Vulnerabilities > CVE-2008-3114 - Information Exposure vulnerability in SUN Jdk, JRE and SDK
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0636.NASL description Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in the Red Hat Network Satellite Server Sun Java Runtime Environment. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in the Sun Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Multiple flaws were fixed in the Sun Java 1.5.0 Runtime Environment. (CVE-2008-3103, CVE-2008-3104, CVE-2008-3107, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114) Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to 5.1.1, which resolves these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43841 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43841 title RHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2008:0636) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0636. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(43841); script_version ("1.22"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3107", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114"); script_bugtraq_id(28125, 30140, 30141, 30146, 30148); script_xref(name:"RHSA", value:"2008:0636"); script_name(english:"RHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2008:0636)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in the Red Hat Network Satellite Server Sun Java Runtime Environment. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in the Sun Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Multiple flaws were fixed in the Sun Java 1.5.0 Runtime Environment. (CVE-2008-3103, CVE-2008-3104, CVE-2008-3107, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114) Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to 5.1.1, which resolves these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-3103" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-3104" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-3107" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-3111" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-3112" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-3113" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-3114" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0636" ); script_set_attribute( attribute:"solution", value: "Update the affected java-1.5.0-sun and / or java-1.5.0-sun-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(20, 119, 200, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/09"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0636"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL4", rpm:"rhns-solaris-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Satellite Server"); if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-1.5.0.16-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-1.5.0.16-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-devel-1.5.0.16-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-devel-1.5.0.16-1jpp.2.el4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-sun / java-1.5.0-sun-devel"); } }NASL family Misc. NASL id SUN_JAVA_JRE_6_7_UNIX.NASL description The version of Sun Java Runtime Environment (JRE) 6.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the JRE could allow unauthorized access to certain URL resources or cause a denial of service condition while processing XML data. In order to successfully exploit this issue, a JAX-WS client/service included with a trusted application should process the malicious XML content (238628). - A vulnerability in the JRE may allow an untrusted applet to access information from another applet (238687). - A buffer overflow vulnerability in Java Web Start could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start may disclose the location of Java Web Start cache (238905). - A vulnerability in Sun Java Management Extensions (JMX) could allow a JMX client running on a remote host to perform unauthorized actions on a host running JMX with local monitoring enabled (238965). - A vulnerability in the JRE could allow an untrusted applet / application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238967, 238687). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968). last seen 2020-06-01 modified 2020-06-02 plugin id 64833 published 2013-02-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64833 title Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities (Unix) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(64833); script_version("1.13"); script_cvs_date("Date: 2019/12/04"); script_cve_id( "CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3107", "CVE-2008-3109", "CVE-2008-3110", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114", "CVE-2008-3115" ); script_bugtraq_id( 30140, 30141, 30142, 30143, 30144, 30146, 30148 ); script_name(english:"Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities (Unix)"); script_summary(english:"Checks version of Sun JRE"); script_set_attribute(attribute:"synopsis", value: "The remote Unix host has an application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Sun Java Runtime Environment (JRE) 6.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the JRE could allow unauthorized access to certain URL resources or cause a denial of service condition while processing XML data. In order to successfully exploit this issue, a JAX-WS client/service included with a trusted application should process the malicious XML content (238628). - A vulnerability in the JRE may allow an untrusted applet to access information from another applet (238687). - A buffer overflow vulnerability in Java Web Start could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start may disclose the location of Java Web Start cache (238905). - A vulnerability in Sun Java Management Extensions (JMX) could allow a JMX client running on a remote host to perform unauthorized actions on a host running JMX with local monitoring enabled (238965). - A vulnerability in the JRE could allow an untrusted applet / application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238967, 238687). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968)."); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019338.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019344.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019367.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019373.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019375.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019376.1.html"); script_set_attribute(attribute:"solution", value: "Update to Sun Java JDK and JRE 6 Update 7 or later and remove, if necessary, any affected versions."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-3113"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(16, 20, 119, 200, 264); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed_unix.nasl"); script_require_keys("Host/Java/JRE/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*"); info = ""; vuln = 0; vuln2 = 0; installed_versions = ""; granular = ""; foreach install (list_uniq(keys(installs))) { ver = install - "Host/Java/JRE/Unmanaged/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; if (ver =~ "^1\.6\.0_0[0-6][^0-9]?") { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.6.0_07\n'; } else if (ver =~ "^[\d\.]+$") { dirs = make_list(get_kb_list(install)); foreach dir (dirs) granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n'; } else { dirs = make_list(get_kb_list(install)); vuln2 += max_index(dirs); } } # Report if any were found to be vulnerable. if (info) { if (report_verbosity > 0) { if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_hole(port:0, extra:report); } else security_hole(0); if (granular) exit(0, granular); } else { if (granular) exit(0, granular); installed_versions = substr(installed_versions, 3); if (vuln2 > 1) exit(0, "The Java "+installed_versions+" installs on the remote host are not affected."); else exit(0, "The Java "+installed_versions+" install on the remote host is not affected."); }NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_5_0-IBM-5557.NASL description IBM Java 5 was updated to SR8 to fix various security issues : - Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) - A vulnerability in the XML processing API was found. A remote attacker who caused malicious XML to be processed by an untrusted applet or application was able to elevate permissions to access URLs on a remote host. (CVE-2008-3106) - A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3108) - Several buffer overflow vulnerabilities in Java Web Start were reported. These vulnerabilities allowed an untrusted Java Web Start application to elevate its privileges, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3111) - Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112 / CVE-2008-3113) - A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114) last seen 2020-06-01 modified 2020-06-02 plugin id 34072 published 2008-09-03 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34072 title SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5557) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(34072); script_version ("1.18"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2008-3104", "CVE-2008-3106", "CVE-2008-3108", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114"); script_name(english:"SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5557)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "IBM Java 5 was updated to SR8 to fix various security issues : - Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) - A vulnerability in the XML processing API was found. A remote attacker who caused malicious XML to be processed by an untrusted applet or application was able to elevate permissions to access URLs on a remote host. (CVE-2008-3106) - A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3108) - Several buffer overflow vulnerabilities in Java Web Start were reported. These vulnerabilities allowed an untrusted Java Web Start application to elevate its privileges, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3111) - Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112 / CVE-2008-3113) - A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3104.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3106.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3108.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3111.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3112.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3113.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3114.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5557."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(20, 119, 200, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-demo-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-devel-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-src-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-alsa-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-jdbc-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-plugin-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-32bit-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-alsa-32bit-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-devel-32bit-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_5_0-ibm-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_5_0-ibm-demo-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_5_0-ibm-devel-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_5_0-ibm-src-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"java-1_5_0-ibm-alsa-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"java-1_5_0-ibm-jdbc-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"java-1_5_0-ibm-plugin-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, cpu:"x86_64", reference:"java-1_5_0-ibm-32bit-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, cpu:"x86_64", reference:"java-1_5_0-ibm-alsa-32bit-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLED10", sp:2, cpu:"x86_64", reference:"java-1_5_0-ibm-devel-32bit-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-alsa-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-devel-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-fonts-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-jdbc-1.5.0_sr8-1.1")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-plugin-1.5.0_sr8-1.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Windows NASL id SUN_JAVA_J2SE_4_2_18.NASL description The version of Sun Java Runtime Environment (JRE) J2SE 1.4.2 installed on the remote host is affected by multiple security issues : - A buffer overflow vulnerability in font processing module of the JRE could allow an untrusted applet/application to elevate its privilege to read, write and execute local applications with privileges of the user running an untrusted applet (238666). - A vulnerability in the JRE could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with privileges of the user running an untrusted applet (238967). - A buffer overflow vulnerability in Java Web Start could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968). - It should be noted that J2SE 1.4.2 is in its EOL period, and the transition is set to complete on Oct 30th 2008. Please refer to See also section for more details. last seen 2020-06-01 modified 2020-06-02 plugin id 33486 published 2008-07-15 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33486 title Sun Java J2SE 1.4.2 < Update 18 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(33486); script_version("1.26"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id("CVE-2008-3104", "CVE-2008-3107", "CVE-2008-3108", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114"); script_bugtraq_id(30140, 30141, 30147, 30148); script_name(english:"Sun Java J2SE 1.4.2 < Update 18 Multiple Vulnerabilities" ); script_summary(english:"Checks version of Sun JRE"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has an application that is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The version of Sun Java Runtime Environment (JRE) J2SE 1.4.2 installed on the remote host is affected by multiple security issues : - A buffer overflow vulnerability in font processing module of the JRE could allow an untrusted applet/application to elevate its privilege to read, write and execute local applications with privileges of the user running an untrusted applet (238666). - A vulnerability in the JRE could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with privileges of the user running an untrusted applet (238967). - A buffer overflow vulnerability in Java Web Start could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968). - It should be noted that J2SE 1.4.2 is in its EOL period, and the transition is set to complete on Oct 30th 2008. Please refer to See also section for more details." ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019342.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019367.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019375.1.html" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20100513211142/http://sunsolve.sun.com:80/search/document.do?assetkey=1-66-238968-1" ); script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/java/eol-135779.html" ); script_set_attribute(attribute:"solution", value: "Update to Sun Java J2SE 1.4.2_18 or later and remove, if necessary, any affected versions." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(20, 119, 200, 264); script_set_attribute(attribute:"patch_publication_date", value: "2008/07/08"); script_set_attribute(attribute:"plugin_publication_date", value: "2008/07/15"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("sun_java_jre_installed.nasl"); script_require_keys("SMB/Java/JRE/Installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list("SMB/Java/JRE/*"); if (isnull(installs)) exit(0); info = ""; vuln = 0; foreach install (list_uniq(keys(installs))) { ver = install - "SMB/Java/JRE/"; if (ver =~ "^1\.4\.2_(0[0-9]|1[0-7][^0-9]?)") { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.4.2_18\n'; } } # Report if any were found to be vulnerable. if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity) { if (vuln > 1) s = "s of Sun's JRE are"; else s = " of Sun's JRE is"; report = '\n'+ 'The following vulnerable instance' + s + ' installed on the\n' + 'remote host :\n' + info; security_hole(port:port, extra:report); } else security_hole(port); }NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_4_2-SUN-5431.NASL description Sun Java was updated to 1.4.2u18 to fix following security vulnerabilities : - Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. (CVE-2008-3114) - Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. (CVE-2008-3113) - Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. (CVE-2008-3112) - Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. (CVE-2008-3111) - Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. (CVE-2008-3108) - Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. (CVE-2008-3107) - Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet last seen 2020-06-01 modified 2020-06-02 plugin id 34036 published 2008-08-24 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34036 title SuSE 10 Security Update : Java 1.4.2 (ZYPP Patch Number 5431) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_5_0-SUN-5434.NASL description Sun Java was updated to 1.5.0u16 to fix following security vulnerabilities : CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet last seen 2020-06-01 modified 2020-06-02 plugin id 34037 published 2008-08-24 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34037 title openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5434) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_5_0-IBM-5591.NASL description IBM Java 5 was updated to SR8 to fix various security issues : - Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) - A vulnerability in the XML processing API was found. A remote attacker who caused malicious XML to be processed by an untrusted applet or application was able to elevate permissions to access URLs on a remote host. (CVE-2008-3106) - A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3108) - Several buffer overflow vulnerabilities in Java Web Start were reported. These vulnerabilities allowed an untrusted Java Web Start application to elevate its privileges, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3111) - Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112 / CVE-2008-3113) - A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114) This release also reinstates previous Crypto Export policy jars lost between SR3 and SR8. last seen 2020-06-01 modified 2020-06-02 plugin id 34200 published 2008-09-14 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34200 title SuSE 10 Security Update : IBM Java 1.5 (ZYPP Patch Number 5591) NASL family Windows NASL id SUN_JAVA_JRE_5_16.NASL description The version of Sun Java Runtime Environment (JRE) 5.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the XML processing module of the JRE could allow an untrusted applet/application unauthorized access to certain URL resources (238628). - A buffer overflow vulnerability in font processing module of the JRE, could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with privileges of the user running an untrusted applet (238666). Note this issue only affects Sun Java JDK/JRE 5 Update 9 and earlier. - A buffer overflow vulnerability in Java Web Start, could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to user running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - Vulnerability in Sun Java Management Extensions (JMX) could allow a JMX client running on a remote host to perform unauthorized actions on a host running JMX with local monitoring enabled (238965). - An implementation defect in the JRE, may allow an applet designed to run last seen 2020-06-01 modified 2020-06-02 plugin id 33487 published 2008-07-15 reporter This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33487 title Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0906.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A flaw was found in the Java Management Extensions (JMX) management agent. When local monitoring is enabled, remote attackers could use this flaw to perform illegal operations. (CVE-2008-3103) Several flaws involving the handling of unsigned applets were found. A remote attacker could misuse an unsigned applet in order to connect to services on the host running the applet. (CVE-2008-3104) Several flaws in the Java API for XML Web Services (JAX-WS) client and the JAX-WS service implementation were found. A remote attacker who could cause malicious XML to be processed by an application could access URLs, or cause a denial of service. (CVE-2008-3105, CVE-2008-3106) Several flaws within the Java Runtime Environment (JRE) scripting support were found. A remote attacker could grant an untrusted applet extended privileges, such as reading and writing local files, executing local programs, or querying the sensitive data of other applets. (CVE-2008-3109, CVE-2008-3110) A flaw in Java Web Start was found. Using an untrusted Java Web Start application, a remote attacker could create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112) A flaw in Java Web Start when processing untrusted applications was found. An attacker could use this flaw to acquire sensitive information, such as the location of the cache. (CVE-2008-3114) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR2 Java release, which resolves these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40728 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40728 title RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2008:0906) NASL family SuSE Local Security Checks NASL id SUSE_11_0_JAVA-1_5_0-SUN-080715.NASL description Sun Java was updated to 1.5.0u16 to fix following security vulnerabilities : CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet last seen 2020-06-01 modified 2020-06-02 plugin id 39996 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39996 title openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-96) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_4_2-SUN-5430.NASL description Sun Java was updated to 1.4.2u18 to fix following security vulnerabilities : CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet last seen 2020-06-01 modified 2020-06-02 plugin id 34035 published 2008-08-24 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34035 title openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-5430) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0955.NASL description Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM last seen 2020-06-01 modified 2020-06-02 plugin id 40729 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40729 title RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2008:0955) NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_5_UPDATE2.NASL description The remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing update 2. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet. last seen 2020-03-18 modified 2008-09-25 plugin id 34290 published 2008-09-25 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34290 title Mac OS X : Java for Mac OS X 10.5 Update 2 NASL family Scientific Linux Local Security Checks NASL id SL_20080714_JAVA__JDK_1_5_0__ON_SL4_X.NASL description Flaws in the JRE allowed an untrusted application or applet to elevate its privileges. This could be exploited by a remote attacker to access local files or execute local applications accessible to the user running the JRE (CVE-2008-1185, CVE-2008-1186) A flaw was found in the Java XSLT processing classes. An untrusted application or applet could cause a denial of service, or execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1187) Several buffer overflow flaws were found in Java Web Start (JWS). An untrusted JNLP application could access local files or execute local applications accessible to the user running the JRE. (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196) A flaw was found in the Java Plug-in. A remote attacker could bypass the same origin policy, executing arbitrary code with the permissions of the user running the JRE. (CVE-2008-1192) A flaw was found in the JRE image parsing libraries. An untrusted application or applet could cause a denial of service, or possible execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1193) A flaw was found in the JRE color management library. An untrusted application or applet could trigger a denial of service (JVM crash). (CVE-2008-1194) The JRE allowed untrusted JavaScript code to create local network connections by the use of Java APIs. A remote attacker could use these flaws to access local network services. (CVE-2008-1195) A vulnerability was found in the Java Management Extensions (JMX) management agent, when local monitoring is enabled. This allowed remote attackers to perform illegal operations. (CVE-2008-3103) Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) A Java Runtime Environment (JRE) vulnerability could be triggered by an untrusted application or applet. A remote attacker could grant an untrusted applet extended privileges such as reading and writing local files, or executing local programs. (CVE-2008-3107) Several buffer overflow vulnerabilities in Java Web Start were reported. These vulnerabilities may allow an untrusted Java Web Start application to elevate its privileges and thereby grant itself permission to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3111) Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112, CVE-2008-3113) A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114) last seen 2020-06-01 modified 2020-06-02 plugin id 60440 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60440 title Scientific Linux Security Update : java (jdk 1.5.0) on SL4.x, SL5.x i386/x86_64 NASL family Misc. NASL id SUN_JAVA_J2SE_4_2_18_UNIX.NASL description The version of Sun Java Runtime Environment (JRE) J2SE 1.4.2 installed on the remote host is affected by multiple security issues : - A buffer overflow vulnerability in the font processing module of the JRE could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238666). - A vulnerability in the JRE could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238967). - A buffer overflow vulnerability in Java Web Start could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the local host and potentially exploit vulnerabilities existing in the underlying JRE (238968). - It should be noted that J2SE 1.4.2 is in its EOL period, and the transition is set to complete on Oct 30th 2008. last seen 2020-06-01 modified 2020-06-02 plugin id 64817 published 2013-02-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64817 title Sun Java J2SE 1.4.2 < Update 18 Multiple Vulnerabilities (Unix) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0595.NASL description Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. A vulnerability was found in the Java Management Extensions (JMX) management agent, when local monitoring is enabled. This allowed remote attackers to perform illegal operations. (CVE-2008-3103) Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) A Java Runtime Environment (JRE) vulnerability could be triggered by an untrusted application or applet. A remote attacker could grant an untrusted applet extended privileges such as reading and writing local files, or executing local programs. (CVE-2008-3107) Several buffer overflow vulnerabilities in Java Web Start were reported. These vulnerabilities may allow an untrusted Java Web Start application to elevate its privileges and thereby grant itself permission to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3111) Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112, CVE-2008-3113) A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114) Users of java-1.5.0-sun should upgrade to these updated packages, which correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40723 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40723 title RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:0595) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0594.NASL description Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. A vulnerability was found in the Java Management Extensions (JMX) management agent, when local monitoring is enabled. This allowed remote attackers to perform illegal operations. (CVE-2008-3103) Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) Several vulnerabilities in the Java API for XML Web Services (JAX-WS) client and service implementation were found. A remote attacker who caused malicious XML to be processed by a trusted or untrusted application was able access URLs or cause a denial of service. (CVE-2008-3105, CVE-2008-3106) A JRE vulnerability could be triggered by an untrusted application or applet. A remote attacker could grant an untrusted applet or application extended privileges such as being able to read and write local files, or execute local programs. (CVE-2008-3107) Several vulnerabilities within the JRE scripting support were reported. A remote attacker could grant an untrusted applet extended privileges such as reading and writing local files, executing local programs, or querying the sensitive data of other applets. (CVE-2008-3109, CVE-2008-3110) A vulnerability in Java Web Start was found. A remote attacker was able to create arbitrary files with the permissions of the user running the untrusted Java Web Start application. (CVE-2008-3112) Another vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114) Users of java-1.6.0-sun should upgrade to these updated packages, which correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 63858 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63858 title RHEL 5 : java-1.6.0-sun (RHSA-2008:0594) NASL family Misc. NASL id JUNIPER_NSM_PSN_2012_08_689.NASL description According to the version of one or more Juniper NSM servers running on the remote host, it is potentially affected by multiple vulnerabilities affecting the Java software running on the host. last seen 2020-06-01 modified 2020-06-02 plugin id 69874 published 2013-09-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69874 title Juniper NSM Servers Multiple Java JDK/JRE Vulnerabilities (PSN-2012-08-689) NASL family Misc. NASL id SUN_JAVA_JRE_5_16_UNIX.NASL description The version of Sun Java Runtime Environment (JRE) 5.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the XML processing module of the JRE could allow an untrusted applet/application unauthorized access to certain URL resources (238628). - A buffer overflow vulnerability in the font processing module of the JRE, could allow an untrusted applet/ application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238666). Note this issue only affects Sun Java JDK/JRE 5 Update 9 and earlier. - A buffer overflow vulnerability in Java Web Start, could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - A vulnerability in Sun Java Management Extensions (JMX) could allow a JMX client running on a remote host to perform unauthorized actions on a host running JMX with local monitoring enabled (238965). - A vulnerability in the JRE could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238967). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968). last seen 2020-06-01 modified 2020-06-02 plugin id 64832 published 2013-02-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64832 title Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities (Unix) NASL family SuSE Local Security Checks NASL id SUSE9_12313.NASL description IBM Java 1.4.2 SR12 fixes the following security problems : - Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to. (CVE-2008-3104) - A vulnerability in Java Web Start may allow an untrusted Java Web Start application downloaded from a website to create arbitrary files with the permissions of the user running the untrusted Java Web Start application. (CVE-2008-3112) - A vulnerability in Java Web Start may allow an untrusted Java Web Start application downloaded from a website to create or delete arbitrary files with the permissions of the user running the untrusted Java Web Start application. (CVE-2008-3113) - A vulnerability in Java Web Start may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2008-3114) last seen 2020-06-01 modified 2020-06-02 plugin id 41258 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41258 title SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12313) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200911-02.NASL description The remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 42834 published 2009-11-18 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42834 title GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_REL7.NASL description The remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 7. The remote version of this software contains several security vulnerabilities which may allow a rogue java applet to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet. last seen 2020-03-18 modified 2008-09-25 plugin id 34291 published 2008-09-25 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34291 title Mac OS X : Java for Mac OS X 10.4 Release 7 NASL family SuSE Local Security Checks NASL id SUSE_11_0_JAVA-1_6_0-SUN-080715.NASL description This update brings the SUN JDK 6 to update level 7. CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3110: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. CVE-2008-3109: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3105: Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving last seen 2020-06-01 modified 2020-06-02 plugin id 40001 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40001 title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-97) NASL family SuSE Local Security Checks NASL id SUSE9_12206.NASL description Sun Java was updated to 1.4.2u18 to fix following security vulnerabilities : - Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. (CVE-2008-3114) - Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. (CVE-2008-3113) - Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. (CVE-2008-3112) - Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. (CVE-2008-3111) - Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. (CVE-2008-3108) - Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. (CVE-2008-3107) - Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet last seen 2020-06-01 modified 2020-06-02 plugin id 41224 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41224 title SuSE9 Security Update : Java2 (YOU Patch Number 12206) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0790.NASL description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) A vulnerability in the XML processing API was found. A remote attacker who caused malicious XML to be processed by an untrusted applet or application was able to elevate permissions to access URLs on a remote host. (CVE-2008-3106) A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3108) Several buffer overflow vulnerabilities in Java Web Start were reported. These vulnerabilities allowed an untrusted Java Web Start application to elevate its privileges, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3111) Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112, CVE-2008-3113) A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, that contain the IBM 1.5.0 SR8 Java release, which resolves these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40725 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40725 title RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2008:0790) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_6_0-SUN-5435.NASL description This update brings the SUN JDK 6 to update level 7. CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3110: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. CVE-2008-3109: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3105: Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving last seen 2020-06-01 modified 2020-06-02 plugin id 34038 published 2008-08-24 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34038 title openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5435) NASL family Windows NASL id SUN_JAVA_JRE_6_7.NASL description The version of Sun Java Runtime Environment (JRE) 6.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the JRE could allow unauthorized access to certain URL resources or cause a denial of service condition while processing XML data. In order to successfully exploit this issue a JAX-WS client/service included with a trusted application should process the malicious XML content (238628). - A vulnerability in the JRE may allow an untrusted applet to access information from another applet (238687). - A buffer overflow vulnerability in Java Web Start could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - An implementation defect in the JRE may allow an applet designed to run last seen 2020-06-01 modified 2020-06-02 plugin id 33488 published 2008-07-15 reporter This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33488 title Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-0016.NASL description a. Privilege escalation on 64-bit guest operating systems VMware products emulate hardware functions, like CPU, Memory, and IO. A flaw in VMware last seen 2020-06-01 modified 2020-06-02 plugin id 40383 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40383 title VMSA-2008-0016 : VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_4_2-IBM-5846.NASL description IBM Java 1.4.2 SR12 fixes the following security problems : - Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to. (CVE-2008-3104) - A vulnerability in Java Web Start may allow an untrusted Java Web Start application downloaded from a website to create arbitrary files with the permissions of the user running the untrusted Java Web Start application. (CVE-2008-3112) - A vulnerability in Java Web Start may allow an untrusted Java Web Start application downloaded from a website to create or delete arbitrary files with the permissions of the user running the untrusted Java Web Start application. (CVE-2008-3113) - A vulnerability in Java Web Start may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2008-3114) last seen 2020-06-01 modified 2020-06-02 plugin id 41524 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41524 title SuSE 10 Security Update : IBM Java (ZYPP Patch Number 5846)
Oval
| accepted | 2010-09-06T04:14:59.098-04:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| description | Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. | ||||
| family | unix | ||||
| id | oval:org.mitre.oval:def:9755 | ||||
| status | accepted | ||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||
| title | Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. | ||||
| version | 6 |
Redhat
| advisories |
| ||||||||||||||||||||
| rpms |
|
Saint
| bid | 30148 |
| description | Sun Java Web Start JNLP file j2se element heap-size buffer overflow |
| id | misc_javawebstart |
| osvdb | 46959 |
| title | java_web_start_jnlp_heapsize |
| type | client |
References
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- http://marc.info/?l=bugtraq&m=122331139823057&w=2
- http://rhn.redhat.com/errata/RHSA-2008-0955.html
- http://secunia.com/advisories/31010
- http://secunia.com/advisories/31055
- http://secunia.com/advisories/31320
- http://secunia.com/advisories/31497
- http://secunia.com/advisories/31600
- http://secunia.com/advisories/31736
- http://secunia.com/advisories/32018
- http://secunia.com/advisories/32179
- http://secunia.com/advisories/32180
- http://secunia.com/advisories/32436
- http://secunia.com/advisories/32826
- http://secunia.com/advisories/33194
- http://secunia.com/advisories/35065
- http://secunia.com/advisories/37386
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
- http://support.apple.com/kb/HT3178
- http://support.apple.com/kb/HT3179
- http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm
- http://www.redhat.com/support/errata/RHSA-2008-0594.html
- http://www.redhat.com/support/errata/RHSA-2008-0595.html
- http://www.redhat.com/support/errata/RHSA-2008-0790.html
- http://www.redhat.com/support/errata/RHSA-2008-0906.html
- http://www.securityfocus.com/archive/1/497041/100/0/threaded
- http://www.securityfocus.com/bid/30148
- http://www.securitytracker.com/id?1020452
- http://www.us-cert.gov/cas/techalerts/TA08-193A.html
- http://www.vmware.com/security/advisories/VMSA-2008-0016.html
- http://www.vupen.com/english/advisories/2008/2056/references
- http://www.vupen.com/english/advisories/2008/2740
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43668
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9755