Vulnerabilities > CVE-2010-3555 - Remote ActiveX Plug-in vulnerability in SUN JDK and JRE

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
sun
critical
nessus

Summary

Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html 'May be vulnerable only through untrusted Java Web Start applications and Java applets.'

Vulnerable Configurations

Part Description Count
Application
Sun
41

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_JAVA-1_6_0-SUN-101019.NASL
    descriptionSun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551 CVE-2010-3560
    last seen2020-06-01
    modified2020-06-02
    plugin id50299
    published2010-10-22
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50299
    titleopenSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update java-1_6_0-sun-3354.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(50299);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/25 13:36:38");
    
      script_cve_id("CVE-2009-3555", "CVE-2010-1321", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3552", "CVE-2010-3553", "CVE-2010-3554", "CVE-2010-3555", "CVE-2010-3556", "CVE-2010-3557", "CVE-2010-3558", "CVE-2010-3559", "CVE-2010-3560", "CVE-2010-3561", "CVE-2010-3562", "CVE-2010-3563", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3567", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3570", "CVE-2010-3571", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574");
    
      script_name(english:"openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)");
      script_summary(english:"Check for the java-1_6_0-sun-3354 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Sun Java 1.6.0 was updated to Security Update U22.
    
    The release notes for this release are on:
    http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121.
    html
    
    Security advisory page for this update:
    http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625
    8.html
    
    Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562
    CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554
    CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552
    CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550
    CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549
    CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548
    CVE-2010-3551 CVE-2010-3560"
      );
      # http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0380007c"
      );
      # http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bc96963b"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=646073"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2010-10/msg00026.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1_6_0-sun packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Sun Java Web Start BasicServiceImpl Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/10/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.2", reference:"java-1_6_0-sun-1.6.0.u22-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"java-1_6_0-sun-alsa-1.6.0.u22-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"java-1_6_0-sun-demo-1.6.0.u22-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"java-1_6_0-sun-devel-1.6.0.u22-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"java-1_6_0-sun-jdbc-1.6.0.u22-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"java-1_6_0-sun-plugin-1.6.0.u22-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"java-1_6_0-sun-src-1.6.0.u22-1.2.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_6_0-sun");
    }
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2011-0013.NASL
    descriptiona. ESX third-party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. b. ESX third-party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. c. ESX third-party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3170 and CVE-2010-3173 to these issues. d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475 and CVE-2010-4476. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574. e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30 Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476. f. Integer overflow in VMware third-party component sfcb This release resolves an integer overflow issue present in the third-party library SFCB when the httpMaxContentLength has been changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2054 to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id56665
    published2011-10-28
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56665
    titleVMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_6_0-IBM-7312.NASL
    descriptionIBM Java 6 SR9 was released, fixing a lot of security issues. IBM JDK Alerts can also be found on this page: http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen2020-06-01
    modified2020-06-02
    plugin id51750
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51750
    titleSuSE 10 Security Update : IBM Java 6 SR9 (ZYPP Patch Number 7312)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201111-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201111-02 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56724
    published2011-11-07
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56724
    titleGLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2011-0013_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Java Runtime Environment (JRE) - libuser - Netscape Portable Runtime (NSPR) - Network Security Services (NSS) - OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id89681
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89681
    titleVMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_OCT_2010.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 22 / 5.0 Update 26 / 1.4.2_28. Such versions are potentially affected by security issue in the following components : - CORBA - Deployment - Deployment Toolkit - Java 2D - Java Web Start - JNDI - JRE - JSSE - Kerberos - Networking - New Java Plug-in - Sound - Swing
    last seen2020-06-01
    modified2020-06-02
    plugin id49996
    published2010-10-15
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49996
    titleOracle Java SE Multiple Vulnerabilities (October 2010 CPU)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0880.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id63983
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63983
    titleRHEL 5 : IBM Java Runtime (RHSA-2011:0880)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-SUN-101019.NASL
    descriptionSun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html
    last seen2020-06-01
    modified2020-06-02
    plugin id50919
    published2010-12-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50919
    titleSuSE 11 / 11.1 Security Update : Java 1.6.0 (SAT Patch Numbers 3347 / 3349)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_6_0-SUN-7204.NASL
    descriptionSun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked for this update: CVE-2010-3556 / CVE-2010-3562 / CVE-2010-3565 / CVE-2010-3566 / CVE-2010-3567 / CVE-2010-3571 / CVE-2010-3554 / CVE-2010-3563 / CVE-2010-3568 / CVE-2010-3569 / CVE-2010-3558 / CVE-2010-3552 / CVE-2010-3559 / CVE-2010-3572 / CVE-2010-3553 / CVE-2010-3555 / CVE-2010-3550 / CVE-2010-3570 / CVE-2010-3561 / CVE-2009-3555 / CVE-2010-1321 / CVE-2010-3549 / CVE-2010-3557 / CVE-2010-3541 / CVE-2010-3573 / CVE-2010-3574 / CVE-2010-3548 / CVE-2010-3551 / CVE-2010-3560
    last seen2020-06-01
    modified2020-06-02
    plugin id51751
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51751
    titleSuSE 10 Security Update : Sun Java 1.6.0 (ZYPP Patch Number 7204)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0987.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id51197
    published2010-12-16
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51197
    titleRHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2010:0987)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20101014_JAVA__JDK_1_6_0__ON_SL4_X.NASL
    descriptionThis update fixes several vulnerabilities in the Java 6 Software Development Kit. Further information about these flaws can be found on the
    last seen2020-06-01
    modified2020-06-02
    plugin id60869
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60869
    titleScientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_JAVA-1_6_0-SUN-101019.NASL
    descriptionSun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551 CVE-2010-3560
    last seen2020-06-01
    modified2020-06-02
    plugin id50298
    published2010-10-22
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50298
    titleopenSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_OCT_2010_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 22 / 5.0 Update 26 / 1.4.2_28. Such versions are potentially affected by security issue in the following components : - CORBA - Deployment - Deployment Toolkit - Java 2D - Java Web Start - JNDI - JRE - JSSE - Kerberos - Networking - New Java Plug-in - Sound - Swing
    last seen2020-06-01
    modified2020-06-02
    plugin id64843
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64843
    titleOracle Java SE Multiple Vulnerabilities (October 2010 CPU) (Unix)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-IBM-101220.NASL
    descriptionIBM Java 6 SR9 was released which fixes a lot of security issues. IBM JDK Alerts can also be found on this page: http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen2020-06-01
    modified2020-06-02
    plugin id51667
    published2011-01-25
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51667
    titleSuSE 11.1 Security Update : IBM Java 6 (SAT Patch Number 3724)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0770.NASL
    descriptionUpdated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the
    last seen2020-06-01
    modified2020-06-02
    plugin id49990
    published2010-10-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49990
    titleRHEL 4 / 5 : java-1.6.0-sun (RHSA-2010:0770)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_JAVA-1_6_0-SUN-101019.NASL
    descriptionSun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551 CVE-2010-3560
    last seen2020-06-01
    modified2020-06-02
    plugin id75540
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75540
    titleopenSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)

Oval

  • accepted2015-06-01T04:00:05.249-04:00
    classvulnerability
    contributors
    • nameSecPod Team
      organizationSecPod Technologies
    • nameMaria Mikhno
      organizationALTX-SOFT
    • nameEvgeniy Pavlov
      organizationALTX-SOFT
    definition_extensions
    • commentJava Development Kit is installed
      ovaloval:org.mitre.oval:def:12203
    • commentJava SE Development Kit 6 is installed
      ovaloval:org.mitre.oval:def:15831
    • commentJava Runtime Environment is installed
      ovaloval:org.mitre.oval:def:11627
    • commentJava SE Runtime Environment 6 is installed
      ovaloval:org.mitre.oval:def:16362
    descriptionUnspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.
    familywindows
    idoval:org.mitre.oval:def:11320
    statusaccepted
    submitted2010-11-19T05:18:13
    titleUnspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
    version11
  • accepted2015-04-20T04:00:18.740-04:00
    classvulnerability
    contributors
    • nameVarun Narula
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • namePrashant Kumar
      organizationHewlett-Packard
    • nameMike Cokus
      organizationThe MITRE Corporation
    descriptionUnspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.
    familyunix
    idoval:org.mitre.oval:def:12222
    statusaccepted
    submitted2011-02-02T17:07:54.000-05:00
    titleHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
    version49

Redhat

advisories
  • rhsa
    idRHSA-2010:0770
  • rhsa
    idRHSA-2010:0987
  • rhsa
    idRHSA-2011:0880
rpms
  • java-1.6.0-sun-1:1.6.0.22-1jpp.1.el4
  • java-1.6.0-sun-1:1.6.0.22-1jpp.1.el5
  • java-1.6.0-sun-demo-1:1.6.0.22-1jpp.1.el4
  • java-1.6.0-sun-demo-1:1.6.0.22-1jpp.1.el5
  • java-1.6.0-sun-devel-1:1.6.0.22-1jpp.1.el4
  • java-1.6.0-sun-devel-1:1.6.0.22-1jpp.1.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.22-1jpp.1.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.22-1jpp.1.el5
  • java-1.6.0-sun-plugin-1:1.6.0.22-1jpp.1.el4
  • java-1.6.0-sun-plugin-1:1.6.0.22-1jpp.1.el5
  • java-1.6.0-sun-src-1:1.6.0.22-1jpp.1.el4
  • java-1.6.0-sun-src-1:1.6.0.22-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.9.0-1jpp.3.el4
  • java-1.6.0-ibm-1:1.6.0.9.0-1jpp.3.el5
  • java-1.6.0-ibm-1:1.6.0.9.0-1jpp.4.el6
  • java-1.6.0-ibm-accessibility-1:1.6.0.9.0-1jpp.3.el5
  • java-1.6.0-ibm-demo-1:1.6.0.9.0-1jpp.3.el4
  • java-1.6.0-ibm-demo-1:1.6.0.9.0-1jpp.3.el5
  • java-1.6.0-ibm-demo-1:1.6.0.9.0-1jpp.4.el6
  • java-1.6.0-ibm-devel-1:1.6.0.9.0-1jpp.3.el4
  • java-1.6.0-ibm-devel-1:1.6.0.9.0-1jpp.3.el5
  • java-1.6.0-ibm-devel-1:1.6.0.9.0-1jpp.4.el6
  • java-1.6.0-ibm-javacomm-1:1.6.0.9.0-1jpp.3.el4
  • java-1.6.0-ibm-javacomm-1:1.6.0.9.0-1jpp.3.el5
  • java-1.6.0-ibm-javacomm-1:1.6.0.9.0-1jpp.4.el6
  • java-1.6.0-ibm-jdbc-1:1.6.0.9.0-1jpp.3.el4
  • java-1.6.0-ibm-jdbc-1:1.6.0.9.0-1jpp.3.el5
  • java-1.6.0-ibm-jdbc-1:1.6.0.9.0-1jpp.4.el6
  • java-1.6.0-ibm-plugin-1:1.6.0.9.0-1jpp.3.el4
  • java-1.6.0-ibm-plugin-1:1.6.0.9.0-1jpp.3.el5
  • java-1.6.0-ibm-plugin-1:1.6.0.9.0-1jpp.4.el6
  • java-1.6.0-ibm-src-1:1.6.0.9.0-1jpp.3.el4
  • java-1.6.0-ibm-src-1:1.6.0.9.0-1jpp.3.el5
  • java-1.6.0-ibm-src-1:1.6.0.9.0-1jpp.4.el6
  • java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5