) management agent. When local monitoring was enabled, remote attackers could use this flaw to perform illegal operations. (CVE-2008-3103) Several flaws involving the handling of unsigned applets were found. A remote attacker could misuse an unsigned applet in order to connect to services on the host running the applet. (CVE-2008-3104) Several flaws in the Java API for XML Web Services (JAX-WS) client and the JAX-WS service implementation were found. A remote attacker who could cause malicious XML to be processed by an application could access URLs, or cause a denial of service. (CVE-2008-3105, CVE-2008-3106) A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3108) The vulnerabilities concerning applets listed above can only be triggered in java-1.5.0-bea, by calling the
    last seen2020-06-01
    modified2020-06-02
    plugin id40734
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40734
    titleRHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:1044)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:1044. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40734);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3108");
      script_bugtraq_id(30140, 30143, 30146, 30147);
      script_xref(name:"RHSA", value:"2008:1044");
    
      script_name(english:"RHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:1044)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "java-1.5.0-bea as shipped in Red Hat Enterprise Linux 4 Extras and Red
    Hat Enterprise Linux 5 Supplementary, contains security flaws and
    should not be used.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The BEA WebLogic JRockit JRE and SDK contains BEA WebLogic JRockit
    Virtual Machine and is certified for the Java(tm) 2 Platform, Standard
    Edition, v1.5.0.
    
    The java-1.5.0-bea packages are vulnerable to important security flaws
    and should no longer be used.
    
    A flaw was found in the Java Management Extensions (JMX) management
    agent. When local monitoring was enabled, remote attackers could use
    this flaw to perform illegal operations. (CVE-2008-3103)
    
    Several flaws involving the handling of unsigned applets were found. A
    remote attacker could misuse an unsigned applet in order to connect to
    services on the host running the applet. (CVE-2008-3104)
    
    Several flaws in the Java API for XML Web Services (JAX-WS) client and
    the JAX-WS service implementation were found. A remote attacker who
    could cause malicious XML to be processed by an application could
    access URLs, or cause a denial of service. (CVE-2008-3105,
    CVE-2008-3106)
    
    A buffer overflow vulnerability was found in the font processing code.
    This allowed remote attackers to extend the permissions of an
    untrusted applet or application, allowing it to read or write local
    files, as well as to execute local applications accessible to the user
    running the untrusted application. (CVE-2008-3108)
    
    The vulnerabilities concerning applets listed above can only be
    triggered in java-1.5.0-bea, by calling the 'appletviewer'
    application.
    
    BEA was acquired by Oracle(r) during 2008 (the acquisition was
    completed on April 29, 2008). Consequently, JRockit is now an Oracle
    offering and these issues are addressed in the current release of
    Oracle JRockit. Due to a license change by Oracle, however, Red Hat is
    unable to ship Oracle JRockit.
    
    Users who wish to continue using JRockit should get an update directly
    from Oracle: http://oracle.com/technology/software/products/jrockit/.
    
    Alternatives to Oracle JRockit include the Java 2 Technology Edition
    of the IBM(r) Developer Kit for Linux and the Sun(tm) Java SE
    Development Kit (JDK), both of which are available on the Extras or
    Supplementary channels. For Java 6 users, the new OpenJDK open source
    JDK will be included in Red Hat Enterprise Linux 5.3 and will be
    supported by Red Hat.
    
    This update removes the java-1.5.0-bea packages due to their known
    security vulnerabilities."
      );
      # https://support.bea.com/application_content/product_portlets/securityadvisories
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?826d01e9"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:1044"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1.5.0-bea-uninstall package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-uninstall");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/12/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:1044";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.5.0-bea-uninstall-1.5.0.14-1jpp.5.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-bea-uninstall-1.5.0.14-1jpp.5.el4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.5.0-bea-uninstall-1.5.0.14-1jpp.5.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-bea-uninstall-1.5.0.14-1jpp.5.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-bea-uninstall");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_5_0-SUN-5434.NASL
    descriptionSun Java was updated to 1.5.0u16 to fix following security vulnerabilities : CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet
    last seen2020-06-01
    modified2020-06-02
    plugin id34037
    published2008-08-24
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34037
    titleopenSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5434)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update java-1_5_0-sun-5434.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34037);
      script_version ("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:32");
    
      script_cve_id("CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3107", "CVE-2008-3108", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114", "CVE-2008-3115");
    
      script_name(english:"openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5434)");
      script_summary(english:"Check for the java-1_5_0-sun-5434 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Sun Java was updated to 1.5.0u16 to fix following security
    vulnerabilities :
    
    CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6
    Update 6 and earlier, and 5.0 Update 6 through 15, does not properly
    prevent execution of applets on older JRE releases, which might allow
    remote attackers to exploit vulnerabilities in these older releases.
    
    CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK
    and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK
    and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to
    obtain sensitive information (the cache location) via an untrusted
    application, aka CR 6704074. 
    
    CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK
    and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18
    allows remote attackers to create or delete arbitrary files via an
    untrusted application, aka CR 6704077. 
    
    CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK
    and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK
    and JRE 1.4.x before 1.4.2_18 allows remote attackers to create
    arbitrary files via an untrusted application, aka CR 6703909. 
    
    CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK
    and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK
    and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to
    gain privileges via an untrusted application, as demonstrated by an
    application that grants itself privileges to (1) read local files, (2)
    write to local files, or (3) execute local programs, aka CR 6557220.
    
    CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE)
    in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before
    1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows
    context-dependent attackers to gain privileges via unspecified vectors
    related to font processing. 
    
    CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun
    Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK
    and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18
    allows context-dependent attackers to gain privileges via an untrusted
    (1) application or (2) applet, as demonstrated by an application or
    applet that grants itself privileges to (a) read local files, (b)
    write to local files, or (c) execute local programs.
    
    CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime
    Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and
    JRE 5.0 Update 15 and earlier allows remote attackers to access URLs
    via unknown vectors involving processing of XML data by an untrusted
    (1) application or (2) applet, a different vulnerability than
    CVE-2008-3105. 
    
    CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java
    Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and
    JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK
    and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the
    security model for an applet's outbound connections by connecting to
    localhost services running on the machine that loaded the applet. 
    
    CVE-2008-3103: Unspecified vulnerability in the Java Management
    Extensions (JMX) management agent in Sun Java Runtime Environment
    (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update
    15 and earlier, when local monitoring is enabled, allows remote
    attackers to 'perform unauthorized operations' via unspecified
    vectors."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1_5_0-sun packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(16, 20, 119, 200, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/07/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2 / 10.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.2", reference:"java-1_5_0-sun-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"java-1_5_0-sun-alsa-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"java-1_5_0-sun-demo-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"java-1_5_0-sun-devel-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"java-1_5_0-sun-jdbc-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"java-1_5_0-sun-plugin-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"java-1_5_0-sun-src-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"java-1_5_0-sun-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"java-1_5_0-sun-alsa-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"java-1_5_0-sun-demo-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"java-1_5_0-sun-devel-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"java-1_5_0-sun-jdbc-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"java-1_5_0-sun-plugin-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"java-1_5_0-sun-src-1.5.0_update16-1.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_5_0-sun");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0906.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A flaw was found in the Java Management Extensions (JMX) management agent. When local monitoring is enabled, remote attackers could use this flaw to perform illegal operations. (CVE-2008-3103) Several flaws involving the handling of unsigned applets were found. A remote attacker could misuse an unsigned applet in order to connect to services on the host running the applet. (CVE-2008-3104) Several flaws in the Java API for XML Web Services (JAX-WS) client and the JAX-WS service implementation were found. A remote attacker who could cause malicious XML to be processed by an application could access URLs, or cause a denial of service. (CVE-2008-3105, CVE-2008-3106) Several flaws within the Java Runtime Environment (JRE) scripting support were found. A remote attacker could grant an untrusted applet extended privileges, such as reading and writing local files, executing local programs, or querying the sensitive data of other applets. (CVE-2008-3109, CVE-2008-3110) A flaw in Java Web Start was found. Using an untrusted Java Web Start application, a remote attacker could create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112) A flaw in Java Web Start when processing untrusted applications was found. An attacker could use this flaw to acquire sensitive information, such as the location of the cache. (CVE-2008-3114) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR2 Java release, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40728
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40728
    titleRHEL 4 / 5 : java-1.6.0-ibm (RHSA-2008:0906)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0906. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40728);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3109", "CVE-2008-3110", "CVE-2008-3112", "CVE-2008-3114");
      script_xref(name:"RHSA", value:"2008:0906");
    
      script_name(english:"RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2008:0906)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.6.0-ibm packages that fix several security issues are
    now available for Red Hat Enterprise Linux 4 Extras and Red Hat
    Enterprise Linux 5 Supplementary.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment
    and the IBM Java 2 Software Development Kit.
    
    A flaw was found in the Java Management Extensions (JMX) management
    agent. When local monitoring is enabled, remote attackers could use
    this flaw to perform illegal operations. (CVE-2008-3103)
    
    Several flaws involving the handling of unsigned applets were found. A
    remote attacker could misuse an unsigned applet in order to connect to
    services on the host running the applet. (CVE-2008-3104)
    
    Several flaws in the Java API for XML Web Services (JAX-WS) client and
    the JAX-WS service implementation were found. A remote attacker who
    could cause malicious XML to be processed by an application could
    access URLs, or cause a denial of service. (CVE-2008-3105,
    CVE-2008-3106)
    
    Several flaws within the Java Runtime Environment (JRE) scripting
    support were found. A remote attacker could grant an untrusted applet
    extended privileges, such as reading and writing local files,
    executing local programs, or querying the sensitive data of other
    applets. (CVE-2008-3109, CVE-2008-3110)
    
    A flaw in Java Web Start was found. Using an untrusted Java Web Start
    application, a remote attacker could create or delete arbitrary files
    with the permissions of the user running the untrusted application.
    (CVE-2008-3112)
    
    A flaw in Java Web Start when processing untrusted applications was
    found. An attacker could use this flaw to acquire sensitive
    information, such as the location of the cache. (CVE-2008-3114)
    
    All users of java-1.6.0-ibm are advised to upgrade to these updated
    packages, containing the IBM 1.6.0 SR2 Java release, which resolves
    these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3103"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3104"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3106"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3109"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3110"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3112"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3114"
      );
      # http://www-128.ibm.com/developerworks/java/jdk/alerts/
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.ibm.com/us-en/?ar=1"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0906"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(200, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/10/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0906";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"java-1.6.0-ibm-1.6.0.2-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.6.0-ibm-plugin-1.6.0.2-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-1.6.0.2-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-ibm-accessibility-1.6.0.2-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"java-1.6.0-ibm-accessibility-1.6.0.2-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-ibm-accessibility-1.6.0.2-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-ibm-plugin-1.6.0.2-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_JAVA-1_5_0-SUN-080715.NASL
    descriptionSun Java was updated to 1.5.0u16 to fix following security vulnerabilities : CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet
    last seen2020-06-01
    modified2020-06-02
    plugin id39996
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39996
    titleopenSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-96)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update java-1_5_0-sun-96.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39996);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3107", "CVE-2008-3108", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114", "CVE-2008-3115");
    
      script_name(english:"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-96)");
      script_summary(english:"Check for the java-1_5_0-sun-96 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Sun Java was updated to 1.5.0u16 to fix following security
    vulnerabilities :
    
    CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6
    Update 6 and earlier, and 5.0 Update 6 through 15, does not properly
    prevent execution of applets on older JRE releases, which might allow
    remote attackers to exploit vulnerabilities in these older releases.
    
    CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK
    and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK
    and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to
    obtain sensitive information (the cache location) via an untrusted
    application, aka CR 6704074. 
    
    CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK
    and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18
    allows remote attackers to create or delete arbitrary files via an
    untrusted application, aka CR 6704077. 
    
    CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK
    and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK
    and JRE 1.4.x before 1.4.2_18 allows remote attackers to create
    arbitrary files via an untrusted application, aka CR 6703909. 
    
    CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK
    and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK
    and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to
    gain privileges via an untrusted application, as demonstrated by an
    application that grants itself privileges to (1) read local files, (2)
    write to local files, or (3) execute local programs, aka CR 6557220.
    
    CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE)
    in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before
    1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows
    context-dependent attackers to gain privileges via unspecified vectors
    related to font processing. 
    
    CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun
    Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK
    and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18
    allows context-dependent attackers to gain privileges via an untrusted
    (1) application or (2) applet, as demonstrated by an application or
    applet that grants itself privileges to (a) read local files, (b)
    write to local files, or (c) execute local programs.
    
    CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime
    Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and
    JRE 5.0 Update 15 and earlier allows remote attackers to access URLs
    via unknown vectors involving processing of XML data by an untrusted
    (1) application or (2) applet, a different vulnerability than
    CVE-2008-3105. 
    
    CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java
    Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and
    JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK
    and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the
    security model for an applet's outbound connections by connecting to
    localhost services running on the machine that loaded the applet. 
    
    CVE-2008-3103: Unspecified vulnerability in the Java Management
    Extensions (JMX) management agent in Sun Java Runtime Environment
    (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update
    15 and earlier, when local monitoring is enabled, allows remote
    attackers to 'perform unauthorized operations' via unspecified
    vectors."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=407935"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1_5_0-sun packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(16, 20, 119, 200, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/07/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-alsa-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-demo-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-devel-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-jdbc-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-plugin-1.5.0_update16-1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-src-1.5.0_update16-1.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_5_0-sun");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-1045.NASL
    descriptionjava-1.6.0-bea as shipped in Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, contains security flaws and should not be used. This update has been rated as having important security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit JRE and SDK contains BEA WebLogic JRockit Virtual Machine and is certified for the Java(tm) 2 Platform, Standard Edition, v1.6.0. The java-1.6.0-bea packages are vulnerable to important security flaws and should no longer be used. A flaw was found in the Java Management Extensions (JMX) management agent. When local monitoring was enabled, remote attackers could use this flaw to perform illegal operations. (CVE-2008-3103) Several flaws involving the handling of unsigned applets were found. A remote attacker could misuse an unsigned applet in order to connect to services on the host running the applet. (CVE-2008-3104) Several flaws in the Java API for XML Web Services (JAX-WS) client and the JAX-WS service implementation were found. A remote attacker who could cause malicious XML to be processed by an application could access URLs, or cause a denial of service. (CVE-2008-3105, CVE-2008-3106) Several flaws within the Java Runtime Environment
    last seen2020-06-01
    modified2020-06-02
    plugin id40735
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40735
    titleRHEL 4 / 5 : java-1.6.0-bea (RHSA-2008:1045)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:1045. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40735);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3109", "CVE-2008-3110");
      script_bugtraq_id(30140, 30143, 30146, 30147);
      script_xref(name:"RHSA", value:"2008:1045");
    
      script_name(english:"RHEL 4 / 5 : java-1.6.0-bea (RHSA-2008:1045)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "java-1.6.0-bea as shipped in Red Hat Enterprise Linux 4 Extras and Red
    Hat Enterprise Linux 5 Supplementary, contains security flaws and
    should not be used.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The BEA WebLogic JRockit JRE and SDK contains BEA WebLogic JRockit
    Virtual Machine and is certified for the Java(tm) 2 Platform, Standard
    Edition, v1.6.0.
    
    The java-1.6.0-bea packages are vulnerable to important security flaws
    and should no longer be used.
    
    A flaw was found in the Java Management Extensions (JMX) management
    agent. When local monitoring was enabled, remote attackers could use
    this flaw to perform illegal operations. (CVE-2008-3103)
    
    Several flaws involving the handling of unsigned applets were found. A
    remote attacker could misuse an unsigned applet in order to connect to
    services on the host running the applet. (CVE-2008-3104)
    
    Several flaws in the Java API for XML Web Services (JAX-WS) client and
    the JAX-WS service implementation were found. A remote attacker who
    could cause malicious XML to be processed by an application could
    access URLs, or cause a denial of service. (CVE-2008-3105,
    CVE-2008-3106)
    
    Several flaws within the Java Runtime Environment's (JRE) scripting
    support were found. A remote attacker could grant an untrusted applet
    extended privileges, such as reading and writing local files,
    executing local programs, or querying the sensitive data of other
    applets. (CVE-2008-3109, CVE-2008-3110)
    
    The vulnerabilities concerning applets listed above can only be
    triggered in java-1.6.0-bea, by calling the 'appletviewer'
    application.
    
    BEA was acquired by Oracle(r) during 2008 (the acquisition was
    completed on April 29, 2008). Consequently, JRockit is now an Oracle
    offering and these issues are addressed in the current release of
    Oracle JRockit. Due to a license change by Oracle, however, Red Hat is
    unable to ship Oracle JRockit.
    
    Users who wish to continue using JRockit should get an update directly
    from Oracle: http://oracle.com/technology/software/products/jrockit/.
    
    Alternatives to Oracle JRockit include the Java 2 Technology Edition
    of the IBM(r) Developer Kit for Linux and the Sun(tm) Java SE
    Development Kit (JDK), both of which are available on the Extras or
    Supplementary channels. For Java 6 users, the new OpenJDK open source
    JDK will be included in Red Hat Enterprise Linux 5.3 and will be
    supported by Red Hat.
    
    This update removes the java-1.6.0-bea packages due to their known
    security vulnerabilities."
      );
      # https://support.bea.com/application_content/product_portlets/securityadvisories
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?826d01e9"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:1045"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1.6.0-bea-uninstall package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-bea-uninstall");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/12/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:1045";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.6.0-bea-uninstall-1.6.0.03-1jpp.4.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.6.0-bea-uninstall-1.6.0.03-1jpp.4.el4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.6.0-bea-uninstall-1.6.0.03-1jpp.6.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-bea-uninstall-1.6.0.03-1jpp.6.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-bea-uninstall");
      }
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_10_5_UPDATE2.NASL
    descriptionThe remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing update 2. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet.
    last seen2020-03-18
    modified2008-09-25
    plugin id34290
    published2008-09-25
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34290
    titleMac OS X : Java for Mac OS X 10.5 Update 2
    code
    #TRUSTED 260d6fc807ef38ed913cf628160f87535d590e2410b3584adc6d1ce0b8381bb0cf98f4afc92ab9057a03a59c8e07be556856c43a4b41773b7f4d94a567f289f998ec396984d2ac6b5c27f4e456c4d230ba17a3be7a57b730f7993244c9680636ed632118af835c921b4622280846a66965162dfdec583851a6771cd3f7dc479239973797920cface5f8ca76ae86c30c7155c0543e2cc0af3bdaefa5d3d3df57df95216de23f375079d3adea9c258d3c2ffc7e3391860fee202ab5729eead43d5de63c2c73f2cc6ce30b903dad1f8f903eabf631c7702d86501d2d5c4ad9b7bf810aefd5cf34242be3288df1723eb1046914cc56b768ffd9ebde101a5381a0b79a1f3ffcda397b88de8edd80b21dc1059e149a20c927f17e3e557dd1cee069f0e090fcfd05c068d52add2d3da1c5be78383e5c7e81f9b08342dd81728646021d04667aa8088c68826bea9e8e40c78d5c4cec644c8832fc7385878b79618f8d6b3cfb2e6f9a568033c66427f82d3986cbaaccc6ef6f6568d21de4f32970e7490a83ffc4e9d40fd12295f6f974ed2e66365f749f0f262433cd2f46bc2b0e884be3bd2b4bde073b38c6df7b1846f56c6e4e32ed7cfd5d02f0fc38910049deda5c80890fd508c95d668a988dcbe101727a41f0833b19eef6ec4e4c88f59722508d2d9f528c964a532b27beea954873118ae09b3b8630252d66cb83f8a1b31a44f3acb
    #
    # (C) Tenable Network Security, Inc.
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    
    include("compat.inc");
    
    if (description)
    {
     script_id(34290);
     script_version("1.16");
     script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");
    
     script_cve_id(
      "CVE-2008-1185",
      "CVE-2008-1186",
      "CVE-2008-1187",
      "CVE-2008-1188",
      "CVE-2008-1189",
      "CVE-2008-1190",
      "CVE-2008-1191",
      "CVE-2008-1192",
      "CVE-2008-1193",
      "CVE-2008-1194",
      "CVE-2008-1195",
      "CVE-2008-1196",
      "CVE-2008-3103",
      "CVE-2008-3104",
      "CVE-2008-3105",
      "CVE-2008-3106",
      "CVE-2008-3107",
      "CVE-2008-3108",
      "CVE-2008-3109",
      "CVE-2008-3110",
      "CVE-2008-3111",
      "CVE-2008-3112",
      "CVE-2008-3113",
      "CVE-2008-3114",
      "CVE-2008-3115",
      "CVE-2008-3637",
      "CVE-2008-3638"
     );
     script_bugtraq_id(28125, 30144, 30146, 31379, 31380);
    
     script_name(english:"Mac OS X : Java for Mac OS X 10.5 Update 2");
     script_summary(english:"Check for Java Update 2 on Mac OS X 10.5");
    
     script_set_attribute(attribute:"synopsis", value:"The remote host is affected by multiple vulnerabilities.");
     script_set_attribute(attribute:"description", value:
    "The remote Mac OS X 10.5 host is running a version of Java for Mac OS X
    that is missing update 2.
    
    The remote version of this software contains several security
    vulnerabilities that may allow a rogue Java applet to execute arbitrary
    code on the remote host.
    
    To exploit these flaws, an attacker would need to lure an attacker into
    executing a rogue Java applet.");
     script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3179");
     script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Sep/msg00007.html");
     script_set_attribute(attribute:"solution", value:"Upgrade to Java for Mac OS X 10.5 update 2");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
     script_cwe_id(264);
    
     script_set_attribute(attribute:"patch_publication_date", value:"2008/09/24");
     script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/25");
    
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
    
     script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
     script_family(english:"MacOS X Local Security Checks");
    
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/MacOSX/packages");
     exit(0);
    }
    
    
    include("misc_func.inc");
    include("ssh_func.inc");
    include("macosx_func.inc");
    
    
    if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
      enable_ssh_wrappers();
    else disable_ssh_wrappers();
    
    function exec(cmd)
    {
     local_var ret, buf;
    
     if ( islocalhost() )
      buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
     else
     {
      ret = ssh_open_connection();
      if ( ! ret ) exit(0);
      buf = ssh_cmd(cmd:cmd);
      ssh_close_connection();
     }
    
     if ( buf !~ "^[0-9]" ) exit(0);
    
     buf = chomp(buf);
     return buf;
    }
    
    
    packages = get_kb_item("Host/MacOSX/packages");
    if ( ! packages ) exit(0);
    
    uname = get_kb_item("Host/uname");
    # Mac OS X 10.5 only
    if ( egrep(pattern:"Darwin.* 9\.", string:uname) )
    {
     cmd = _GetBundleVersionCmd(file:"JavaPluginCocoa.bundle", path:"/Library/Internet Plug-Ins", label:"CFBundleVersion");
     buf = exec(cmd:cmd);
     if ( ! strlen(buf) ) exit(0);
     array = split(buf, sep:'.', keep:FALSE);
     # Fixed in version 12.2.0
     if ( int(array[0]) < 12 ||
         (int(array[0]) == 12 && int(array[1]) < 2 ) )
     {
       security_hole(0);
     }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0594.NASL
    descriptionUpdated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. A vulnerability was found in the Java Management Extensions (JMX) management agent, when local monitoring is enabled. This allowed remote attackers to perform illegal operations. (CVE-2008-3103) Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) Several vulnerabilities in the Java API for XML Web Services (JAX-WS) client and service implementation were found. A remote attacker who caused malicious XML to be processed by a trusted or untrusted application was able access URLs or cause a denial of service. (CVE-2008-3105, CVE-2008-3106) A JRE vulnerability could be triggered by an untrusted application or applet. A remote attacker could grant an untrusted applet or application extended privileges such as being able to read and write local files, or execute local programs. (CVE-2008-3107) Several vulnerabilities within the JRE scripting support were reported. A remote attacker could grant an untrusted applet extended privileges such as reading and writing local files, executing local programs, or querying the sensitive data of other applets. (CVE-2008-3109, CVE-2008-3110) A vulnerability in Java Web Start was found. A remote attacker was able to create arbitrary files with the permissions of the user running the untrusted Java Web Start application. (CVE-2008-3112) Another vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114) Users of java-1.6.0-sun should upgrade to these updated packages, which correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id63858
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63858
    titleRHEL 5 : java-1.6.0-sun (RHSA-2008:0594)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0594. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63858);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3107", "CVE-2008-3109", "CVE-2008-3110", "CVE-2008-3112", "CVE-2008-3114");
      script_bugtraq_id(30140, 30141, 30143, 30146, 30148);
      script_xref(name:"RHSA", value:"2008:0594");
    
      script_name(english:"RHEL 5 : java-1.6.0-sun (RHSA-2008:0594)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.6.0-sun packages that correct several security issues
    are now available for Red Hat Enterprise Linux 4 Extras and 5
    Supplementary.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    The Java Runtime Environment (JRE) contains the software and tools
    that users need to run applets and applications written using the Java
    programming language.
    
    A vulnerability was found in the Java Management Extensions (JMX)
    management agent, when local monitoring is enabled. This allowed
    remote attackers to perform illegal operations. (CVE-2008-3103)
    
    Multiple vulnerabilities with unsigned applets were reported. A remote
    attacker could misuse an unsigned applet to connect to localhost
    services running on the host running the applet. (CVE-2008-3104)
    
    Several vulnerabilities in the Java API for XML Web Services (JAX-WS)
    client and service implementation were found. A remote attacker who
    caused malicious XML to be processed by a trusted or untrusted
    application was able access URLs or cause a denial of service.
    (CVE-2008-3105, CVE-2008-3106)
    
    A JRE vulnerability could be triggered by an untrusted application or
    applet. A remote attacker could grant an untrusted applet or
    application extended privileges such as being able to read and write
    local files, or execute local programs. (CVE-2008-3107)
    
    Several vulnerabilities within the JRE scripting support were
    reported. A remote attacker could grant an untrusted applet extended
    privileges such as reading and writing local files, executing local
    programs, or querying the sensitive data of other applets.
    (CVE-2008-3109, CVE-2008-3110)
    
    A vulnerability in Java Web Start was found. A remote attacker was
    able to create arbitrary files with the permissions of the user
    running the untrusted Java Web Start application. (CVE-2008-3112)
    
    Another vulnerability in Java Web Start when processing untrusted
    applications was reported. An attacker was able to acquire sensitive
    information, such as the cache location. (CVE-2008-3114)
    
    Users of java-1.6.0-sun should upgrade to these updated packages,
    which correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3103"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3104"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3106"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3109"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3110"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3112"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3114"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0594"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(200, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/07/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0594";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-1.6.0.7-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-1.6.0.7-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-demo-1.6.0.7-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-demo-1.6.0.7-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-devel-1.6.0.7-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-devel-1.6.0.7-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-jdbc-1.6.0.7-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-jdbc-1.6.0.7-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-plugin-1.6.0.7-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-src-1.6.0.7-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-src-1.6.0.7-1jpp.1.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-sun / java-1.6.0-sun-demo / java-1.6.0-sun-devel / etc");
      }
    }
    
  • NASL familyMisc.
    NASL idJUNIPER_NSM_PSN_2012_08_689.NASL
    descriptionAccording to the version of one or more Juniper NSM servers running on the remote host, it is potentially affected by multiple vulnerabilities affecting the Java software running on the host.
    last seen2020-06-01
    modified2020-06-02
    plugin id69874
    published2013-09-13
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69874
    titleJuniper NSM Servers Multiple Java JDK/JRE Vulnerabilities (PSN-2012-08-689)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69874);
      script_version("1.13");
      script_cvs_date("Date: 2018/07/13 15:08:46");
    
      script_cve_id(
        "CVE-2008-3103",
        "CVE-2008-3104",
        "CVE-2008-3105",
        "CVE-2008-3106",
        "CVE-2008-3107",
        "CVE-2008-3108",
        "CVE-2008-3109",
        "CVE-2008-3110",
        "CVE-2008-3111",
        "CVE-2008-3112",
        "CVE-2008-3113",
        "CVE-2008-3114",
        "CVE-2008-3115",
        "CVE-2011-0786",
        "CVE-2011-0802",
        "CVE-2011-0814",
        "CVE-2011-0815",
        "CVE-2011-0817",
        "CVE-2011-0862",
        "CVE-2011-0863",
        "CVE-2011-0864",
        "CVE-2011-0865",
        "CVE-2011-0866",
        "CVE-2011-0867",
        "CVE-2011-0868",
        "CVE-2011-0869",
        "CVE-2011-0871",
        "CVE-2011-0872",
        "CVE-2011-0873"
      );
      script_bugtraq_id(
        30140,
        30141,
        30143,
        30144,
        30146,
        30147,
        30148,
        48133,
        48134,
        48136,
        48137,
        48138,
        48139,
        48140,
        48141,
        48142,
        48143,
        48144,
        48145,
        48146,
        48147,
        48148,
        48149
      );
    
      script_name(english:"Juniper NSM Servers Multiple Java JDK/JRE Vulnerabilities (PSN-2012-08-689)");
      script_summary(english:"Checks versions of NSM servers");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote host is affected by multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "According to the version of one or more Juniper NSM servers running on
    the remote host, it is potentially affected by multiple vulnerabilities
    affecting the Java software running on the host."
      );
      # http://kb.juniper.net/InfoCenter/index?page=content&legacyid=PSN-2012-08-689
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e9601ccb");
      script_set_attribute(
        attribute:"solution",
        value:"Upgrade to NSM version 2012.1R2, 2011.4s5, or 2010.3s8."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(16, 20, 119, 200, 264);
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/09/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/13");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:juniper:netscreen-security_manager");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
    
      script_dependencies("juniper_nsm_gui_svr_detect.nasl", "juniper_nsm_servers_installed.nasl");
      script_require_keys("Juniper_NSM_VerDetected");
      exit(0);
    }
    
    include("audit.inc");
    include("misc_func.inc");
    include("global_settings.inc");
    
    kb_base = "Host/NSM/";
    
    get_kb_item_or_exit("Juniper_NSM_VerDetected");
    
    kb_list = make_list();
    
    temp = get_kb_list("Juniper_NSM_GuiSvr/*/build");
    
    if (!isnull(temp) && max_index(keys(temp)) > 0)
      kb_list = make_list(kb_list, keys(temp));
    
    temp = get_kb_list("Host/NSM/*/build");
    if (!isnull(temp) && max_index(keys(temp)) > 0)
      kb_list = make_list(kb_list, keys(temp));
    
    if (isnull(kb_list)) audit(AUDIT_NOT_INST, "Juniper NSM Servers");
    
    report = '';
    
    entry = branch(kb_list);
    
    port = 0;
    kb_base = '';
    
    if ("Juniper_NSM_GuiSvr" >< entry)
    {
      port = entry - "Juniper_NSM_GuiSvr/" - "/build";
      kb_base = "Juniper_NSM_GuiSvr/" + port + "/";
    
      report_str1 = "Remote GUI server version : ";
      report_str2 = "Fixed version             : ";
    }
    else
    {
      kb_base = entry - "build";
      if ("guiSvr" >< kb_base)
      {
        report_str1 = "Local GUI server version : ";
        report_str2 = "Fixed version            : ";
      }
      else
      {
        report_str1 = "Local device server version : ";
        report_str2 = "Fixed version               : ";
      }
    }
    
    build = get_kb_item_or_exit(entry);
    version = get_kb_item_or_exit(kb_base + 'version');
    
    disp_version = version + " (" + build + ")";
    
    #  NSM version 2012.1R2 or later
    #  NSM version 2011.4s5 or later
    #  NSM version 2010.3s8 or later
    item = eregmatch(pattern:"^([0-9.]+)", string:version);
    
    if (!isnull(item))
    {
      if (
        ver_compare(ver:item[1], fix:'2010.3', strict:FALSE) == -1 ||
        version =~ "^2010.3([rR][1-2]|[sS][1-7])?$"
      )
      {
        report += '\n  ' + report_str1 + disp_version +
                  '\n  ' + report_str2 + '2010.3s8' + '\n';
      }
      if (
        (version =~ "^2011\." &&
        ver_compare(ver:item[1], fix:'2011.4', strict:FALSE) == -1) ||
        version =~ "^2011.4([sS][1-4])?$"
      )
      {
        report += '\n  ' + report_str1 + disp_version +
                  '\n  ' + report_str2 + '2011.4s5' + '\n';
      }
      if (version =~ "^2012\.(1|1[rR]1)$")
      {
        report += '\n  ' + report_str1 + disp_version +
                  '\n  ' + report_str2 + '2012.1R2' + '\n';
      }
    }
    
    if (report == '') audit(AUDIT_INST_VER_NOT_VULN, "Juniper NSM GUI Server or Device Server");
    
    if (report_verbosity > 0)
      security_hole(extra:report, port:port);
    else security_hole(port);
    
  • NASL familyMisc.
    NASL idSUN_JAVA_JRE_5_16_UNIX.NASL
    descriptionThe version of Sun Java Runtime Environment (JRE) 5.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the XML processing module of the JRE could allow an untrusted applet/application unauthorized access to certain URL resources (238628). - A buffer overflow vulnerability in the font processing module of the JRE, could allow an untrusted applet/ application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238666). Note this issue only affects Sun Java JDK/JRE 5 Update 9 and earlier. - A buffer overflow vulnerability in Java Web Start, could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - A vulnerability in Sun Java Management Extensions (JMX) could allow a JMX client running on a remote host to perform unauthorized actions on a host running JMX with local monitoring enabled (238965). - A vulnerability in the JRE could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238967). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968).
    last seen2020-06-01
    modified2020-06-02
    plugin id64832
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64832
    titleSun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities (Unix)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64832);
      script_version("1.12");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2008-3103",
        "CVE-2008-3104",
        "CVE-2008-3105",
        "CVE-2008-3106",
        "CVE-2008-3107",
        "CVE-2008-3108",
        "CVE-2008-3111",
        "CVE-2008-3112",
        "CVE-2008-3113",
        "CVE-2008-3114",
        "CVE-2008-3115"
      );
      script_bugtraq_id(
        30140,
        30141,
        30142,
        30143,
        30146,
        30147,
        30148
      );
    
      script_name(english:"Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities (Unix)");
      script_summary(english:"Checks version of Sun JRE");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Unix host has an application that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Sun Java Runtime Environment (JRE) 5.0 installed on the
    remote host is affected by multiple security issues :
    
      - A vulnerability in the XML processing module of the JRE
        could allow an untrusted applet/application unauthorized
        access to certain URL resources (238628).
    
      - A buffer overflow vulnerability in the font processing
        module of the JRE, could allow an untrusted applet/
        application to elevate its privileges to read, write
        and execute local applications with the privileges of
        the user running an untrusted applet (238666). Note this
        issue only affects Sun Java JDK/JRE 5 Update 9 and
        earlier.
    
      - A buffer overflow vulnerability in Java Web Start, could
        allow an untrusted applet to elevate its privileges to
        read, write and execute local applications available to
        users running an untrusted application (238905).
    
      - A vulnerability in Java Web Start, could allow an
        untrusted application to create or delete arbitrary
        files subject to the privileges of the user running the
        application (238905).
    
      - A vulnerability in Java Web Start, may disclose the
        location of Java Web Start cache (238905).
    
      - A vulnerability in Sun Java Management Extensions (JMX)
        could allow a JMX client running on a remote host to
        perform unauthorized actions on a host running JMX with
        local monitoring enabled (238965).
    
      - A vulnerability in the JRE could allow an untrusted
        applet/application to elevate its privileges to read,
        write and execute local applications with the privileges
        of the user running an untrusted applet (238967).
    
      - A vulnerability in the JRE may allow an untrusted applet
        to establish connections to services running on the
        localhost and potentially exploit vulnerabilities existing
        in the underlying JRE (238968).");
      script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019338.1.html");
      script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019342.1.html");
      script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019367.1.html");
      script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019373.1.html");
      script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019375.1.html");
      script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019376.1.html");
      script_set_attribute(attribute:"solution", value:
    "Update to Sun Java JDK and JRE 5 Update 16 or later and remove, if
    necessary, any affected versions.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-3113");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(16, 20, 119, 200, 264);
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("sun_java_jre_installed_unix.nasl");
      script_require_keys("Host/Java/JRE/Installed");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*");
    
    info = "";
    vuln = 0;
    vuln2 = 0;
    installed_versions = "";
    granular = "";
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "Host/Java/JRE/Unmanaged/";
      if (ver !~ "^[0-9.]+") continue;
      installed_versions = installed_versions + " & " + ver;
      if (ver =~ "^1\.5\.0_(0[0-9]|1[0-5])[^0-9]?")
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.5.0_16\n';
      }
      else if (ver =~ "^[\d\.]+$")
      {
        dirs = make_list(get_kb_list(install));
        foreach dir (dirs)
          granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n';
      }
      else
      {
        dirs = make_list(get_kb_list(install));
        vuln2 += max_index(dirs);
      }
    
    }
    
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
          info;
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
      if (granular) exit(0, granular);
    }
    else
    {
      if (granular) exit(0, granular);
    
      installed_versions = substr(installed_versions, 3);
      if (vuln2 > 1)
        exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
      else
        exit(0, "The Java "+installed_versions+" install on the remote host is not affected.");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200911-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id42834
    published2009-11-18
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42834
    titleGLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_REL7.NASL
    descriptionThe remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 7. The remote version of this software contains several security vulnerabilities which may allow a rogue java applet to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet.
    last seen2020-03-18
    modified2008-09-25
    plugin id34291
    published2008-09-25
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34291
    titleMac OS X : Java for Mac OS X 10.4 Release 7
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_JAVA-1_6_0-SUN-080715.NASL
    descriptionThis update brings the SUN JDK 6 to update level 7. CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3110: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. CVE-2008-3109: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3105: Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving
    last seen2020-06-01
    modified2020-06-02
    plugin id40001
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40001
    titleopenSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-97)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_6_0-SUN-5435.NASL
    descriptionThis update brings the SUN JDK 6 to update level 7. CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3110: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. CVE-2008-3109: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3105: Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving
    last seen2020-06-01
    modified2020-06-02
    plugin id34038
    published2008-08-24
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34038
    titleopenSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5435)
  • NASL familyWindows
    NASL idSUN_JAVA_JRE_6_7.NASL
    descriptionThe version of Sun Java Runtime Environment (JRE) 6.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the JRE could allow unauthorized access to certain URL resources or cause a denial of service condition while processing XML data. In order to successfully exploit this issue a JAX-WS client/service included with a trusted application should process the malicious XML content (238628). - A vulnerability in the JRE may allow an untrusted applet to access information from another applet (238687). - A buffer overflow vulnerability in Java Web Start could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - An implementation defect in the JRE may allow an applet designed to run
    last seen2020-06-01
    modified2020-06-02
    plugin id33488
    published2008-07-15
    reporterThis script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33488
    titleSun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2008-0016.NASL
    descriptiona. Privilege escalation on 64-bit guest operating systems VMware products emulate hardware functions, like CPU, Memory, and IO. A flaw in VMware
    last seen2020-06-01
    modified2020-06-02
    plugin id40383
    published2009-07-27
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40383
    titleVMSA-2008-0016 : VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues

Oval

accepted2010-09-06T04:09:12.374-04:00
classvulnerability
contributors
nameAharon Chernin
organizationSCAP.com, LLC
descriptionUnspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application.
familyunix
idoval:org.mitre.oval:def:11274
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleUnspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application.
version6

Redhat

advisories
  • rhsa
    idRHSA-2008:0594
  • rhsa
    idRHSA-2008:0906
  • rhsa
    idRHSA-2008:1044
  • rhsa
    idRHSA-2008:1045
rpms
  • java-1.6.0-sun-1:1.6.0.7-1jpp.1.el5
  • java-1.6.0-sun-1:1.6.0.7-1jpp.2.el4
  • java-1.6.0-sun-demo-1:1.6.0.7-1jpp.1.el5
  • java-1.6.0-sun-demo-1:1.6.0.7-1jpp.2.el4
  • java-1.6.0-sun-devel-1:1.6.0.7-1jpp.1.el5
  • java-1.6.0-sun-devel-1:1.6.0.7-1jpp.2.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.7-1jpp.1.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.7-1jpp.2.el4
  • java-1.6.0-sun-plugin-1:1.6.0.7-1jpp.1.el5
  • java-1.6.0-sun-plugin-1:1.6.0.7-1jpp.2.el4
  • java-1.6.0-sun-src-1:1.6.0.7-1jpp.1.el5
  • java-1.6.0-sun-src-1:1.6.0.7-1jpp.2.el4
  • java-1.6.0-ibm-1:1.6.0.2-1jpp.2.el4
  • java-1.6.0-ibm-1:1.6.0.2-1jpp.2.el5
  • java-1.6.0-ibm-accessibility-1:1.6.0.2-1jpp.2.el5
  • java-1.6.0-ibm-demo-1:1.6.0.2-1jpp.2.el4
  • java-1.6.0-ibm-demo-1:1.6.0.2-1jpp.2.el5
  • java-1.6.0-ibm-devel-1:1.6.0.2-1jpp.2.el4
  • java-1.6.0-ibm-devel-1:1.6.0.2-1jpp.2.el5
  • java-1.6.0-ibm-javacomm-1:1.6.0.2-1jpp.2.el4
  • java-1.6.0-ibm-javacomm-1:1.6.0.2-1jpp.2.el5
  • java-1.6.0-ibm-jdbc-1:1.6.0.2-1jpp.2.el4
  • java-1.6.0-ibm-jdbc-1:1.6.0.2-1jpp.2.el5
  • java-1.6.0-ibm-plugin-1:1.6.0.2-1jpp.2.el4
  • java-1.6.0-ibm-plugin-1:1.6.0.2-1jpp.2.el5
  • java-1.6.0-ibm-src-1:1.6.0.2-1jpp.2.el4
  • java-1.6.0-ibm-src-1:1.6.0.2-1jpp.2.el5

References