Vulnerabilities > CVE-2008-3115 - Configuration vulnerability in SUN JDK and JRE
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 32 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Misc. NASL id SUN_JAVA_JRE_6_7_UNIX.NASL description The version of Sun Java Runtime Environment (JRE) 6.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the JRE could allow unauthorized access to certain URL resources or cause a denial of service condition while processing XML data. In order to successfully exploit this issue, a JAX-WS client/service included with a trusted application should process the malicious XML content (238628). - A vulnerability in the JRE may allow an untrusted applet to access information from another applet (238687). - A buffer overflow vulnerability in Java Web Start could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start may disclose the location of Java Web Start cache (238905). - A vulnerability in Sun Java Management Extensions (JMX) could allow a JMX client running on a remote host to perform unauthorized actions on a host running JMX with local monitoring enabled (238965). - A vulnerability in the JRE could allow an untrusted applet / application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238967, 238687). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968). last seen 2020-06-01 modified 2020-06-02 plugin id 64833 published 2013-02-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64833 title Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities (Unix) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(64833); script_version("1.13"); script_cvs_date("Date: 2019/12/04"); script_cve_id( "CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3107", "CVE-2008-3109", "CVE-2008-3110", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114", "CVE-2008-3115" ); script_bugtraq_id( 30140, 30141, 30142, 30143, 30144, 30146, 30148 ); script_name(english:"Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities (Unix)"); script_summary(english:"Checks version of Sun JRE"); script_set_attribute(attribute:"synopsis", value: "The remote Unix host has an application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Sun Java Runtime Environment (JRE) 6.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the JRE could allow unauthorized access to certain URL resources or cause a denial of service condition while processing XML data. In order to successfully exploit this issue, a JAX-WS client/service included with a trusted application should process the malicious XML content (238628). - A vulnerability in the JRE may allow an untrusted applet to access information from another applet (238687). - A buffer overflow vulnerability in Java Web Start could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start may disclose the location of Java Web Start cache (238905). - A vulnerability in Sun Java Management Extensions (JMX) could allow a JMX client running on a remote host to perform unauthorized actions on a host running JMX with local monitoring enabled (238965). - A vulnerability in the JRE could allow an untrusted applet / application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238967, 238687). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968)."); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019338.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019344.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019367.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019373.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019375.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019376.1.html"); script_set_attribute(attribute:"solution", value: "Update to Sun Java JDK and JRE 6 Update 7 or later and remove, if necessary, any affected versions."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-3113"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(16, 20, 119, 200, 264); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed_unix.nasl"); script_require_keys("Host/Java/JRE/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*"); info = ""; vuln = 0; vuln2 = 0; installed_versions = ""; granular = ""; foreach install (list_uniq(keys(installs))) { ver = install - "Host/Java/JRE/Unmanaged/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; if (ver =~ "^1\.6\.0_0[0-6][^0-9]?") { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.6.0_07\n'; } else if (ver =~ "^[\d\.]+$") { dirs = make_list(get_kb_list(install)); foreach dir (dirs) granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n'; } else { dirs = make_list(get_kb_list(install)); vuln2 += max_index(dirs); } } # Report if any were found to be vulnerable. if (info) { if (report_verbosity > 0) { if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_hole(port:0, extra:report); } else security_hole(0); if (granular) exit(0, granular); } else { if (granular) exit(0, granular); installed_versions = substr(installed_versions, 3); if (vuln2 > 1) exit(0, "The Java "+installed_versions+" installs on the remote host are not affected."); else exit(0, "The Java "+installed_versions+" install on the remote host is not affected."); }
NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_5_0-SUN-5434.NASL description Sun Java was updated to 1.5.0u16 to fix following security vulnerabilities : CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet last seen 2020-06-01 modified 2020-06-02 plugin id 34037 published 2008-08-24 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34037 title openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5434) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update java-1_5_0-sun-5434. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(34037); script_version ("1.10"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3107", "CVE-2008-3108", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114", "CVE-2008-3115"); script_name(english:"openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5434)"); script_summary(english:"Check for the java-1_5_0-sun-5434 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Sun Java was updated to 1.5.0u16 to fix following security vulnerabilities : CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet. CVE-2008-3103: Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to 'perform unauthorized operations' via unspecified vectors." ); script_set_attribute( attribute:"solution", value:"Update the affected java-1_5_0-sun packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(16, 20, 119, 200, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2 / 10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.2", reference:"java-1_5_0-sun-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"java-1_5_0-sun-alsa-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"java-1_5_0-sun-demo-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"java-1_5_0-sun-devel-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"java-1_5_0-sun-jdbc-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"java-1_5_0-sun-plugin-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"java-1_5_0-sun-src-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"java-1_5_0-sun-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"java-1_5_0-sun-alsa-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"java-1_5_0-sun-demo-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"java-1_5_0-sun-devel-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"java-1_5_0-sun-jdbc-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"java-1_5_0-sun-plugin-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"java-1_5_0-sun-src-1.5.0_update16-1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_5_0-sun"); }
NASL family Windows NASL id SUN_JAVA_JRE_5_16.NASL description The version of Sun Java Runtime Environment (JRE) 5.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the XML processing module of the JRE could allow an untrusted applet/application unauthorized access to certain URL resources (238628). - A buffer overflow vulnerability in font processing module of the JRE, could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with privileges of the user running an untrusted applet (238666). Note this issue only affects Sun Java JDK/JRE 5 Update 9 and earlier. - A buffer overflow vulnerability in Java Web Start, could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to user running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - Vulnerability in Sun Java Management Extensions (JMX) could allow a JMX client running on a remote host to perform unauthorized actions on a host running JMX with local monitoring enabled (238965). - An implementation defect in the JRE, may allow an applet designed to run last seen 2020-06-01 modified 2020-06-02 plugin id 33487 published 2008-07-15 reporter This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33487 title Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(33487); script_version("1.26"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id("CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3106", "CVE-2008-3107", "CVE-2008-3108", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114", "CVE-2008-3115"); script_bugtraq_id(30140, 30141, 30142, 30143, 30146, 30147, 30148); script_name(english:"Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities" ); script_summary(english:"Checks version of Sun JRE"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has an application that is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The version of Sun Java Runtime Environment (JRE) 5.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the XML processing module of the JRE could allow an untrusted applet/application unauthorized access to certain URL resources (238628). - A buffer overflow vulnerability in font processing module of the JRE, could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with privileges of the user running an untrusted applet (238666). Note this issue only affects Sun Java JDK/JRE 5 Update 9 and earlier. - A buffer overflow vulnerability in Java Web Start, could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to user running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - Vulnerability in Sun Java Management Extensions (JMX) could allow a JMX client running on a remote host to perform unauthorized actions on a host running JMX with local monitoring enabled (238965). - An implementation defect in the JRE, may allow an applet designed to run 'only' on JRE 5.0 Update 6 or later may run on older releases of the JRE. Note this only affects Windows Vista releases of the JRE (238966). - A vulnerability in the JRE could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with privileges of the user running an untrusted applet (238967). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968)." ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019338.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019342.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019367.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019373.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019375.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019376.1.html" ); script_set_attribute(attribute:"solution", value: "Update to Sun Java JDK and JRE 5 Update 16 or later and remove if necessary any affected versions." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(16, 20, 119, 200, 264); script_set_attribute(attribute:"plugin_publication_date", value: "2008/07/15"); script_set_attribute(attribute:"patch_publication_date", value: "2008/07/08"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed.nasl"); script_require_keys("SMB/Java/JRE/Installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list("SMB/Java/JRE/*"); if (isnull(installs)) exit(1, "The 'SMB/Java/JRE/' KB item is missing."); info = ""; vuln = 0; installed_versions = ""; foreach install (list_uniq(keys(installs))) { ver = install - "SMB/Java/JRE/"; if (ver =~ "^[0-9.]+") installed_versions = installed_versions + " & " + ver; if (ver =~ "^1\.5\.0_(0[0-9]|1[0-5])[^0-9]?") { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.5.0_16\n'; } } # Report if any were found to be vulnerable. if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else { installed_versions = substr(installed_versions, 3); if (" & " >< installed_versions) exit(0, "The Java "+installed_versions+" installs on the remote host are not affected."); else exit(0, "The Java "+installed_versions+" install on the remote host is not affected."); }
NASL family SuSE Local Security Checks NASL id SUSE_11_0_JAVA-1_5_0-SUN-080715.NASL description Sun Java was updated to 1.5.0u16 to fix following security vulnerabilities : CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet last seen 2020-06-01 modified 2020-06-02 plugin id 39996 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39996 title openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-96) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update java-1_5_0-sun-96. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(39996); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3107", "CVE-2008-3108", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114", "CVE-2008-3115"); script_name(english:"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-96)"); script_summary(english:"Check for the java-1_5_0-sun-96 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Sun Java was updated to 1.5.0u16 to fix following security vulnerabilities : CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet. CVE-2008-3103: Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to 'perform unauthorized operations' via unspecified vectors." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=407935" ); script_set_attribute( attribute:"solution", value:"Update the affected java-1_5_0-sun packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(16, 20, 119, 200, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-alsa-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-demo-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-devel-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-jdbc-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-plugin-1.5.0_update16-1.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-src-1.5.0_update16-1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_5_0-sun"); }
NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_5_UPDATE2.NASL description The remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing update 2. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet. last seen 2020-03-18 modified 2008-09-25 plugin id 34290 published 2008-09-25 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34290 title Mac OS X : Java for Mac OS X 10.5 Update 2 code #TRUSTED 260d6fc807ef38ed913cf628160f87535d590e2410b3584adc6d1ce0b8381bb0cf98f4afc92ab9057a03a59c8e07be556856c43a4b41773b7f4d94a567f289f998ec396984d2ac6b5c27f4e456c4d230ba17a3be7a57b730f7993244c9680636ed632118af835c921b4622280846a66965162dfdec583851a6771cd3f7dc479239973797920cface5f8ca76ae86c30c7155c0543e2cc0af3bdaefa5d3d3df57df95216de23f375079d3adea9c258d3c2ffc7e3391860fee202ab5729eead43d5de63c2c73f2cc6ce30b903dad1f8f903eabf631c7702d86501d2d5c4ad9b7bf810aefd5cf34242be3288df1723eb1046914cc56b768ffd9ebde101a5381a0b79a1f3ffcda397b88de8edd80b21dc1059e149a20c927f17e3e557dd1cee069f0e090fcfd05c068d52add2d3da1c5be78383e5c7e81f9b08342dd81728646021d04667aa8088c68826bea9e8e40c78d5c4cec644c8832fc7385878b79618f8d6b3cfb2e6f9a568033c66427f82d3986cbaaccc6ef6f6568d21de4f32970e7490a83ffc4e9d40fd12295f6f974ed2e66365f749f0f262433cd2f46bc2b0e884be3bd2b4bde073b38c6df7b1846f56c6e4e32ed7cfd5d02f0fc38910049deda5c80890fd508c95d668a988dcbe101727a41f0833b19eef6ec4e4c88f59722508d2d9f528c964a532b27beea954873118ae09b3b8630252d66cb83f8a1b31a44f3acb # # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if (description) { script_id(34290); script_version("1.16"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14"); script_cve_id( "CVE-2008-1185", "CVE-2008-1186", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1191", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196", "CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3107", "CVE-2008-3108", "CVE-2008-3109", "CVE-2008-3110", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114", "CVE-2008-3115", "CVE-2008-3637", "CVE-2008-3638" ); script_bugtraq_id(28125, 30144, 30146, 31379, 31380); script_name(english:"Mac OS X : Java for Mac OS X 10.5 Update 2"); script_summary(english:"Check for Java Update 2 on Mac OS X 10.5"); script_set_attribute(attribute:"synopsis", value:"The remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing update 2. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet."); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3179"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Sep/msg00007.html"); script_set_attribute(attribute:"solution", value:"Upgrade to Java for Mac OS X 10.5 update 2"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(264); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/25"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } include("misc_func.inc"); include("ssh_func.inc"); include("macosx_func.inc"); if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS) enable_ssh_wrappers(); else disable_ssh_wrappers(); function exec(cmd) { local_var ret, buf; if ( islocalhost() ) buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd)); else { ret = ssh_open_connection(); if ( ! ret ) exit(0); buf = ssh_cmd(cmd:cmd); ssh_close_connection(); } if ( buf !~ "^[0-9]" ) exit(0); buf = chomp(buf); return buf; } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); # Mac OS X 10.5 only if ( egrep(pattern:"Darwin.* 9\.", string:uname) ) { cmd = _GetBundleVersionCmd(file:"JavaPluginCocoa.bundle", path:"/Library/Internet Plug-Ins", label:"CFBundleVersion"); buf = exec(cmd:cmd); if ( ! strlen(buf) ) exit(0); array = split(buf, sep:'.', keep:FALSE); # Fixed in version 12.2.0 if ( int(array[0]) < 12 || (int(array[0]) == 12 && int(array[1]) < 2 ) ) { security_hole(0); } }
NASL family Misc. NASL id JUNIPER_NSM_PSN_2012_08_689.NASL description According to the version of one or more Juniper NSM servers running on the remote host, it is potentially affected by multiple vulnerabilities affecting the Java software running on the host. last seen 2020-06-01 modified 2020-06-02 plugin id 69874 published 2013-09-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69874 title Juniper NSM Servers Multiple Java JDK/JRE Vulnerabilities (PSN-2012-08-689) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69874); script_version("1.13"); script_cvs_date("Date: 2018/07/13 15:08:46"); script_cve_id( "CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3107", "CVE-2008-3108", "CVE-2008-3109", "CVE-2008-3110", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114", "CVE-2008-3115", "CVE-2011-0786", "CVE-2011-0802", "CVE-2011-0814", "CVE-2011-0815", "CVE-2011-0817", "CVE-2011-0862", "CVE-2011-0863", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0866", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0871", "CVE-2011-0872", "CVE-2011-0873" ); script_bugtraq_id( 30140, 30141, 30143, 30144, 30146, 30147, 30148, 48133, 48134, 48136, 48137, 48138, 48139, 48140, 48141, 48142, 48143, 48144, 48145, 48146, 48147, 48148, 48149 ); script_name(english:"Juniper NSM Servers Multiple Java JDK/JRE Vulnerabilities (PSN-2012-08-689)"); script_summary(english:"Checks versions of NSM servers"); script_set_attribute( attribute:"synopsis", value:"The remote host is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "According to the version of one or more Juniper NSM servers running on the remote host, it is potentially affected by multiple vulnerabilities affecting the Java software running on the host." ); # http://kb.juniper.net/InfoCenter/index?page=content&legacyid=PSN-2012-08-689 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e9601ccb"); script_set_attribute( attribute:"solution", value:"Upgrade to NSM version 2012.1R2, 2011.4s5, or 2010.3s8." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(16, 20, 119, 200, 264); script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/09"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/13"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:juniper:netscreen-security_manager"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("juniper_nsm_gui_svr_detect.nasl", "juniper_nsm_servers_installed.nasl"); script_require_keys("Juniper_NSM_VerDetected"); exit(0); } include("audit.inc"); include("misc_func.inc"); include("global_settings.inc"); kb_base = "Host/NSM/"; get_kb_item_or_exit("Juniper_NSM_VerDetected"); kb_list = make_list(); temp = get_kb_list("Juniper_NSM_GuiSvr/*/build"); if (!isnull(temp) && max_index(keys(temp)) > 0) kb_list = make_list(kb_list, keys(temp)); temp = get_kb_list("Host/NSM/*/build"); if (!isnull(temp) && max_index(keys(temp)) > 0) kb_list = make_list(kb_list, keys(temp)); if (isnull(kb_list)) audit(AUDIT_NOT_INST, "Juniper NSM Servers"); report = ''; entry = branch(kb_list); port = 0; kb_base = ''; if ("Juniper_NSM_GuiSvr" >< entry) { port = entry - "Juniper_NSM_GuiSvr/" - "/build"; kb_base = "Juniper_NSM_GuiSvr/" + port + "/"; report_str1 = "Remote GUI server version : "; report_str2 = "Fixed version : "; } else { kb_base = entry - "build"; if ("guiSvr" >< kb_base) { report_str1 = "Local GUI server version : "; report_str2 = "Fixed version : "; } else { report_str1 = "Local device server version : "; report_str2 = "Fixed version : "; } } build = get_kb_item_or_exit(entry); version = get_kb_item_or_exit(kb_base + 'version'); disp_version = version + " (" + build + ")"; # NSM version 2012.1R2 or later # NSM version 2011.4s5 or later # NSM version 2010.3s8 or later item = eregmatch(pattern:"^([0-9.]+)", string:version); if (!isnull(item)) { if ( ver_compare(ver:item[1], fix:'2010.3', strict:FALSE) == -1 || version =~ "^2010.3([rR][1-2]|[sS][1-7])?$" ) { report += '\n ' + report_str1 + disp_version + '\n ' + report_str2 + '2010.3s8' + '\n'; } if ( (version =~ "^2011\." && ver_compare(ver:item[1], fix:'2011.4', strict:FALSE) == -1) || version =~ "^2011.4([sS][1-4])?$" ) { report += '\n ' + report_str1 + disp_version + '\n ' + report_str2 + '2011.4s5' + '\n'; } if (version =~ "^2012\.(1|1[rR]1)$") { report += '\n ' + report_str1 + disp_version + '\n ' + report_str2 + '2012.1R2' + '\n'; } } if (report == '') audit(AUDIT_INST_VER_NOT_VULN, "Juniper NSM GUI Server or Device Server"); if (report_verbosity > 0) security_hole(extra:report, port:port); else security_hole(port);
NASL family Misc. NASL id SUN_JAVA_JRE_5_16_UNIX.NASL description The version of Sun Java Runtime Environment (JRE) 5.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the XML processing module of the JRE could allow an untrusted applet/application unauthorized access to certain URL resources (238628). - A buffer overflow vulnerability in the font processing module of the JRE, could allow an untrusted applet/ application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238666). Note this issue only affects Sun Java JDK/JRE 5 Update 9 and earlier. - A buffer overflow vulnerability in Java Web Start, could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - A vulnerability in Sun Java Management Extensions (JMX) could allow a JMX client running on a remote host to perform unauthorized actions on a host running JMX with local monitoring enabled (238965). - A vulnerability in the JRE could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238967). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968). last seen 2020-06-01 modified 2020-06-02 plugin id 64832 published 2013-02-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64832 title Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities (Unix) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(64832); script_version("1.12"); script_cvs_date("Date: 2019/12/04"); script_cve_id( "CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3107", "CVE-2008-3108", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114", "CVE-2008-3115" ); script_bugtraq_id( 30140, 30141, 30142, 30143, 30146, 30147, 30148 ); script_name(english:"Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities (Unix)"); script_summary(english:"Checks version of Sun JRE"); script_set_attribute(attribute:"synopsis", value: "The remote Unix host has an application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Sun Java Runtime Environment (JRE) 5.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the XML processing module of the JRE could allow an untrusted applet/application unauthorized access to certain URL resources (238628). - A buffer overflow vulnerability in the font processing module of the JRE, could allow an untrusted applet/ application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238666). Note this issue only affects Sun Java JDK/JRE 5 Update 9 and earlier. - A buffer overflow vulnerability in Java Web Start, could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - A vulnerability in Sun Java Management Extensions (JMX) could allow a JMX client running on a remote host to perform unauthorized actions on a host running JMX with local monitoring enabled (238965). - A vulnerability in the JRE could allow an untrusted applet/application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238967). - A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968)."); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019338.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019342.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019367.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019373.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019375.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019376.1.html"); script_set_attribute(attribute:"solution", value: "Update to Sun Java JDK and JRE 5 Update 16 or later and remove, if necessary, any affected versions."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-3113"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(16, 20, 119, 200, 264); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed_unix.nasl"); script_require_keys("Host/Java/JRE/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*"); info = ""; vuln = 0; vuln2 = 0; installed_versions = ""; granular = ""; foreach install (list_uniq(keys(installs))) { ver = install - "Host/Java/JRE/Unmanaged/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; if (ver =~ "^1\.5\.0_(0[0-9]|1[0-5])[^0-9]?") { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.5.0_16\n'; } else if (ver =~ "^[\d\.]+$") { dirs = make_list(get_kb_list(install)); foreach dir (dirs) granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n'; } else { dirs = make_list(get_kb_list(install)); vuln2 += max_index(dirs); } } # Report if any were found to be vulnerable. if (info) { if (report_verbosity > 0) { if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_hole(port:0, extra:report); } else security_hole(0); if (granular) exit(0, granular); } else { if (granular) exit(0, granular); installed_versions = substr(installed_versions, 3); if (vuln2 > 1) exit(0, "The Java "+installed_versions+" installs on the remote host are not affected."); else exit(0, "The Java "+installed_versions+" install on the remote host is not affected."); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200911-02.NASL description The remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 42834 published 2009-11-18 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42834 title GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_REL7.NASL description The remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 7. The remote version of this software contains several security vulnerabilities which may allow a rogue java applet to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet. last seen 2020-03-18 modified 2008-09-25 plugin id 34291 published 2008-09-25 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34291 title Mac OS X : Java for Mac OS X 10.4 Release 7 NASL family SuSE Local Security Checks NASL id SUSE_11_0_JAVA-1_6_0-SUN-080715.NASL description This update brings the SUN JDK 6 to update level 7. CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3110: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. CVE-2008-3109: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3105: Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving last seen 2020-06-01 modified 2020-06-02 plugin id 40001 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40001 title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-97) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_6_0-SUN-5435.NASL description This update brings the SUN JDK 6 to update level 7. CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3110: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. CVE-2008-3109: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3105: Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving last seen 2020-06-01 modified 2020-06-02 plugin id 34038 published 2008-08-24 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34038 title openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5435) NASL family Windows NASL id SUN_JAVA_JRE_6_7.NASL description The version of Sun Java Runtime Environment (JRE) 6.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the JRE could allow unauthorized access to certain URL resources or cause a denial of service condition while processing XML data. In order to successfully exploit this issue a JAX-WS client/service included with a trusted application should process the malicious XML content (238628). - A vulnerability in the JRE may allow an untrusted applet to access information from another applet (238687). - A buffer overflow vulnerability in Java Web Start could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905). - A vulnerability in Java Web Start, could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905). - A vulnerability in Java Web Start, may disclose the location of Java Web Start cache (238905). - An implementation defect in the JRE may allow an applet designed to run last seen 2020-06-01 modified 2020-06-02 plugin id 33488 published 2008-07-15 reporter This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33488 title Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-0016.NASL description a. Privilege escalation on 64-bit guest operating systems VMware products emulate hardware functions, like CPU, Memory, and IO. A flaw in VMware last seen 2020-06-01 modified 2020-06-02 plugin id 40383 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40383 title VMSA-2008-0016 : VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
References
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
- http://marc.info/?l=bugtraq&m=122331139823057&w=2
- http://secunia.com/advisories/31010
- http://secunia.com/advisories/31600
- http://secunia.com/advisories/32018
- http://secunia.com/advisories/32179
- http://secunia.com/advisories/32180
- http://secunia.com/advisories/37386
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1
- http://support.apple.com/kb/HT3178
- http://support.apple.com/kb/HT3179
- http://www.securityfocus.com/archive/1/497041/100/0/threaded
- http://www.securityfocus.com/bid/30142
- http://www.securitytracker.com/id?1020460
- http://www.us-cert.gov/cas/techalerts/TA08-193A.html
- http://www.vmware.com/security/advisories/VMSA-2008-0016.html
- http://www.vupen.com/english/advisories/2008/2056/references
- http://www.vupen.com/english/advisories/2008/2740
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43665