Vulnerabilities > CVE-2008-3108 - Buffer Errors vulnerability in SUN Jdk, JRE and SDK

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

sun

CWE-119

critical

nessus

NVD

Published: 2008-07-09

Updated: 2019-07-31

Summary

Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.

Vulnerable Configurations

Part	Description	Count
Application	Sun SUN JRE 1.3.1 SUN JRE 1.3.1_2 SUN JRE 1.3.1_03 SUN JRE 1.3.1_04 SUN JRE 1.3.1_05 SUN JRE 1.3.1_06 SUN JRE 1.3.1_07 SUN JRE 1.3.1_08 SUN JRE 1.3.1_09 SUN JRE 1.3.1_10 SUN JRE 1.3.1_11 SUN JRE 1.3.1_12 SUN JRE 1.3.1_13 SUN JRE 1.3.1_14 SUN JRE 1.3.1_15 SUN JRE 1.3.1_16 SUN JRE 1.3.1_17 SUN JRE 1.3.1_18 SUN JRE 1.3.1_19 SUN JRE 1.3.1_20 SUN JRE 1.3.1_21 SUN JRE 1.3.1_22 SUN JRE 1.3.1_23 SUN JRE 1.4.2 SUN JRE 1.4.2_1 SUN JRE 1.4.2_2 SUN JRE 1.4.2_3 SUN JRE 1.4.2_4 SUN JRE 1.4.2_5 SUN JRE 1.4.2_6 SUN JRE 1.4.2_7 SUN JRE 1.4.2_8 SUN JRE 1.4.2_9 SUN JRE 1.4.2_10 SUN JRE 1.4.2_11 SUN JRE 1.4.2_12 SUN JRE 1.4.2_13 SUN JRE 1.4.2_14 SUN JRE 1.4.2_15 SUN JRE 1.4.2_16 SUN JRE 1.4.2_17 SUN JRE 1.4.2_18 SUN JRE 1.5.0 SUN JDK 1.5.0 SUN SDK 1.3.1 SUN SDK 1.3.1_01 SUN SDK 1.3.1_01A SUN SDK 1.3.1_02 SUN SDK 1.3.1_03 SUN SDK 1.3.1_04 SUN SDK 1.3.1_05 SUN SDK 1.3.1_06 SUN SDK 1.3.1_07 SUN SDK 1.3.1_08 SUN SDK 1.3.1_09 SUN SDK 1.3.1_10 SUN SDK 1.3.1_11 SUN SDK 1.3.1_12 SUN SDK 1.3.1_13 SUN SDK 1.3.1_14 SUN SDK 1.3.1_15 SUN SDK 1.3.1_16 SUN SDK 1.3.1_17 SUN SDK 1.3.1_18 SUN SDK 1.3.1_19 SUN SDK 1.3.1_20 SUN SDK 1.3.1_21 SUN SDK 1.3.1_22 SUN SDK 1.3.1_23 SUN SDK 1.4.2 SUN SDK 1.4.2_1 SUN SDK 1.4.2_02 SUN SDK 1.4.2_2 SUN SDK 1.4.2_03 SUN SDK 1.4.2_3 SUN SDK 1.4.2_04 SUN SDK 1.4.2_4 SUN SDK 1.4.2_5 SUN SDK 1.4.2_6 SUN SDK 1.4.2_7 SUN SDK 1.4.2_08 SUN SDK 1.4.2_8 SUN SDK 1.4.2_09 SUN SDK 1.4.2_9 SUN SDK 1.4.2_10 SUN SDK 1.4.2_11 SUN SDK 1.4.2_12 SUN SDK 1.4.2_13 SUN SDK 1.4.2_14 SUN SDK 1.4.2_15 SUN SDK 1.4.2_16 SUN SDK 1.4.2_17 SUN SDK 1.4.2_18	114

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_JAVA-1_5_0-IBM-5557.NASL
description	IBM Java 5 was updated to SR8 to fix various security issues : - Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) - A vulnerability in the XML processing API was found. A remote attacker who caused malicious XML to be processed by an untrusted applet or application was able to elevate permissions to access URLs on a remote host. (CVE-2008-3106) - A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3108) - Several buffer overflow vulnerabilities in Java Web Start were reported. These vulnerabilities allowed an untrusted Java Web Start application to elevate its privileges, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3111) - Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112 / CVE-2008-3113) - A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114)
last seen	2020-06-01
modified	2020-06-02
plugin id	34072
published	2008-09-03
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34072
title	SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5557)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(34072); script_version ("1.18"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2008-3104", "CVE-2008-3106", "CVE-2008-3108", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114"); script_name(english:"SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5557)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "IBM Java 5 was updated to SR8 to fix various security issues : - Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) - A vulnerability in the XML processing API was found. A remote attacker who caused malicious XML to be processed by an untrusted applet or application was able to elevate permissions to access URLs on a remote host. (CVE-2008-3106) - A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3108) - Several buffer overflow vulnerabilities in Java Web Start were reported. These vulnerabilities allowed an untrusted Java Web Start application to elevate its privileges, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3111) - Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112 / CVE-2008-3113) - A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3104.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3106.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3108.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3111.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3112.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3113.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3114.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5557."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(20, 119, 200, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-demo-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-devel-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-src-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-alsa-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-jdbc-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-plugin-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-32bit-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-alsa-32bit-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-devel-32bit-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_5_0-ibm-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_5_0-ibm-demo-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_5_0-ibm-devel-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_5_0-ibm-src-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"java-1_5_0-ibm-alsa-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"java-1_5_0-ibm-jdbc-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"java-1_5_0-ibm-plugin-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, cpu:"x86_64", reference:"java-1_5_0-ibm-32bit-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, cpu:"x86_64", reference:"java-1_5_0-ibm-alsa-32bit-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, cpu:"x86_64", reference:"java-1_5_0-ibm-devel-32bit-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-alsa-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-devel-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-fonts-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-jdbc-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-plugin-1.5.0_sr8-1.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-1044.NASL
description	java-1.5.0-bea as shipped in Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, contains security flaws and should not be used. This update has been rated as having important security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit JRE and SDK contains BEA WebLogic JRockit Virtual Machine and is certified for the Java(tm) 2 Platform, Standard Edition, v1.5.0. The java-1.5.0-bea packages are vulnerable to important security flaws and should no longer be used. A flaw was found in the Java Management Extensions (JMX) management agent. When local monitoring was enabled, remote attackers could use this flaw to perform illegal operations. (CVE-2008-3103) Several flaws involving the handling of unsigned applets were found. A remote attacker could misuse an unsigned applet in order to connect to services on the host running the applet. (CVE-2008-3104) Several flaws in the Java API for XML Web Services (JAX-WS) client and the JAX-WS service implementation were found. A remote attacker who could cause malicious XML to be processed by an application could access URLs, or cause a denial of service. (CVE-2008-3105, CVE-2008-3106) A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3108) The vulnerabilities concerning applets listed above can only be triggered in java-1.5.0-bea, by calling the
last seen	2020-06-01
modified	2020-06-02
plugin id	40734
published	2009-08-24
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40734
title	RHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:1044)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:1044. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(40734); script_version ("1.27"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3108"); script_bugtraq_id(30140, 30143, 30146, 30147); script_xref(name:"RHSA", value:"2008:1044"); script_name(english:"RHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:1044)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "java-1.5.0-bea as shipped in Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, contains security flaws and should not be used. This update has been rated as having important security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit JRE and SDK contains BEA WebLogic JRockit Virtual Machine and is certified for the Java(tm) 2 Platform, Standard Edition, v1.5.0. The java-1.5.0-bea packages are vulnerable to important security flaws and should no longer be used. A flaw was found in the Java Management Extensions (JMX) management agent. When local monitoring was enabled, remote attackers could use this flaw to perform illegal operations. (CVE-2008-3103) Several flaws involving the handling of unsigned applets were found. A remote attacker could misuse an unsigned applet in order to connect to services on the host running the applet. (CVE-2008-3104) Several flaws in the Java API for XML Web Services (JAX-WS) client and the JAX-WS service implementation were found. A remote attacker who could cause malicious XML to be processed by an application could access URLs, or cause a denial of service. (CVE-2008-3105, CVE-2008-3106) A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3108) The vulnerabilities concerning applets listed above can only be triggered in java-1.5.0-bea, by calling the 'appletviewer' application. BEA was acquired by Oracle(r) during 2008 (the acquisition was completed on April 29, 2008). Consequently, JRockit is now an Oracle offering and these issues are addressed in the current release of Oracle JRockit. Due to a license change by Oracle, however, Red Hat is unable to ship Oracle JRockit. Users who wish to continue using JRockit should get an update directly from Oracle: http://oracle.com/technology/software/products/jrockit/. Alternatives to Oracle JRockit include the Java 2 Technology Edition of the IBM(r) Developer Kit for Linux and the Sun(tm) Java SE Development Kit (JDK), both of which are available on the Extras or Supplementary channels. For Java 6 users, the new OpenJDK open source JDK will be included in Red Hat Enterprise Linux 5.3 and will be supported by Red Hat. This update removes the java-1.5.0-bea packages due to their known security vulnerabilities." ); # https://support.bea.com/application_content/product_portlets/securityadvisories script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?826d01e9" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:1044" ); script_set_attribute( attribute:"solution", value:"Update the affected java-1.5.0-bea-uninstall package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-uninstall"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/09"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(4\|5)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:1044"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.5.0-bea-uninstall-1.5.0.14-1jpp.5.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-bea-uninstall-1.5.0.14-1jpp.5.el4")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.5.0-bea-uninstall-1.5.0.14-1jpp.5.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-bea-uninstall-1.5.0.14-1jpp.5.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-bea-uninstall"); } }

NASL family	Windows
NASL id	SUN_JAVA_J2SE_4_2_18.NASL
description	The version of Sun Java Runtime Environment (JRE) J2SE 1.4.2 installed on the remote host is affected by multiple security issues : - A buffer overflow vulnerability in font processing module of the JRE could allow an untrusted applet/application to elevate its privilege to read, write and execute local applications with privileges of the user running an untrusted applet (238666). - A vulnerability in the JRE could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with privileges of the user running an untrusted applet (238967). - A buffer overflow vulnerability in Java Web Start could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968). - It should be noted that J2SE 1.4.2 is in its EOL period, and the transition is set to complete on Oct 30th 2008. Please refer to See also section for more details.
last seen	2020-06-01
modified	2020-06-02
plugin id	33486
published	2008-07-15
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33486
title	Sun Java J2SE 1.4.2 < Update 18 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(33486); script_version("1.26"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id("CVE-2008-3104", "CVE-2008-3107", "CVE-2008-3108", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114"); script_bugtraq_id(30140, 30141, 30147, 30148); script_name(english:"Sun Java J2SE 1.4.2 < Update 18 Multiple Vulnerabilities" ); script_summary(english:"Checks version of Sun JRE"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has an application that is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The version of Sun Java Runtime Environment (JRE) J2SE 1.4.2 installed on the remote host is affected by multiple security issues : - A buffer overflow vulnerability in font processing module of the JRE could allow an untrusted applet/application to elevate its privilege to read, write and execute local applications with privileges of the user running an untrusted applet (238666). - A vulnerability in the JRE could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with privileges of the user running an untrusted applet (238967). - A buffer overflow vulnerability in Java Web Start could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968). - It should be noted that J2SE 1.4.2 is in its EOL period, and the transition is set to complete on Oct 30th 2008. Please refer to See also section for more details." ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019342.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019367.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019375.1.html" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20100513211142/http://sunsolve.sun.com:80/search/document.do?assetkey=1-66-238968-1" ); script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/java/eol-135779.html" ); script_set_attribute(attribute:"solution", value: "Update to Sun Java J2SE 1.4.2_18 or later and remove, if necessary, any affected versions." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(20, 119, 200, 264); script_set_attribute(attribute:"patch_publication_date", value: "2008/07/08"); script_set_attribute(attribute:"plugin_publication_date", value: "2008/07/15"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("sun_java_jre_installed.nasl"); script_require_keys("SMB/Java/JRE/Installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list("SMB/Java/JRE/*"); if (isnull(installs)) exit(0); info = ""; vuln = 0; foreach install (list_uniq(keys(installs))) { ver = install - "SMB/Java/JRE/"; if (ver =~ "^1\.4\.2_(0[0-9]\|1[0-7][^0-9]?)") { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.4.2_18\n'; } } # Report if any were found to be vulnerable. if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity) { if (vuln > 1) s = "s of Sun's JRE are"; else s = " of Sun's JRE is"; report = '\n'+ 'The following vulnerable instance' + s + ' installed on the\n' + 'remote host :\n' + info; security_hole(port:port, extra:report); } else security_hole(port); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_JAVA-1_4_2-SUN-5431.NASL
description	Sun Java was updated to 1.4.2u18 to fix following security vulnerabilities : - Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. (CVE-2008-3114) - Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. (CVE-2008-3113) - Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. (CVE-2008-3112) - Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. (CVE-2008-3111) - Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. (CVE-2008-3108) - Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. (CVE-2008-3107) - Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet
last seen	2020-06-01
modified	2020-06-02
plugin id	34036
published	2008-08-24
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34036
title	SuSE 10 Security Update : Java 1.4.2 (ZYPP Patch Number 5431)

NASL family	SuSE Local Security Checks
NASL id	SUSE_JAVA-1_5_0-SUN-5434.NASL
description	Sun Java was updated to 1.5.0u16 to fix following security vulnerabilities : CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet
last seen	2020-06-01
modified	2020-06-02
plugin id	34037
published	2008-08-24
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34037
title	openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5434)

NASL family	SuSE Local Security Checks
NASL id	SUSE_JAVA-1_5_0-IBM-5591.NASL
description	IBM Java 5 was updated to SR8 to fix various security issues : - Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) - A vulnerability in the XML processing API was found. A remote attacker who caused malicious XML to be processed by an untrusted applet or application was able to elevate permissions to access URLs on a remote host. (CVE-2008-3106) - A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3108) - Several buffer overflow vulnerabilities in Java Web Start were reported. These vulnerabilities allowed an untrusted Java Web Start application to elevate its privileges, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3111) - Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112 / CVE-2008-3113) - A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114) This release also reinstates previous Crypto Export policy jars lost between SR3 and SR8.
last seen	2020-06-01
modified	2020-06-02
plugin id	34200
published	2008-09-14
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34200
title	SuSE 10 Security Update : IBM Java 1.5 (ZYPP Patch Number 5591)

NASL family	Windows
NASL id	SUN_JAVA_JRE_5_16.NASL
description	The version of Sun Java Runtime Environment (JRE) 5.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the XML processing module of the JRE could allow an untrusted applet/application unauthorized access to certain URL resources (238628). - A buffer overflow vulnerability in font processing module of the JRE, could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with privileges of the user running an untrusted applet (238666). Note this issue only affects Sun Java JDK/JRE 5 Update 9 and earlier. - A buffer overflow vulnerability in Java Web Start, could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to user running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - Vulnerability in Sun Java Management Extensions (JMX) could allow a JMX client running on a remote host to perform unauthorized actions on a host running JMX with local monitoring enabled (238965). - An implementation defect in the JRE, may allow an applet designed to run
last seen	2020-06-01
modified	2020-06-02
plugin id	33487
published	2008-07-15
reporter	This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33487
title	Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_0_JAVA-1_5_0-SUN-080715.NASL
description	Sun Java was updated to 1.5.0u16 to fix following security vulnerabilities : CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet
last seen	2020-06-01
modified	2020-06-02
plugin id	39996
published	2009-07-21
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/39996
title	openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-96)

NASL family	SuSE Local Security Checks
NASL id	SUSE_JAVA-1_4_2-SUN-5430.NASL
description	Sun Java was updated to 1.4.2u18 to fix following security vulnerabilities : CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet
last seen	2020-06-01
modified	2020-06-02
plugin id	34035
published	2008-08-24
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34035
title	openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-5430)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_JAVA_10_5_UPDATE2.NASL
description	The remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing update 2. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet.
last seen	2020-03-18
modified	2008-09-25
plugin id	34290
published	2008-09-25
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34290
title	Mac OS X : Java for Mac OS X 10.5 Update 2

NASL family	Misc.
NASL id	SUN_JAVA_J2SE_4_2_18_UNIX.NASL
description	The version of Sun Java Runtime Environment (JRE) J2SE 1.4.2 installed on the remote host is affected by multiple security issues : - A buffer overflow vulnerability in the font processing module of the JRE could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238666). - A vulnerability in the JRE could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238967). - A buffer overflow vulnerability in Java Web Start could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the local host and potentially exploit vulnerabilities existing in the underlying JRE (238968). - It should be noted that J2SE 1.4.2 is in its EOL period, and the transition is set to complete on Oct 30th 2008.
last seen	2020-06-01
modified	2020-06-02
plugin id	64817
published	2013-02-22
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64817
title	Sun Java J2SE 1.4.2 < Update 18 Multiple Vulnerabilities (Unix)

NASL family	Misc.
NASL id	JUNIPER_NSM_PSN_2012_08_689.NASL
description	According to the version of one or more Juniper NSM servers running on the remote host, it is potentially affected by multiple vulnerabilities affecting the Java software running on the host.
last seen	2020-06-01
modified	2020-06-02
plugin id	69874
published	2013-09-13
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69874
title	Juniper NSM Servers Multiple Java JDK/JRE Vulnerabilities (PSN-2012-08-689)

NASL family	Misc.
NASL id	SUN_JAVA_JRE_5_16_UNIX.NASL
description	The version of Sun Java Runtime Environment (JRE) 5.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the XML processing module of the JRE could allow an untrusted applet/application unauthorized access to certain URL resources (238628). - A buffer overflow vulnerability in the font processing module of the JRE, could allow an untrusted applet/ application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238666). Note this issue only affects Sun Java JDK/JRE 5 Update 9 and earlier. - A buffer overflow vulnerability in Java Web Start, could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - A vulnerability in Sun Java Management Extensions (JMX) could allow a JMX client running on a remote host to perform unauthorized actions on a host running JMX with local monitoring enabled (238965). - A vulnerability in the JRE could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238967). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968).
last seen	2020-06-01
modified	2020-06-02
plugin id	64832
published	2013-02-22
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64832
title	Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities (Unix)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200911-02.NASL
description	The remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	42834
published	2009-11-18
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42834
title	GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_JAVA_REL7.NASL
description	The remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 7. The remote version of this software contains several security vulnerabilities which may allow a rogue java applet to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet.
last seen	2020-03-18
modified	2008-09-25
plugin id	34291
published	2008-09-25
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34291
title	Mac OS X : Java for Mac OS X 10.4 Release 7

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12206.NASL
description	Sun Java was updated to 1.4.2u18 to fix following security vulnerabilities : - Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. (CVE-2008-3114) - Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. (CVE-2008-3113) - Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. (CVE-2008-3112) - Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. (CVE-2008-3111) - Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. (CVE-2008-3108) - Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. (CVE-2008-3107) - Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet
last seen	2020-06-01
modified	2020-06-02
plugin id	41224
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41224
title	SuSE9 Security Update : Java2 (YOU Patch Number 12206)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0790.NASL
description	Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) A vulnerability in the XML processing API was found. A remote attacker who caused malicious XML to be processed by an untrusted applet or application was able to elevate permissions to access URLs on a remote host. (CVE-2008-3106) A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3108) Several buffer overflow vulnerabilities in Java Web Start were reported. These vulnerabilities allowed an untrusted Java Web Start application to elevate its privileges, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3111) Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112, CVE-2008-3113) A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, that contain the IBM 1.5.0 SR8 Java release, which resolves these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	40725
published	2009-08-24
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40725
title	RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2008:0790)

NASL family	VMware ESX Local Security Checks
NASL id	VMWARE_VMSA-2008-0016.NASL
description	a. Privilege escalation on 64-bit guest operating systems VMware products emulate hardware functions, like CPU, Memory, and IO. A flaw in VMware
last seen	2020-06-01
modified	2020-06-02
plugin id	40383
published	2009-07-27
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40383
title	VMSA-2008-0016 : VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-1043.NASL
description	java-1.4.2-bea as shipped in Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary, contains security flaws and should not be used. This update has been rated as having important security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit JRE and SDK contains BEA WebLogic JRockit Virtual Machine and is certified for the Java(tm) 2 Platform, Standard Edition, v1.4.2. The java-1.4.2-bea packages are vulnerable to important security flaws and should no longer be used. Several flaws involving the handling of unsigned applets were found. A remote attacker could misuse an unsigned applet in order to connect to services on the host running the applet. (CVE-2008-3104) A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3108) The vulnerabilities concerning applets listed above can only be triggered in java-1.4.2-bea by calling the
last seen	2020-06-01
modified	2020-06-02
plugin id	40733
published	2009-08-24
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40733
title	RHEL 3 / 4 / 5 : java-1.4.2-bea (RHSA-2008:1043)

Redhat

advisories

rhsa
id RHSA-2008:0790
rhsa
id RHSA-2008:1043
rhsa
id RHSA-2008:1044

rpms

java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4
java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4
java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4
java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el5
java-1.5.0-ibm-accessibility-1:1.5.0.8-1jpp.1.el5
java-1.5.0-ibm-demo-1:1.5.0.8-1jpp.1.el4
java-1.5.0-ibm-demo-1:1.5.0.8-1jpp.1.el5
java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4
java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el5
java-1.5.0-ibm-javacomm-1:1.5.0.8-1jpp.1.el4
java-1.5.0-ibm-javacomm-1:1.5.0.8-1jpp.1.el5
java-1.5.0-ibm-jdbc-1:1.5.0.8-1jpp.1.el4
java-1.5.0-ibm-jdbc-1:1.5.0.8-1jpp.1.el5
java-1.5.0-ibm-plugin-1:1.5.0.8-1jpp.1.el4
java-1.5.0-ibm-plugin-1:1.5.0.8-1jpp.1.el5
java-1.5.0-ibm-src-1:1.5.0.8-1jpp.1.el4
java-1.5.0-ibm-src-1:1.5.0.8-1jpp.1.el5

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References