Vulnerabilities > CVE-2010-4467 - Remote Java Runtime Environment vulnerability in SUN JDK and JRE

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
sun
critical
nessus

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

Vulnerable Configurations

Part Description Count
Application
Sun
28

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110217_JAVA__JDK_1_6_0__ON_SL4_X.NASL
    descriptionThis update fixes several vulnerabilities in the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the
    last seen2020-06-01
    modified2020-06-02
    plugin id60964
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60964
    titleScientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60964);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:19");
    
      script_cve_id("CVE-2010-4422", "CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4451", "CVE-2010-4452", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4463", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4467", "CVE-2010-4468", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4473", "CVE-2010-4475", "CVE-2010-4476");
    
      script_name(english:"Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes several vulnerabilities in the Sun Java 6 Software
    Development Kit. Further information about these flaws can be found on
    the 'Oracle Java SE and Java for Business Critical Patch Update
    Advisory' page. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,
    CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454,
    CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466,
    CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470,
    CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475,
    CVE-2010-4476)
    
    All running instances of Sun Java must be restarted for the update to
    take effect.
    
    NOTE: jdk-1.6.0_20-fcs.x86_64.rpm has not been signed. We cannot sign
    this package without breaking it."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1102&L=scientific-linux-errata&T=0&P=2201
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6b8eaef3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1.6.0-sun-compat and / or jdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Sun Java Applet2ClassLoader Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/02/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL4", reference:"java-1.6.0-sun-compat-1.6.0.24-3.sl4.jpp")) flag++;
    if (rpm_check(release:"SL4", reference:"jdk-1.6.0_24-fcs")) flag++;
    
    if (rpm_check(release:"SL5", reference:"java-1.6.0-sun-compat-1.6.0.24-3.sl5.jpp")) flag++;
    if (rpm_check(release:"SL5", reference:"jdk-1.6.0_24-fcs")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2011-0013.NASL
    descriptiona. ESX third-party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. b. ESX third-party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. c. ESX third-party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3170 and CVE-2010-3173 to these issues. d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475 and CVE-2010-4476. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574. e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30 Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476. f. Integer overflow in VMware third-party component sfcb This release resolves an integer overflow issue present in the third-party library SFCB when the httpMaxContentLength has been changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2054 to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id56665
    published2011-10-28
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56665
    titleVMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0357.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id52701
    published2011-03-17
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52701
    titleRHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2011:0357)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_JAVA-1_6_0-SUN-110314.NASL
    descriptionSun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474
    last seen2020-06-01
    modified2020-06-02
    plugin id75872
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75872
    titleopenSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-4147)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-SUN-110217.NASL
    descriptionSun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. The following CVEs were addressed : CVE-2010-4452 / CVE-2010-4454 / CVE-2010-4462 / CVE-2010-4463 / CVE-2010-4465 / CVE-2010-4467 / CVE-2010-4469 / CVE-2010-4473 / CVE-2010-4422 / CVE-2010-4451 / CVE-2010-4466 / CVE-2010-4470 / CVE-2010-4471 / CVE-2010-4476 / CVE-2010-4447 / CVE-2010-4475 / CVE-2010-4468 / CVE-2010-4450 / CVE-2010-4448 / CVE-2010-4472 / CVE-2010-4474
    last seen2020-06-01
    modified2020-06-02
    plugin id52067
    published2011-02-23
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52067
    titleSuSE 11.1 Security Update : Sun Java 1.6 (SAT Patch Number 3976)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_JAVA-1_6_0-SUN-110217.NASL
    descriptionSun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474
    last seen2020-06-01
    modified2020-06-02
    plugin id53736
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53736
    titleopenSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_6_0-SUN-7342.NASL
    descriptionSun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed : CVE-2010-4452 / CVE-2010-4454 / CVE-2010-4462 / CVE-2010-4463 / CVE-2010-4465 / CVE-2010-4467 / CVE-2010-4469 / CVE-2010-4473 / CVE-2010-4422 / CVE-2010-4451 / CVE-2010-4466 / CVE-2010-4470 / CVE-2010-4471 / CVE-2010-4476 / CVE-2010-4447 / CVE-2010-4475 / CVE-2010-4468 / CVE-2010-4450 / CVE-2010-4448 / CVE-2010-4472 / CVE-2010-4474
    last seen2020-06-01
    modified2020-06-02
    plugin id52068
    published2011-02-23
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52068
    titleSuSE 10 Security Update : IBM Java 1.6 (ZYPP Patch Number 7342)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201111-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201111-02 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56724
    published2011-11-07
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56724
    titleGLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2011-0013_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Java Runtime Environment (JRE) - libuser - Netscape Portable Runtime (NSPR) - Network Security Services (NSS) - OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id89681
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89681
    titleVMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0880.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id63983
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63983
    titleRHEL 5 : IBM Java Runtime (RHSA-2011:0880)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0282.NASL
    descriptionUpdated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the
    last seen2020-06-01
    modified2020-06-02
    plugin id52021
    published2011-02-18
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52021
    titleRHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:0282)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-IBM-110307.NASL
    descriptionIBM Java 6 SR9 FP1 was updated to fix a critical security bug in float number handling : - The Java Runtime Environment hangs forever when converting
    last seen2020-06-01
    modified2020-06-02
    plugin id52751
    published2011-03-22
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52751
    titleSuSE 11.1 Security Update : IBM Java (SAT Patch Number 4109)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201406-32.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id76303
    published2014-06-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76303
    titleGLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_10_5_UPDATE9.NASL
    descriptionThe remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 9. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen2020-03-18
    modified2011-03-09
    plugin id52587
    published2011-03-09
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52587
    titleMac OS X : Java for Mac OS X 10.5 Update 9
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_10_6_UPDATE4.NASL
    descriptionThe remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 4. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen2020-03-18
    modified2011-03-09
    plugin id52588
    published2011-03-09
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52588
    titleMac OS X : Java for Mac OS X 10.6 Update 4
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_6_0-IBM-7369.NASL
    descriptionIBM Java 6 SR9 FP1 was updated to fix a critical security bug in float number handling : - The Java Runtime Environment hangs forever when converting
    last seen2020-06-01
    modified2020-06-02
    plugin id52752
    published2011-03-22
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52752
    titleSuSE 10 Security Update : java-1_6_0-ibm, java-1_6_0-ibm-32bit, java-1_6_0-ibm-64bit, java-1_6_0-ibm-alsa, java-1_6_0-ibm-alsa-32bit, java-1_6_0-ibm-demo, java-1_6_0-ibm-devel, java-1_6_0-ibm-devel-32bit, java-1_6_0-ibm-fonts, java-1_6_0-ibm-jdbc, java-1_6_0-ibm-jdbc-32bit, java-1_6_0-ibm-jdbc-64bit, java-1_6_0-ibm-plugin, java-1_6_0-ibm-plugin-32bit, java-1_6_0-ibm-src (ZYPP Patch Number 7369)
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_FEB_2011_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 24 / 5.0 Update 28 / 1.4.2_30. Such versions are potentially affected by security issues in the following components : - Deployment - HotSpot - Install - JAXP - Java Language - JDBC - Launcher - Networking - Security - Sound - Swing - XML Digital Signature - 2D
    last seen2020-06-01
    modified2020-06-02
    plugin id64844
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64844
    titleOracle Java SE Multiple Vulnerabilities (February 2011 CPU) (Unix)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_JAVA-1_6_0-SUN-110217.NASL
    descriptionSun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474
    last seen2020-06-01
    modified2020-06-02
    plugin id75541
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75541
    titleopenSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_FEB_2011.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 24 / 5.0 Update 28 / 1.4.2_30. Such versions are potentially affected by security issue in the following components : - Deployment - HotSpot - Install - JAXP - Java Language - JDBC - Launcher - Networking - Security - Sound - Swing - XML Digital Signature - 2D
    last seen2020-06-01
    modified2020-06-02
    plugin id52002
    published2011-02-16
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52002
    titleOracle Java SE Multiple Vulnerabilities (February 2011 CPU)

Oval

  • accepted2015-04-20T04:00:20.968-04:00
    classvulnerability
    contributors
    • nameYamini Mohan R
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • namePrashant Kumar
      organizationHewlett-Packard
    • nameMike Cokus
      organizationThe MITRE Corporation
    descriptionUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
    familyunix
    idoval:org.mitre.oval:def:12269
    statusaccepted
    submitted2011-07-28T11:57:52.000-05:00
    titleHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
    version50
  • accepted2014-08-18T04:01:02.291-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationDTCC
    • nameDragos Prisaca
      organizationG2, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    definition_extensions
    • commentJava SE Development Kit 6 is installed
      ovaloval:org.mitre.oval:def:15831
    • commentJava SE Runtime Environment 6 is installed
      ovaloval:org.mitre.oval:def:16362
    descriptionUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
    familywindows
    idoval:org.mitre.oval:def:14384
    statusaccepted
    submitted2011-11-25T18:04:19.000-05:00
    titleUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
    version8

Redhat

advisories
  • rhsa
    idRHSA-2011:0282
  • rhsa
    idRHSA-2011:0880
rpms
  • java-1.6.0-sun-1:1.6.0.24-1jpp.1.el4
  • java-1.6.0-sun-1:1.6.0.24-1jpp.1.el5
  • java-1.6.0-sun-1:1.6.0.24-1jpp.1.el6
  • java-1.6.0-sun-demo-1:1.6.0.24-1jpp.1.el4
  • java-1.6.0-sun-demo-1:1.6.0.24-1jpp.1.el5
  • java-1.6.0-sun-demo-1:1.6.0.24-1jpp.1.el6
  • java-1.6.0-sun-devel-1:1.6.0.24-1jpp.1.el4
  • java-1.6.0-sun-devel-1:1.6.0.24-1jpp.1.el5
  • java-1.6.0-sun-devel-1:1.6.0.24-1jpp.1.el6
  • java-1.6.0-sun-jdbc-1:1.6.0.24-1jpp.1.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.24-1jpp.1.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.24-1jpp.1.el6
  • java-1.6.0-sun-plugin-1:1.6.0.24-1jpp.1.el4
  • java-1.6.0-sun-plugin-1:1.6.0.24-1jpp.1.el5
  • java-1.6.0-sun-plugin-1:1.6.0.24-1jpp.1.el6
  • java-1.6.0-sun-src-1:1.6.0.24-1jpp.1.el4
  • java-1.6.0-sun-src-1:1.6.0.24-1jpp.1.el5
  • java-1.6.0-sun-src-1:1.6.0.24-1jpp.1.el6
  • java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el4
  • java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el6
  • java-1.6.0-ibm-accessibility-1:1.6.0.9.1-1jpp.1.el5
  • java-1.6.0-ibm-demo-1:1.6.0.9.1-1jpp.1.el4
  • java-1.6.0-ibm-demo-1:1.6.0.9.1-1jpp.1.el5
  • java-1.6.0-ibm-demo-1:1.6.0.9.1-1jpp.1.el6
  • java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el4
  • java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el6
  • java-1.6.0-ibm-javacomm-1:1.6.0.9.1-1jpp.1.el4
  • java-1.6.0-ibm-javacomm-1:1.6.0.9.1-1jpp.1.el5
  • java-1.6.0-ibm-javacomm-1:1.6.0.9.1-1jpp.1.el6
  • java-1.6.0-ibm-jdbc-1:1.6.0.9.1-1jpp.1.el4
  • java-1.6.0-ibm-jdbc-1:1.6.0.9.1-1jpp.1.el5
  • java-1.6.0-ibm-jdbc-1:1.6.0.9.1-1jpp.1.el6
  • java-1.6.0-ibm-plugin-1:1.6.0.9.1-1jpp.1.el4
  • java-1.6.0-ibm-plugin-1:1.6.0.9.1-1jpp.1.el5
  • java-1.6.0-ibm-plugin-1:1.6.0.9.1-1jpp.1.el6
  • java-1.6.0-ibm-src-1:1.6.0.9.1-1jpp.1.el4
  • java-1.6.0-ibm-src-1:1.6.0.9.1-1jpp.1.el5
  • java-1.6.0-ibm-src-1:1.6.0.9.1-1jpp.1.el6
  • java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5