Vulnerabilities > CVE-2011-0871 - Remote Java Runtime Environment vulnerability in SUN JDK and JRE

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
sun
critical
nessus

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.

Vulnerable Configurations

Part Description Count
Application
Sun
324

Nessus

  • NASL familyWindows
    NASL idHP_SYSTEMS_INSIGHT_MANAGER_700_MULTIPLE_VULNS.NASL
    descriptionThe version of HP Systems Insight Manager installed on the remote Windows host is affected by vulnerabilities in the following components : - TLS and SSL protocols - Apache Tomcat - Java - Flash Player - BlazeDS/GraniteDS - Adobe LiveCycle - Adobe Flex SDK - Systems Insight Manager
    last seen2020-06-01
    modified2020-06-02
    plugin id59684
    published2012-06-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59684
    titleHP Systems Insight Manager < 7.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59684);
      script_version("1.19");
      script_cvs_date("Date: 2018/11/15 20:50:27");
    
      script_cve_id(
        "CVE-2009-3555",
        "CVE-2010-2227",
        "CVE-2010-4470",
        "CVE-2010-4476",
        "CVE-2011-0611",
        "CVE-2011-0786",
        "CVE-2011-0788",
        "CVE-2011-0802",
        "CVE-2011-0814",
        "CVE-2011-0815",
        "CVE-2011-0817",
        "CVE-2011-0862",
        "CVE-2011-0863",
        "CVE-2011-0864",
        "CVE-2011-0865",
        "CVE-2011-0866",
        "CVE-2011-0867",
        "CVE-2011-0868",
        "CVE-2011-0869",
        "CVE-2011-0871",
        "CVE-2011-0872",
        "CVE-2011-0873",
        "CVE-2011-2092",
        "CVE-2011-2093",
        "CVE-2011-2130",
        "CVE-2011-2134",
        "CVE-2011-2135",
        "CVE-2011-2136",
        "CVE-2011-2137",
        "CVE-2011-2138",
        "CVE-2011-2139",
        "CVE-2011-2140",
        "CVE-2011-2414",
        "CVE-2011-2415",
        "CVE-2011-2416",
        "CVE-2011-2417",
        "CVE-2011-2425",
        "CVE-2011-2426",
        "CVE-2011-2427",
        "CVE-2011-2428",
        "CVE-2011-2429",
        "CVE-2011-2430",
        "CVE-2011-2444",
        "CVE-2011-2445",
        "CVE-2011-2450",
        "CVE-2011-2451",
        "CVE-2011-2452",
        "CVE-2011-2453",
        "CVE-2011-2454",
        "CVE-2011-2455",
        "CVE-2011-2456",
        "CVE-2011-2457",
        "CVE-2011-2458",
        "CVE-2011-2459",
        "CVE-2011-2460",
        "CVE-2011-2461",
        "CVE-2011-3556",
        "CVE-2011-3557",
        "CVE-2011-3558",
        "CVE-2012-1995",
        "CVE-2012-1996",
        "CVE-2012-1997",
        "CVE-2012-1998",
        "CVE-2012-1999"
      );
      script_bugtraq_id(
        36935,
        41544,
        42817,
        46091,
        46387,
        47314,
        48133,
        48134,
        48135,
        48136,
        48137,
        48138,
        48139,
        48140,
        48141,
        48142,
        48143,
        48144,
        48145,
        48146,
        48147,
        48148,
        48149,
        48267,
        48279,
        49073,
        49074,
        49075,
        49076,
        49077,
        49079,
        49080,
        49081,
        49082,
        49083,
        49084,
        49085,
        49086,
        49710,
        49714,
        49715,
        49716,
        49717,
        49718,
        50618,
        50619,
        50620,
        50621,
        50622,
        50623,
        50624,
        50625,
        50626,
        50627,
        50628,
        50629,
        50869,
        53315
      );
      script_xref(name:"HP", value:"HPSBMU02769");
      script_xref(name:"HP", value:"SSRT100846");
      script_xref(name:"HP", value:"SSRT100093");
      script_xref(name:"HP", value:"SSRT090028");
      script_xref(name:"HP", value:"SSRT100110");
      script_xref(name:"HP", value:"SSRT100373");
      script_xref(name:"HP", value:"SSRT100426");
      script_xref(name:"HP", value:"SSRT100514");
      script_xref(name:"HP", value:"SSRT100562");
      script_xref(name:"HP", value:"SSRT100639");
      script_xref(name:"HP", value:"SSRT100702");
      script_xref(name:"HP", value:"SSRT100819");
    
      script_name(english:"HP Systems Insight Manager < 7.0 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of HP Systems Insight Manager.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains software that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of HP Systems Insight Manager installed on the remote
    Windows host is affected by vulnerabilities in the following
    components :
    
      - TLS and SSL protocols
      - Apache Tomcat
      - Java
      - Flash Player
      - BlazeDS/GraniteDS
      - Adobe LiveCycle
      - Adobe Flex SDK
      - Systems Insight Manager");
    
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?72e42ec4");
      script_set_attribute(attribute:"solution", value:"Upgrade to HP Systems Insight Manager 7.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java RMI Server Insecure Default Configuration Java Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(310);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09"); 
      script_set_attribute(attribute:"patch_publication_date", value:"2012/04/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:systems_insight_manager");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("hp_systems_insight_manager_installed.nasl");
      script_require_keys("installed_sw/HP Systems Insight Manager");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("install_func.inc");
    include("misc_func.inc");
    
    app_name = "HP Systems Insight Manager";
    get_install_count(app_name:app_name, exit_if_zero:TRUE);
    
    install = get_single_install(app_name:app_name);
    path = install['path'];
    version = install['version'];
    
    if (version =~ '^(([A-Z]\\.)?0[0-5]\\.|([A-C]\\.)?0[0-6]\\.[0-9\\.]+)')
    {
      set_kb_item(name:'www/0/XSS', value:TRUE);
      set_kb_item(name:'www/0/XSRF', value:TRUE);
    
      port = get_kb_item('SMB/transport');
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : C.07.00.00.00' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-8003.NASL
    descriptionhttp://blog.fuseyism.com/index.php/2011/06/08/icedtea6-188-198-and-110 2-released/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55062
    published2011-06-12
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55062
    titleFedora 14 : java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14 (2011-8003)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-8003.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55062);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:35");
    
      script_cve_id("CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0871");
      script_bugtraq_id(48137, 48139, 48140, 48141, 48142, 48143, 48144, 48146, 48147);
      script_xref(name:"FEDORA", value:"2011-8003");
    
      script_name(english:"Fedora 14 : java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14 (2011-8003)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "http://blog.fuseyism.com/index.php/2011/06/08/icedtea6-188-198-and-110
    2-released/
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://blog.fuseyism.com/index.php/2011/06/08/icedtea6-188-198-and-1102-released/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5081718d"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=706106"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=706139"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=706153"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=706234"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=706241"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=706245"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=706248"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-June/061352.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b54d2093"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1.6.0-openjdk package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/06/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC14", reference:"java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_JAVA-1_6_0-SUN-110608.NASL
    descriptionOracle Java 6 Update 26 fixes several security vulnerabilities. Please refer to Oracle
    last seen2020-06-01
    modified2020-06-02
    plugin id75873
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75873
    titleopenSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0633-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update java-1_6_0-sun-4694.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75873);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:42");
    
      script_cve_id("CVE-2011-0786", "CVE-2011-0788", "CVE-2011-0802", "CVE-2011-0814", "CVE-2011-0815", "CVE-2011-0817", "CVE-2011-0862", "CVE-2011-0863", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0866", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0871", "CVE-2011-0872", "CVE-2011-0873");
    
      script_name(english:"openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0633-1)");
      script_summary(english:"Check for the java-1_6_0-sun-4694 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Oracle Java 6 Update 26 fixes several security vulnerabilities.
    
    Please refer to Oracle's site for further information:
    http://www.oracle.com/technetwork/topics/security/javacpujun
    e2011-313339.html
    
    (CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0817,
    CVE-2011-0863, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814,
    CVE-2011-0871, CVE-2011-0786, CVE-2011-0788, CVE-2011-0866,
    CVE-2011-0868, CVE-2011-0872, CVE-2011-0867, CVE-2011-0869,
    CVE-2011-0865)"
      );
      # http://www.oracle.com/technetwork/topics/security/javacpujun
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.oracle.com/technetwork/topics/security/javacpujun"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=698754"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-06/msg00025.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1_6_0-sun packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/06/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.4", reference:"java-1_6_0-sun-1.6.0.u26-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"java-1_6_0-sun-alsa-1.6.0.u26-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"java-1_6_0-sun-demo-1.6.0.u26-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"java-1_6_0-sun-devel-1.6.0.u26-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"java-1_6_0-sun-jdbc-1.6.0.u26-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"java-1_6_0-sun-plugin-1.6.0.u26-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"java-1_6_0-sun-src-1.6.0.u26-0.2.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_6_0-sun / java-1_6_0-sun-alsa / java-1_6_0-sun-demo / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2358.NASL
    descriptionSeveral vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform. This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1. - CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges. - CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine. - CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. - CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.) - CVE-2011-0868 A float-to-long conversion could overflow, allowing untrusted code (including applets) to crash the virtual machine. - CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. - CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code. - CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. - CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code. - CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. - CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. - CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files. - CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code. - CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. - CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions.
    last seen2020-03-17
    modified2012-01-12
    plugin id57499
    published2012-01-12
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57499
    titleDebian DSA-2358-1 : openjdk-6 - several vulnerabilities (BEAST)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2358. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57499);
      script_version("1.17");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0871", "CVE-2011-3389", "CVE-2011-3521", "CVE-2011-3544", "CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3551", "CVE-2011-3552", "CVE-2011-3553", "CVE-2011-3554", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3560");
      script_bugtraq_id(48137, 48139, 48140, 48142, 48144, 48146, 48147, 49778, 50211, 50215, 50216, 50218, 50224, 50231, 50234, 50236, 50243, 50246, 50248);
      script_xref(name:"DSA", value:"2358");
    
      script_name(english:"Debian DSA-2358-1 : openjdk-6 - several vulnerabilities (BEAST)");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in OpenJDK, an
    implementation of the Java platform. This combines the two previous
    openjdk-6 advisories, DSA-2311-1 and DSA-2356-1.
    
      - CVE-2011-0862
        Integer overflow errors in the JPEG and font parser
        allow untrusted code (including applets) to elevate its
        privileges.
    
      - CVE-2011-0864
        Hotspot, the just-in-time compiler in OpenJDK,
        mishandled certain byte code instructions, allowing
        untrusted code (including applets) to crash the virtual
        machine.
    
      - CVE-2011-0865
        A race condition in signed object deserialization could
        allow untrusted code to modify signed content,
        apparently leaving its signature intact.
    
      - CVE-2011-0867
        Untrusted code (including applets) could access
        information about network interfaces which was not
        intended to be public. (Note that the interface MAC
        address is still available to untrusted code.)
    
      - CVE-2011-0868
        A float-to-long conversion could overflow, allowing
        untrusted code (including applets) to crash the virtual
        machine.
    
      - CVE-2011-0869
        Untrusted code (including applets) could intercept HTTP
        requests by reconfiguring proxy settings through a SOAP
        connection.
    
      - CVE-2011-0871
        Untrusted code (including applets) could elevate its
        privileges through the Swing MediaTracker code.
    
      - CVE-2011-3389
        The TLS implementation does not guard properly against
        certain chosen-plaintext attacks when block ciphers are
        used in CBC mode.
    
      - CVE-2011-3521
        The CORBA implementation contains a deserialization
        vulnerability in the IIOP implementation, allowing
        untrusted Java code (such as applets) to elevate its
        privileges.
    
      - CVE-2011-3544
        The Java scripting engine lacks necessary security
        manager checks, allowing untrusted Java code (such as
        applets) to elevate its privileges.
    
      - CVE-2011-3547
        The skip() method in java.io.InputStream uses a shared
        buffer, allowing untrusted Java code (such as applets)
        to access data that is skipped by other code.
    
      - CVE-2011-3548
        The java.awt.AWTKeyStroke class contains a flaw which
        allows untrusted Java code (such as applets) to elevate
        its privileges.
    
      - CVE-2011-3551
        The Java2D C code contains an integer overflow which
        results in a heap-based buffer overflow, potentially
        allowing untrusted Java code (such as applets) to
        elevate its privileges.
    
      - CVE-2011-3552
        Malicous Java code can use up an excessive amount of UDP
        ports, leading to a denial of service.
    
      - CVE-2011-3553
        JAX-WS enables stack traces for certain server responses
        by default, potentially leaking sensitive information.
    
      - CVE-2011-3554
        JAR files in pack200 format are not properly checked for
        errors, potentially leading to arbitrary code execution
        when unpacking crafted pack200 files.
    
      - CVE-2011-3556
        The RMI Registry server lacks access restrictions on
        certain methods, allowing a remote client to execute
        arbitary code.
    
      - CVE-2011-3557
        The RMI Registry server fails to properly restrict
        privileges of untrusted Java code, allowing RMI clients
        to elevate their privileges on the RMI Registry server.
    
      - CVE-2011-3560
        The com.sun.net.ssl.HttpsURLConnection class does not
        perform proper security manager checks in the
        setSSLSocketFactory() method, allowing untrusted Java
        code to bypass security policy restrictions."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-0862"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-0864"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-0865"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-0867"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-0868"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-0869"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-0871"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-3389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-3521"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-3544"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-3547"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-3548"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-3551"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-3552"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-3553"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-3554"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-3556"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-3557"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-3560"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2011/dsa-2358"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the openjdk-6 packages.
    
    For the oldstable distribution (lenny), these problems have been fixed
    in version 6b18-1.8.10-0~lenny2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java RMI Server Insecure Default Configuration Java Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/12");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"5.0", prefix:"openjdk-6", reference:"6b18-1.8.10-0~lenny2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2011-0013.NASL
    descriptiona. ESX third-party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. b. ESX third-party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. c. ESX third-party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3170 and CVE-2010-3173 to these issues. d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475 and CVE-2010-4476. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574. e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30 Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476. f. Integer overflow in VMware third-party component sfcb This release resolves an integer overflow issue present in the third-party library SFCB when the httpMaxContentLength has been changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2054 to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id56665
    published2011-10-28
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56665
    titleVMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-8028.NASL
    descriptionhttp://blog.fuseyism.com/index.php/2011/06/08/icedtea6-188-198-and-110 2-released/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55156
    published2011-06-16
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55156
    titleFedora 15 : java-1.6.0-openjdk-1.6.0.0-58.1.10.2.fc15 (2011-8028)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110608_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL
    descriptionThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862) It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871) A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing. (CVE-2011-0864) An information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867) An incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868) It was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869) A flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865) Note: All of the above flaws can only be remotely triggered in OpenJDK by calling the
    last seen2020-06-01
    modified2020-06-02
    plugin id61064
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61064
    titleScientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-126.NASL
    descriptionMultiple vulnerabilities were discovered and corrected in java-1.6.0-openjdk : Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization (CVE-2011-0865). Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2011-0862). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking (CVE-2011-0867). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ (CVE-2011-0869). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2011-0868). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot (CVE-2011-0864). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing (CVE-2011-0871). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been upgraded to versions which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55853
    published2011-08-16
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55853
    titleMandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:126)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1159.NASL
    descriptionUpdated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.4.2 SR13-FP10 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id55854
    published2011-08-16
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55854
    titleRHEL 4 / 5 : java-1.4.2-ibm (RHSA-2011:1159)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1154-1.NASL
    descriptionIt was discovered that a heap overflow in the AWT FileDialog.show() method could allow an attacker to cause a denial of service through an application crash or possibly execute arbitrary code. (CVE-2011-0815) It was dicovered that integer overflows in the JPEGImageReader readImage() function and the SunLayoutEngine nativeLayout() function could allow an attacker to cause a denial of service through an application crash or possibly execute arbitrary code. (CVE-2011-0822, CVE-2011-0862) It was discovered that memory corruption could occur when interpreting bytecode in the HotSpot VM. This could allow an attacker to cause a denial of service through an application crash or possibly execute arbitrary code. (CVE-2011-0864) It was discovered that the deserialization code allowed the creation of mutable SignedObjects. This could allow an attacker to possibly execute code with elevated privileges. (CVE-2011-0865) It was discovered that the toString method in the NetworkInterface class would reveal multiple addresses if they were bound to the interface. This could give an attacker more information about the networking environment. (CVE-2011-0867) It was discovered that the Java 2D code to transform an image with a scale close to 0 could trigger an integer overflow. This could allow an attacker to cause a denial of service through an application crash or possibly execute arbitrary code. (CVE-2011-0868) It was discovered that the SOAP with Attachments API for Java (SAAJ) implementation allowed the modification of proxy settings via unprivileged SOAP messages. (CVE-2011-0869, CVE-2011-0870) It was the discovered that the Swing ImageIcon class created MediaTracker objects that potentially leaked privileged ApplicationContexts. This could possibly allow an attacker access to restricted resources or services. (CVE-2011-0871) It was discovered that non-blocking sockets marked as not urgent could still get selected for read operations. This could allow an attacker to cause a denial of service. (CVE-2011-0872). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55172
    published2011-06-20
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55172
    titleUbuntu 10.04 LTS / 10.10 / 11.04 : openjdk-6, openjdk-6b18 vulnerabilities (USN-1154-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_4_2-IBM-7698.NASL
    descriptionIBM Java 1.4.2 SR 13 Fixpack 10 has been released and fixes various bugs and security issues. The following security issues have been fixed : - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. (CVE-2011-0865) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. (CVE-2011-0866) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. (CVE-2011-0802) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. (CVE-2011-0814) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. (CVE-2011-0815) - Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0862) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. (CVE-2011-0867) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. (CVE-2011-0871) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO. (CVE-2011-0872)
    last seen2020-06-01
    modified2020-06-02
    plugin id57205
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57205
    titleSuSE 10 Security Update : IBM Java (ZYPP Patch Number 7698)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0938.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id55598
    published2011-07-15
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55598
    titleRHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2011:0938)
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_JUN_2011_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 26 / 5.0 Update 30 / 1.4.2_32. Such versions are potentially affected by security issues in the following components : - AWT - Deployment - Deserialization - Hotspot - Java Runtime Environment - Networking - NIO - SAAJ - Sound - Swing
    last seen2020-06-01
    modified2020-06-02
    plugin id64845
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64845
    titleOracle Java SE Multiple Vulnerabilities (June 2011 CPU) (Unix)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_JAVA-1_6_0-SUN-110608.NASL
    descriptionOracle Java 6 Update 26 fixes several security vulnerabilities. Please refer to Oracle
    last seen2020-06-01
    modified2020-06-02
    plugin id75542
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75542
    titleopenSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0633-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201111-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201111-02 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56724
    published2011-11-07
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56724
    titleGLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2011-0013_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Java Runtime Environment (JRE) - libuser - Netscape Portable Runtime (NSPR) - Network Security Services (NSS) - OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id89681
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89681
    titleVMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0860.NASL
    descriptionUpdated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the
    last seen2020-06-01
    modified2020-06-02
    plugin id55014
    published2011-06-09
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55014
    titleRHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:0860)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_ICEDTEA-WEB-110627.NASL
    descriptionIcedtea as included in java-1_6_0-openjdk was updated to fix several security issues : - S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) - S6618658, CVE-2011-0865: Vulnerability in deserialization - S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() - S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code - S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings - S7013971, CVE-2011-0869: Vulnerability in SAAJ - S7016340, CVE-2011-0870: Vulnerability in SAAJ - S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero - S7020198, CVE-2011-0871: ImageIcon creates Component with null acc - S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size
    last seen2020-06-01
    modified2020-06-02
    plugin id75527
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75527
    titleopenSUSE Security Update : icedtea-web (openSUSE-SU-2011:0706-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_10_6_UPDATE5.NASL
    descriptionThe remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 5, which updates the Java version to 1.6.0_26. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen2019-10-28
    modified2011-06-29
    plugin id55459
    published2011-06-29
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55459
    titleMac OS X : Java for Mac OS X 10.6 Update 5
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-IBM-110713.NASL
    descriptionIBM Java 1.6.0 SR9-FP2 fixes several of bugs and thew following security issues : - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. (CVE-2011-0865) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. (CVE-2011-0866) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788. (CVE-2011-0786) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. (CVE-2011-0788) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. (CVE-2011-0802) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. (CVE-2011-0814) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. (CVE-2011-0815) - Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0862) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. (CVE-2011-0867) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ. (CVE-2011-0869) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2011-0817) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2011-0863) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. (CVE-2011-0868) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. (CVE-2011-0871) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO. (CVE-2011-0872) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0873)
    last seen2020-06-01
    modified2020-06-02
    plugin id55619
    published2011-07-19
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55619
    titleSuSE 11.1 Security Update : IBM Java (SAT Patch Number 4875)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2311.NASL
    descriptionSeveral vulnerabilities have been discovered in OpenJDK, an implementation of the Java SE platform. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges. - CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine. - CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. - CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.) - CVE-2011-0868 A float-to-long conversion could overflow, allowing untrusted code (including applets) to crash the virtual machine. - CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. - CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code. In addition, this update removes support for the Zero/Shark and Cacao Hotspot variants from the i386 and amd64 due to stability issues. These Hotspot variants are included in the openjdk-6-jre-zero and icedtea-6-jre-cacao packages, and these packages must be removed during this update.
    last seen2020-03-17
    modified2011-09-28
    plugin id56307
    published2011-09-28
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56307
    titleDebian DSA-2311-1 : openjdk-6 - several vulnerabilities
  • NASL familyMisc.
    NASL idJUNIPER_NSM_PSN_2012_08_689.NASL
    descriptionAccording to the version of one or more Juniper NSM servers running on the remote host, it is potentially affected by multiple vulnerabilities affecting the Java software running on the host.
    last seen2020-06-01
    modified2020-06-02
    plugin id69874
    published2013-09-13
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69874
    titleJuniper NSM Servers Multiple Java JDK/JRE Vulnerabilities (PSN-2012-08-689)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1087.NASL
    descriptionUpdated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id55667
    published2011-07-25
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55667
    titleRHEL 4 / 5 / 6 : java-1.5.0-ibm (RHSA-2011:1087)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_4_2-IBM-110818.NASL
    descriptionIBM Java 1.4.2 SR 13 Fixpack 10 has been released and fixes various bugs and security issues. The following security issues have been fixed : - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. (CVE-2011-0865) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. (CVE-2011-0866) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. (CVE-2011-0802) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. (CVE-2011-0814) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. (CVE-2011-0815) - Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0862) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. (CVE-2011-0867) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. (CVE-2011-0871) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO. (CVE-2011-0872)
    last seen2020-06-01
    modified2020-06-02
    plugin id56004
    published2011-08-30
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56004
    titleSuSE 11.1 Security Update : IBM Java (SAT Patch Number 5014)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0856.NASL
    descriptionFrom Red Hat Security Advisory 2011:0856 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862) It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871) A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing. (CVE-2011-0864) An information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867) An incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868) It was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869) A flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68286
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68286
    titleOracle Linux 6 : java-1.6.0-openjdk (ELSA-2011-0856)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_10_5_UPDATE10.NASL
    descriptionThe remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 10, which updates the Java version to 1.6.0_26 / 1.5.0_30. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen2019-10-28
    modified2011-06-29
    plugin id55458
    published2011-06-29
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55458
    titleMac OS X : Java for Mac OS X 10.5 Update 10
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0857.NASL
    descriptionFrom Red Hat Security Advisory 2011:0857 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862) It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871) A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing. (CVE-2011-0864) An information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867) An incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868) It was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869) A flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865) Note: All of the above flaws can only be remotely triggered in OpenJDK by calling the
    last seen2020-06-01
    modified2020-06-02
    plugin id68287
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68287
    titleOracle Linux 5 : java-1.6.0-openjdk (ELSA-2011-0857)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12819.NASL
    descriptionIBM Java 1.4.2 SR 13 Fixpack 10 has been released and fixes various bugs and security issues. The following security issues were fixed : - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. (CVE-2011-0865) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. (CVE-2011-0866) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. (CVE-2011-0802) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. (CVE-2011-0814) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. (CVE-2011-0815) - Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0862) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. (CVE-2011-0867) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. (CVE-2011-0871) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO. (CVE-2011-0872)
    last seen2020-06-01
    modified2020-06-02
    plugin id56002
    published2011-08-30
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56002
    titleSuSE9 Security Update : IBM Java JRE and SDK (YOU Patch Number 12819)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0857.NASL
    descriptionUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862) It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871) A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing. (CVE-2011-0864) An information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867) An incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868) It was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869) A flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865) Note: All of the above flaws can only be remotely triggered in OpenJDK by calling the
    last seen2020-06-01
    modified2020-06-02
    plugin id55011
    published2011-06-09
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55011
    titleRHEL 5 : java-1.6.0-openjdk (RHSA-2011:0857)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-SUN-110609.NASL
    descriptionOracle Java 6 Update 26 fixes several security vulnerabilities. Please refer to Oracle
    last seen2020-06-01
    modified2020-06-02
    plugin id55137
    published2011-06-15
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55137
    titleSuSE 11.1 Security Update : Sun/Oracle Java (SAT Patch Number 4698)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_5_0-IBM-7649.NASL
    descriptionIBM Java 1.5.0 SR12 FP5 has been released fixing bugs and security issues. The following security issues were fixed : - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. (CVE-2011-0865) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. (CVE-2011-0866) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. (CVE-2011-0802) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. (CVE-2011-0814) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. (CVE-2011-0815) - Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0862) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. (CVE-2011-0867) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. (CVE-2011-0871) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO. (CVE-2011-0872) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0873)
    last seen2020-06-01
    modified2020-06-02
    plugin id55757
    published2011-08-03
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55757
    titleSuSE 10 Security Update : IBM Java (ZYPP Patch Number 7649)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_4_2-IBM-7697.NASL
    descriptionIBM Java 1.4.2 SR 13 Fixpack 10 has been released and fixes various bugs and security issues. The following security issues have been fixed : - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. (CVE-2011-0865) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. (CVE-2011-0866) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. (CVE-2011-0802) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. (CVE-2011-0814) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. (CVE-2011-0815) - Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0862) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. (CVE-2011-0867) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. (CVE-2011-0871) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO. (CVE-2011-0872)
    last seen2020-06-01
    modified2020-06-02
    plugin id56006
    published2011-08-30
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56006
    titleSuSE 10 Security Update : IBM Java (ZYPP Patch Number 7697)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110621_JAVA__JDK_1_6_0__ON_SL4_X.NASL
    descriptionThis update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the
    last seen2020-06-01
    modified2020-06-02
    plugin id61071
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61071
    titleScientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201406-32.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id76303
    published2014-06-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76303
    titleGLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_JUN_2011.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 26 / 5.0 Update 30 / 1.4.2_32. Such versions are potentially affected by security issues in the following components : - AWT - Deployment - Deserialization - Hotspot - Java Runtime Environment - Networking - NIO - SAAJ - Sound - Swing
    last seen2020-06-01
    modified2020-06-02
    plugin id54997
    published2011-06-08
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/54997
    titleOracle Java SE Multiple Vulnerabilities (June 2011 CPU)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-0857.NASL
    descriptionUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862) It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871) A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing. (CVE-2011-0864) An information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867) An incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868) It was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869) A flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865) Note: All of the above flaws can only be remotely triggered in OpenJDK by calling the
    last seen2020-06-01
    modified2020-06-02
    plugin id55110
    published2011-06-14
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55110
    titleCentOS 5 : java-1.6.0-openjdk (CESA-2011:0857)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110608_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL
    descriptionThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862) It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871) A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing. (CVE-2011-0864) An information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867) An incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868) It was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869) A flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61065
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61065
    titleScientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_ICEDTEA-WEB-110627.NASL
    descriptionIcedtea as included in java-1_6_0-openjdk was updated to fix several security issues : dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S6618658, CVE-2011-0865: Vulnerability in deserialization dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7013971, CVE-2011-0869: Vulnerability in SAAJ dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7016340, CVE-2011-0870: Vulnerability in SAAJ dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7020198, CVE-2011-0871: ImageIcon creates Component with null acc dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size
    last seen2020-06-01
    modified2020-06-02
    plugin id75863
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75863
    titleopenSUSE Security Update : icedtea-web (openSUSE-SU-2011:0706-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_5_0-IBM-7650.NASL
    descriptionIBM Java 1.5.0 SR12 FP5 has been released fixing bugs and security issues. The following security issues were fixed : - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. (CVE-2011-0865) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. (CVE-2011-0866) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. (CVE-2011-0802) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. (CVE-2011-0814) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. (CVE-2011-0815) - Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0862) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. (CVE-2011-0867) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. (CVE-2011-0871) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO. (CVE-2011-0872) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0873)
    last seen2020-06-01
    modified2020-06-02
    plugin id57207
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57207
    titleSuSE 10 Security Update : IBM Java (ZYPP Patch Number 7650)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0856.NASL
    descriptionUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862) It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871) A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing. (CVE-2011-0864) An information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867) An incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868) It was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869) A flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id55010
    published2011-06-09
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55010
    titleRHEL 6 : java-1.6.0-openjdk (RHSA-2011:0856)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-8020.NASL
    descriptionhttp://blog.fuseyism.com/index.php/2011/06/08/icedtea6-188-198-and-110 2-released/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55155
    published2011-06-16
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55155
    titleFedora 13 : java-1.6.0-openjdk-1.6.0.0-51.1.8.8.fc13 (2011-8020)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_6_0-SUN-7569.NASL
    descriptionOracle Java 6 Update 26 fixes several security vulnerabilities. Please refer to Oracle
    last seen2020-06-01
    modified2020-06-02
    plugin id57211
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57211
    titleSuSE 10 Security Update : Sun/Oracle Java (ZYPP Patch Number 7569)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1455.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Users of Red Hat Network Satellite Server 5.4 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted (
    last seen2020-06-01
    modified2020-06-02
    plugin id78975
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78975
    titleRHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_6_0-IBM-7627.NASL
    descriptionIBM Java 1.6.0 SR9-FP2 fixes several of bugs and thew following security issues : - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. (CVE-2011-0865) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. (CVE-2011-0866) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788. (CVE-2011-0786) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. (CVE-2011-0788) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. (CVE-2011-0802) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. (CVE-2011-0814) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. (CVE-2011-0815) - Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0862) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. (CVE-2011-0867) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ. (CVE-2011-0869) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2011-0817) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2011-0863) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. (CVE-2011-0868) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. (CVE-2011-0871) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO. (CVE-2011-0872) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0873)
    last seen2020-06-01
    modified2020-06-02
    plugin id57210
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57210
    titleSuSE 10 Security Update : IBM Java (ZYPP Patch Number 7627)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12810.NASL
    descriptionIBM Java 1.5.0 SR12 FP5 has been released fixing bugs and security issues. The following security issues were fixed : - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. (CVE-2011-0865) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. (CVE-2011-0866) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. (CVE-2011-0802) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. (CVE-2011-0814) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. (CVE-2011-0815) - Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0862) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. (CVE-2011-0867) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. (CVE-2011-0871) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO. (CVE-2011-0872) - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0873)
    last seen2020-06-01
    modified2020-06-02
    plugin id55768
    published2011-08-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55768
    titleSuSE9 Security Update : IBM Java5 JRE and SDK (YOU Patch Number 12810)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_6_0-IBM-7626.NASL
    descriptionIBM Java 1.6.0 SR9-FP2 fixes several of bugs and thew following security issues : - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. (CVE-2011-0865) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. (CVE-2011-0866) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788. (CVE-2011-0786) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. (CVE-2011-0788) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. (CVE-2011-0802) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. (CVE-2011-0814) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. (CVE-2011-0815) - Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0862) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. (CVE-2011-0867) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ. (CVE-2011-0869) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2011-0817) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2011-0863) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. (CVE-2011-0868) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. (CVE-2011-0871) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO. (CVE-2011-0872) - An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0873)
    last seen2020-06-01
    modified2020-06-02
    plugin id55622
    published2011-07-19
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55622
    titleSuSE 10 Security Update : IBM Java (ZYPP Patch Number 7626)

Oval

accepted2015-03-23T04:00:35.721-04:00
classvulnerability
contributors
  • nameScott Quint
    organizationDTCC
  • nameDragos Prisaca
    organizationG2, Inc.
  • nameMaria Mikhno
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentJava SE Development Kit 5 is installed
    ovaloval:org.mitre.oval:def:16292
  • commentJava SE Runtime Environment 6 is installed
    ovaloval:org.mitre.oval:def:16362
  • commentJava SE Runtime Environment 5 is installed
    ovaloval:org.mitre.oval:def:15748
  • commentJava SE Development Kit 6 is installed
    ovaloval:org.mitre.oval:def:15831
descriptionUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
familywindows
idoval:org.mitre.oval:def:14112
statusaccepted
submitted2011-11-25T18:04:45.000-05:00
titleUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
version11

Redhat

advisories
  • bugzilla
    id706248
    titleCVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentjava-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.39.1.9.8.el6_1
            ovaloval:com.redhat.rhsa:tst:20110856001
          • commentjava-1.6.0-openjdk-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100865004
        • AND
          • commentjava-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.39.1.9.8.el6_1
            ovaloval:com.redhat.rhsa:tst:20110856003
          • commentjava-1.6.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100865002
        • AND
          • commentjava-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.39.1.9.8.el6_1
            ovaloval:com.redhat.rhsa:tst:20110856005
          • commentjava-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100865006
        • AND
          • commentjava-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.39.1.9.8.el6_1
            ovaloval:com.redhat.rhsa:tst:20110856007
          • commentjava-1.6.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100865008
        • AND
          • commentjava-1.6.0-openjdk is earlier than 1:1.6.0.0-1.39.1.9.8.el6_1
            ovaloval:com.redhat.rhsa:tst:20110856009
          • commentjava-1.6.0-openjdk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100865010
    rhsa
    idRHSA-2011:0856
    released2011-06-08
    severityCritical
    titleRHSA-2011:0856: java-1.6.0-openjdk security update (Critical)
  • bugzilla
    id706248
    titleCVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentjava-1.6.0-openjdk is earlier than 1:1.6.0.0-1.22.1.9.8.el5_6
            ovaloval:com.redhat.rhsa:tst:20110857001
          • commentjava-1.6.0-openjdk is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20090377008
        • AND
          • commentjava-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.22.1.9.8.el5_6
            ovaloval:com.redhat.rhsa:tst:20110857003
          • commentjava-1.6.0-openjdk-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20090377002
        • AND
          • commentjava-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.22.1.9.8.el5_6
            ovaloval:com.redhat.rhsa:tst:20110857005
          • commentjava-1.6.0-openjdk-src is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20090377010
        • AND
          • commentjava-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.22.1.9.8.el5_6
            ovaloval:com.redhat.rhsa:tst:20110857007
          • commentjava-1.6.0-openjdk-demo is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20090377006
        • AND
          • commentjava-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.22.1.9.8.el5_6
            ovaloval:com.redhat.rhsa:tst:20110857009
          • commentjava-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20090377004
    rhsa
    idRHSA-2011:0857
    released2011-06-08
    severityImportant
    titleRHSA-2011:0857: java-1.6.0-openjdk security update (Important)
  • rhsa
    idRHSA-2011:0860
  • rhsa
    idRHSA-2011:0938
  • rhsa
    idRHSA-2011:1087
  • rhsa
    idRHSA-2011:1159
  • rhsa
    idRHSA-2011:1265
  • rhsa
    idRHSA-2013:1455
rpms
  • java-1.6.0-openjdk-1:1.6.0.0-1.39.1.9.8.el6_1
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.39.1.9.8.el6_1
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.39.1.9.8.el6_1
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.39.1.9.8.el6_1
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.39.1.9.8.el6_1
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.39.1.9.8.el6_1
  • java-1.6.0-openjdk-1:1.6.0.0-1.22.1.9.8.el5_6
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.22.1.9.8.el5_6
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.22.1.9.8.el5_6
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.22.1.9.8.el5_6
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.22.1.9.8.el5_6
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.22.1.9.8.el5_6
  • java-1.6.0-sun-1:1.6.0.26-1jpp.1.el4
  • java-1.6.0-sun-1:1.6.0.26-1jpp.1.el5
  • java-1.6.0-sun-1:1.6.0.26-1jpp.1.el6
  • java-1.6.0-sun-demo-1:1.6.0.26-1jpp.1.el4
  • java-1.6.0-sun-demo-1:1.6.0.26-1jpp.1.el5
  • java-1.6.0-sun-demo-1:1.6.0.26-1jpp.1.el6
  • java-1.6.0-sun-devel-1:1.6.0.26-1jpp.1.el4
  • java-1.6.0-sun-devel-1:1.6.0.26-1jpp.1.el5
  • java-1.6.0-sun-devel-1:1.6.0.26-1jpp.1.el6
  • java-1.6.0-sun-jdbc-1:1.6.0.26-1jpp.1.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.26-1jpp.1.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.26-1jpp.1.el6
  • java-1.6.0-sun-plugin-1:1.6.0.26-1jpp.1.el4
  • java-1.6.0-sun-plugin-1:1.6.0.26-1jpp.1.el5
  • java-1.6.0-sun-plugin-1:1.6.0.26-1jpp.1.el6
  • java-1.6.0-sun-src-1:1.6.0.26-1jpp.1.el4
  • java-1.6.0-sun-src-1:1.6.0.26-1jpp.1.el5
  • java-1.6.0-sun-src-1:1.6.0.26-1jpp.1.el6
  • java-1.6.0-ibm-1:1.6.0.9.2-1jpp.2.el4
  • java-1.6.0-ibm-1:1.6.0.9.2-1jpp.2.el5
  • java-1.6.0-ibm-1:1.6.0.9.2-1jpp.2.el6
  • java-1.6.0-ibm-accessibility-1:1.6.0.9.2-1jpp.2.el5
  • java-1.6.0-ibm-demo-1:1.6.0.9.2-1jpp.2.el4
  • java-1.6.0-ibm-demo-1:1.6.0.9.2-1jpp.2.el5
  • java-1.6.0-ibm-demo-1:1.6.0.9.2-1jpp.2.el6
  • java-1.6.0-ibm-devel-1:1.6.0.9.2-1jpp.2.el4
  • java-1.6.0-ibm-devel-1:1.6.0.9.2-1jpp.2.el5
  • java-1.6.0-ibm-devel-1:1.6.0.9.2-1jpp.2.el6
  • java-1.6.0-ibm-javacomm-1:1.6.0.9.2-1jpp.2.el4
  • java-1.6.0-ibm-javacomm-1:1.6.0.9.2-1jpp.2.el5
  • java-1.6.0-ibm-javacomm-1:1.6.0.9.2-1jpp.2.el6
  • java-1.6.0-ibm-jdbc-1:1.6.0.9.2-1jpp.2.el4
  • java-1.6.0-ibm-jdbc-1:1.6.0.9.2-1jpp.2.el5
  • java-1.6.0-ibm-jdbc-1:1.6.0.9.2-1jpp.2.el6
  • java-1.6.0-ibm-plugin-1:1.6.0.9.2-1jpp.2.el4
  • java-1.6.0-ibm-plugin-1:1.6.0.9.2-1jpp.2.el5
  • java-1.6.0-ibm-plugin-1:1.6.0.9.2-1jpp.2.el6
  • java-1.6.0-ibm-src-1:1.6.0.9.2-1jpp.2.el4
  • java-1.6.0-ibm-src-1:1.6.0.9.2-1jpp.2.el5
  • java-1.6.0-ibm-src-1:1.6.0.9.2-1jpp.2.el6
  • java-1.5.0-ibm-1:1.5.0.12.5-1jpp.1.el4
  • java-1.5.0-ibm-1:1.5.0.12.5-1jpp.1.el5
  • java-1.5.0-ibm-1:1.5.0.12.5-1jpp.1.el6
  • java-1.5.0-ibm-accessibility-1:1.5.0.12.5-1jpp.1.el5
  • java-1.5.0-ibm-demo-1:1.5.0.12.5-1jpp.1.el4
  • java-1.5.0-ibm-demo-1:1.5.0.12.5-1jpp.1.el5
  • java-1.5.0-ibm-demo-1:1.5.0.12.5-1jpp.1.el6
  • java-1.5.0-ibm-devel-1:1.5.0.12.5-1jpp.1.el4
  • java-1.5.0-ibm-devel-1:1.5.0.12.5-1jpp.1.el5
  • java-1.5.0-ibm-devel-1:1.5.0.12.5-1jpp.1.el6
  • java-1.5.0-ibm-javacomm-1:1.5.0.12.5-1jpp.1.el4
  • java-1.5.0-ibm-javacomm-1:1.5.0.12.5-1jpp.1.el5
  • java-1.5.0-ibm-javacomm-1:1.5.0.12.5-1jpp.1.el6
  • java-1.5.0-ibm-jdbc-1:1.5.0.12.5-1jpp.1.el4
  • java-1.5.0-ibm-jdbc-1:1.5.0.12.5-1jpp.1.el5
  • java-1.5.0-ibm-jdbc-1:1.5.0.12.5-1jpp.1.el6
  • java-1.5.0-ibm-plugin-1:1.5.0.12.5-1jpp.1.el4
  • java-1.5.0-ibm-plugin-1:1.5.0.12.5-1jpp.1.el5
  • java-1.5.0-ibm-plugin-1:1.5.0.12.5-1jpp.1.el6
  • java-1.5.0-ibm-src-1:1.5.0.12.5-1jpp.1.el4
  • java-1.5.0-ibm-src-1:1.5.0.12.5-1jpp.1.el5
  • java-1.5.0-ibm-src-1:1.5.0.12.5-1jpp.1.el6
  • java-1.4.2-ibm-0:1.4.2.13.10-1jpp.1.el4
  • java-1.4.2-ibm-0:1.4.2.13.10-1jpp.1.el5
  • java-1.4.2-ibm-demo-0:1.4.2.13.10-1jpp.1.el4
  • java-1.4.2-ibm-demo-0:1.4.2.13.10-1jpp.1.el5
  • java-1.4.2-ibm-devel-0:1.4.2.13.10-1jpp.1.el4
  • java-1.4.2-ibm-devel-0:1.4.2.13.10-1jpp.1.el5
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.10-1jpp.1.el4
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.10-1jpp.1.el5
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.10-1jpp.1.el4
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.10-1jpp.1.el5
  • java-1.4.2-ibm-plugin-0:1.4.2.13.10-1jpp.1.el4
  • java-1.4.2-ibm-plugin-0:1.4.2.13.10-1jpp.1.el5
  • java-1.4.2-ibm-src-0:1.4.2.13.10-1jpp.1.el4
  • java-1.4.2-ibm-src-0:1.4.2.13.10-1jpp.1.el5
  • java-1.4.2-ibm-sap-0:1.4.2.13.10.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-sap-0:1.4.2.13.10.sap-1jpp.1.el5
  • java-1.4.2-ibm-sap-demo-0:1.4.2.13.10.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-sap-demo-0:1.4.2.13.10.sap-1jpp.1.el5
  • java-1.4.2-ibm-sap-devel-0:1.4.2.13.10.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-sap-devel-0:1.4.2.13.10.sap-1jpp.1.el5
  • java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.10.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.10.sap-1jpp.1.el5
  • java-1.4.2-ibm-sap-src-0:1.4.2.13.10.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-sap-src-0:1.4.2.13.10.sap-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9
  • java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4
  • java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9
  • java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4

References