Vulnerabilities > CVE-2009-2720 - Unspecified vulnerability in SUN Java SE

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
sun
nessus

Summary

Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException in the Jemmy library) via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Sun
1

Nessus

  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0002_REMOTE.NASL
    descriptionThe remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the bundled version of the Java Runtime Environment (JRE).
    last seen2020-06-01
    modified2020-06-02
    plugin id89736
    published2016-03-08
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89736
    titleVMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89736);
      script_version("1.5");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id(
        "CVE-2009-1093",
        "CVE-2009-1094",
        "CVE-2009-1095",
        "CVE-2009-1096",
        "CVE-2009-1097",
        "CVE-2009-1098",
        "CVE-2009-1099",
        "CVE-2009-1100",
        "CVE-2009-1101",
        "CVE-2009-1102",
        "CVE-2009-1103",
        "CVE-2009-1104",
        "CVE-2009-1105",
        "CVE-2009-1106",
        "CVE-2009-1107",
        "CVE-2009-2625",
        "CVE-2009-2670",
        "CVE-2009-2671",
        "CVE-2009-2672",
        "CVE-2009-2673",
        "CVE-2009-2675",
        "CVE-2009-2676",
        "CVE-2009-2716",
        "CVE-2009-2718",
        "CVE-2009-2719",
        "CVE-2009-2720",
        "CVE-2009-2721",
        "CVE-2009-2722",
        "CVE-2009-2723",
        "CVE-2009-2724",
        "CVE-2009-3728",
        "CVE-2009-3729",
        "CVE-2009-3864",
        "CVE-2009-3865",
        "CVE-2009-3866",
        "CVE-2009-3867",
        "CVE-2009-3868",
        "CVE-2009-3869",
        "CVE-2009-3871",
        "CVE-2009-3872",
        "CVE-2009-3873",
        "CVE-2009-3874",
        "CVE-2009-3875",
        "CVE-2009-3876",
        "CVE-2009-3877",
        "CVE-2009-3879",
        "CVE-2009-3880",
        "CVE-2009-3881",
        "CVE-2009-3882",
        "CVE-2009-3883",
        "CVE-2009-3884",
        "CVE-2009-3885",
        "CVE-2009-3886"
      );
      script_bugtraq_id(
        34240,
        35922,
        35939,
        35943,
        35944,
        35946,
        35958,
        36881
      );
      script_xref(name:"VMSA", value:"2010-0002");
    
      script_name(english:"VMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)");
      script_summary(english:"Checks the ESX / ESXi version and build number.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESX host is missing a security-related patch.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESX host is missing a security-related patch. It is,
    therefore, affected by multiple vulnerabilities, including remote code
    execution vulnerabilities, in the bundled version of the Java Runtime
    Environment (JRE).");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2010-0002");
      script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2010/000097.html");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the vendor advisory that
    pertains to ESX version 3.5 / 4.0.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(16, 20, 22, 94, 119, 189, 200, 264, 310, 362, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/03/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/01/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
      script_require_ports("Host/VMware/vsphere");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    ver = get_kb_item_or_exit("Host/VMware/version");
    rel = get_kb_item_or_exit("Host/VMware/release");
    port = get_kb_item_or_exit("Host/VMware/vsphere");
    esx = '';
    
    if ("ESX" >!< rel)
      audit(AUDIT_OS_NOT, "VMware ESX/ESXi");
    
    extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
    if (isnull(extract))
      audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");
    else
    {
      esx = extract[1];
      ver = extract[2];
    }
    
    # fixed build numbers are the same for ESX and ESXi
    fixes = make_array(
              "3.5", "227413",
              "4.0", "256968"
            );
    
    fix = FALSE;
    fix = fixes[ver];
    
    # get the build before checking the fix for the most complete audit trail
    extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);
    if (isnull(extract))
      audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver);
    
    build = int(extract[1]);
    
    # if there is no fix in the array, fix is FALSE
    if (!fix)
      audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
    
    if (build < fix)
    {
    
      report = '\n  Version         : ' + esx + " " + ver +
               '\n  Installed build : ' + build +
               '\n  Fixed build     : ' + fix +
               '\n';
      security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
      exit(0);
    }
    else
      audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1199.NASL
    descriptionUpdated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the
    last seen2020-06-01
    modified2020-06-02
    plugin id40748
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40748
    titleRHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1199)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1199. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40748);
      script_version ("1.29");
      script_cvs_date("Date: 2019/10/25 13:36:14");
    
      script_cve_id("CVE-2009-2475", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-2689", "CVE-2009-2720", "CVE-2009-2721", "CVE-2009-2722", "CVE-2009-2723", "CVE-2009-2724", "CVE-2009-3403");
      script_bugtraq_id(35671, 35922, 35939, 35942, 35943, 35944, 35946, 35958);
      script_xref(name:"RHSA", value:"2009:1199");
    
      script_name(english:"RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1199)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.5.0-sun packages that correct several security issues
    are now available for Red Hat Enterprise Linux 4 Extras and 5
    Supplementary.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment
    and the Sun Java 5 Software Development Kit.
    
    This update fixes several vulnerabilities in the Sun Java 5 Runtime
    Environment and the Sun Java 5 Software Development Kit. These
    vulnerabilities are summarized on the 'Advance notification of
    Security Updates for Java SE' page from Sun Microsystems, listed in
    the References section. (CVE-2009-2475, CVE-2009-2625, CVE-2009-2670,
    CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675,
    CVE-2009-2676, CVE-2009-2689)
    
    Users of java-1.5.0-sun should upgrade to these updated packages,
    which correct these issues. All running instances of Sun Java must be
    restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2475"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2625"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2670"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2672"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2673"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2676"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2689"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2720"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2721"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2723"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2724"
      );
      # http://blogs.sun.com/security/entry/advance_notification_of_security_updates5
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d520449c"
      );
      # http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?28585f6c"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2009:1199"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(200, 264, 362);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/08/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2009:1199";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-1.5.0.20-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-1.5.0.20-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-plugin-1.5.0.20-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-src-1.5.0.20-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-src-1.5.0.20-1jpp.1.el4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-1.5.0.20-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-1.5.0.20-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-plugin-1.5.0.20-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-src-1.5.0.20-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-src-1.5.0.20-1jpp.1.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-sun / java-1.5.0-sun-demo / java-1.5.0-sun-devel / etc");
      }
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200911-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id42834
    published2009-11-18
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42834
    titleGLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0016.NASL
    descriptiona. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id42870
    published2009-11-23
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42870
    titleVMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0002.NASL
    descriptiona. Java JRE Security Update JRE update to version 1.5.0_22, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_22: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885.
    last seen2020-06-01
    modified2020-06-02
    plugin id45386
    published2010-03-31
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45386
    titleVMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRE
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2009-0016_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start
    last seen2020-06-01
    modified2020-06-02
    plugin id89117
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89117
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1200.NASL
    descriptionUpdated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the
    last seen2020-06-01
    modified2020-06-02
    plugin id40749
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40749
    titleRHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1200)

Redhat

rpms
  • java-1.5.0-sun-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-0:1.5.0.20-1jpp.1.el5
  • java-1.5.0-sun-demo-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-demo-0:1.5.0.20-1jpp.1.el5
  • java-1.5.0-sun-devel-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-devel-0:1.5.0.20-1jpp.1.el5
  • java-1.5.0-sun-jdbc-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-jdbc-0:1.5.0.20-1jpp.1.el5
  • java-1.5.0-sun-plugin-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-plugin-0:1.5.0.20-1jpp.1.el5
  • java-1.5.0-sun-src-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-src-0:1.5.0.20-1jpp.1.el5
  • java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4
  • java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5
  • java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4
  • java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5
  • java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4
  • java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5
  • java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4
  • java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5
  • java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4
  • java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5