Vulnerabilities > CVE-2011-5035 - Improper Input Validation vulnerability in Oracle Glassfish Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 13 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Exploit-Db
| description | MyBulletinBoard (MyBB). CVE-2006-3775,CVE-2011-4084,CVE-2011-4858,CVE-2011-4885,CVE-2011-5034,CVE-2011-5035. Webapps exploit for php platform |
| id | EDB-ID:2012 |
| last seen | 2016-01-31 |
| modified | 2006-07-15 |
| published | 2006-07-15 |
| reporter | rgod |
| source | https://www.exploit-db.com/download/2012/ |
| title | MyBulletinBoard MyBB <= 1.1.5 - CLIENT-IP SQL Injection Exploit |
Metasploit
| description | This module uses a denial-of-service (DoS) condition appearing in a variety of programming languages. This vulnerability occurs when storing multiple values in a hash table and all values have the same hash value. This can cause a web server parsing the POST parameters issued with a request into a hash table to consume hours of CPU with a single HTTP request. Currently, only the hash functions for PHP and Java are implemented. This module was tested with PHP + httpd, Tomcat, Glassfish and Geronimo. It also generates a random payload to bypass some IDS signatures. |
| id | MSF:AUXILIARY/DOS/HTTP/HASHCOLLISION_DOS |
| last seen | 2020-05-21 |
| modified | 2017-07-24 |
| published | 2012-05-13 |
| references |
|
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/hashcollision_dos.rb |
| title | Hashtable Collisions |
Nessus
NASL family Windows NASL id ORACLE_JROCKIT_CPU_APR_2012.NASL description The remote host has a version of Oracle JRockit that is affected by multiple vulnerabilities that could allow a remote attacker to compromise system confidentiality and integrity via unspecified vectors. last seen 2020-06-01 modified 2020-06-02 plugin id 76683 published 2014-07-22 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76683 title Oracle JRockit R27 < R27.7.2.5 / R28 < R28.2.3.13 Multiple Vulnerabilities (April 2012 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76683); script_version("1.11"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id( "CVE-2012-1695", "CVE-2012-0497", "CVE-2012-0498", "CVE-2012-0499", "CVE-2011-3563", "CVE-2012-0501", "CVE-2011-5035" ); script_bugtraq_id( 57087, 52009, 52019, 52016, 52012, 52013, 51194 ); script_name(english:"Oracle JRockit R27 < R27.7.2.5 / R28 < R28.2.3.13 Multiple Vulnerabilities (April 2012 CPU)"); script_summary(english:"Checks the version of jvm.dll."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a programming platform that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host has a version of Oracle JRockit that is affected by multiple vulnerabilities that could allow a remote attacker to compromise system confidentiality and integrity via unspecified vectors."); script_set_attribute(attribute:"solution", value:"Upgrade to version R27.7.2.5 / R28.2.3.13 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); # https://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83822adc"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jrockit"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("oracle_jrockit_installed.nasl"); script_require_keys("installed_sw/Oracle JRockit"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); app = "Oracle JRockit"; get_install_count(app_name:app, exit_if_zero:TRUE); install = get_single_install(app_name:app); ver = install['version']; type = install['type']; path = install['path']; # 26 and below may not be supported, may not be affected -- # it's not listed as affected so we do not check it. if (ver_compare(ver:ver, fix:"27", strict:FALSE) < 0) audit(AUDIT_INST_VER_NOT_VULN, app); if (ver_compare(ver:ver, fix:"28", strict:FALSE) < 0) { compare = "27.7.2"; fix = "27.7.2.5"; } else { compare = "28.2.3"; fix = "28.2.3.13"; } if (ver_compare(ver:ver, fix:compare, strict:FALSE) >= 0) audit(AUDIT_INST_VER_NOT_VULN, app); # The DLL we're looking at is a level deeper in the JDK, since it # keeps a subset of the JRE in a subdirectory. if (type == "JDK") path += "\jre"; path += "\bin\jrockit\jvm.dll"; report = '\n Type : ' + type + '\n Path : ' + path + '\n Installed version : ' + ver + '\n Fixed version : ' + fix + '\n'; port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) security_hole(port:port, extra:report); else security_hole(port);NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0514.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 58866 published 2012-04-25 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58866 title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:0514) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:0514. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(58866); script_version ("1.31"); script_cvs_date("Date: 2019/10/24 15:35:35"); script_cve_id("CVE-2011-3563", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0498", "CVE-2012-0499", "CVE-2012-0500", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507"); script_bugtraq_id(51194, 52009, 52011, 52012, 52013, 52014, 52015, 52016, 52017, 52018, 52019, 52161); script_xref(name:"RHSA", value:"2012:0514"); script_name(english:"RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:0514)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM 'Security alerts' page, listed in the References section. (CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java 6 SR10-FP1 release. All running instances of IBM Java must be restarted for the update to take effect." ); # http://www.ibm.com/developerworks/java/jdk/alerts/ script_set_attribute( attribute:"see_also", value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:0514" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-5035" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0505" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-3563" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0506" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0497" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0503" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0502" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0501" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0500" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0499" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0498" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0507" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Java AtomicReferenceArray Type Violation Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/29"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:0514"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", reference:"java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc"); } }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1373-2.NASL description USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM (armel). This provides the corresponding OpenJDK 6 update for use with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. (CVE-2011-5035) ATTENTION: this update changes previous Java HttpServer class behavior by limiting the number of request headers to 200. This may be increased by adjusting the sun.net.httpserver.maxReqHeaders property. It was discovered that the Java Sound component did not properly check buffer boundaries. A remote attacker could use this to cause a denial of service or view confidential data. (CVE-2011-3563) It was discovered that the Java2D implementation does not properly check graphics rendering objects before passing them to the native renderer. A remote attacker could use this to cause a denial of service or to bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that an off-by-one error exists in the Java ZIP file processing code. An attacker could us this to cause a denial of service through a maliciously crafted ZIP file. (CVE-2012-0501) It was discovered that the Java AWT KeyboardFocusManager did not properly enforce keyboard focus security policy. A remote attacker could use this with an untrusted application or applet to grab keyboard focus and possibly expose confidential data. (CVE-2012-0502) It was discovered that the Java TimeZone class did not properly enforce security policy around setting the default time zone. A remote attacker could use this with an untrusted application or applet to set a new default time zone and bypass Java sandbox restrictions. (CVE-2012-0503) It was discovered the Java ObjectStreamClass did not throw an accurately identifiable exception when a deserialization failure occurred. A remote attacker could use this with an untrusted application or applet to bypass Java sandbox restrictions. (CVE-2012-0505) It was discovered that the Java CORBA implementation did not properly protect repository identifiers on certain CORBA objects. A remote attacker could use this to corrupt object data. (CVE-2012-0506) It was discovered that the Java AtomicReferenceArray class implementation did not properly check if an array was of the expected Object[] type. A remote attacker could use this with a malicious application or applet to bypass Java sandbox restrictions. (CVE-2012-0507). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 58179 published 2012-03-01 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58179 title Ubuntu 10.04 LTS / 10.10 / 11.04 : openjdk-6b18 vulnerabilities (USN-1373-2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1373-2. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(58179); script_version("1.24"); script_cvs_date("Date: 2019/09/19 12:54:27"); script_cve_id("CVE-2011-3563", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507"); script_bugtraq_id(51194, 52009, 52011, 52012, 52013, 52014, 52017, 52018, 52161); script_xref(name:"USN", value:"1373-2"); script_name(english:"Ubuntu 10.04 LTS / 10.10 / 11.04 : openjdk-6b18 vulnerabilities (USN-1373-2)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM (armel). This provides the corresponding OpenJDK 6 update for use with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. (CVE-2011-5035) ATTENTION: this update changes previous Java HttpServer class behavior by limiting the number of request headers to 200. This may be increased by adjusting the sun.net.httpserver.maxReqHeaders property. It was discovered that the Java Sound component did not properly check buffer boundaries. A remote attacker could use this to cause a denial of service or view confidential data. (CVE-2011-3563) It was discovered that the Java2D implementation does not properly check graphics rendering objects before passing them to the native renderer. A remote attacker could use this to cause a denial of service or to bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that an off-by-one error exists in the Java ZIP file processing code. An attacker could us this to cause a denial of service through a maliciously crafted ZIP file. (CVE-2012-0501) It was discovered that the Java AWT KeyboardFocusManager did not properly enforce keyboard focus security policy. A remote attacker could use this with an untrusted application or applet to grab keyboard focus and possibly expose confidential data. (CVE-2012-0502) It was discovered that the Java TimeZone class did not properly enforce security policy around setting the default time zone. A remote attacker could use this with an untrusted application or applet to set a new default time zone and bypass Java sandbox restrictions. (CVE-2012-0503) It was discovered the Java ObjectStreamClass did not throw an accurately identifiable exception when a deserialization failure occurred. A remote attacker could use this with an untrusted application or applet to bypass Java sandbox restrictions. (CVE-2012-0505) It was discovered that the Java CORBA implementation did not properly protect repository identifiers on certain CORBA objects. A remote attacker could use this to corrupt object data. (CVE-2012-0506) It was discovered that the Java AtomicReferenceArray class implementation did not properly check if an array was of the expected Object[] type. A remote attacker could use this with a malicious application or applet to bypass Java sandbox restrictions. (CVE-2012-0507). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1373-2/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Java AtomicReferenceArray Type Violation Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/29"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04|10\.10|11\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10 / 11.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"icedtea-6-jre-cacao", pkgver:"6b18-1.8.13-0ubuntu1~10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openjdk-6-jre", pkgver:"6b18-1.8.13-0ubuntu1~10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openjdk-6-jre-headless", pkgver:"6b18-1.8.13-0ubuntu1~10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openjdk-6-jre-zero", pkgver:"6b18-1.8.13-0ubuntu1~10.04.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"icedtea-6-jre-cacao", pkgver:"6b18-1.8.13-0ubuntu1~10.10.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"openjdk-6-jre", pkgver:"6b18-1.8.13-0ubuntu1~10.10.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"openjdk-6-jre-headless", pkgver:"6b18-1.8.13-0ubuntu1~10.10.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"openjdk-6-jre-zero", pkgver:"6b18-1.8.13-0ubuntu1~10.10.1")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"icedtea-6-jre-cacao", pkgver:"6b18-1.8.13-0ubuntu1~11.04.1")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"icedtea-6-jre-jamvm", pkgver:"6b18-1.8.13-0ubuntu1~11.04.1")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"openjdk-6-jre", pkgver:"6b18-1.8.13-0ubuntu1~11.04.1")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"openjdk-6-jre-headless", pkgver:"6b18-1.8.13-0ubuntu1~11.04.1")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"openjdk-6-jre-zero", pkgver:"6b18-1.8.13-0ubuntu1~11.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "icedtea-6-jre-cacao / icedtea-6-jre-jamvm / openjdk-6-jre / etc"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_128641-30.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 107968 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107968 title Solaris 10 (x86) : 128641-30 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107968); script_version("1.5"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2009-0217", "CVE-2009-2625", "CVE-2009-3555", "CVE-2011-3564", "CVE-2011-5035"); script_name(english:"Solaris 10 (x86) : 128641-30"); script_summary(english:"Check for patch 128641-30"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 128641-30" ); script_set_attribute( attribute:"description", value: "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/128641-30" ); script_set_attribute(attribute:"solution", value:"Install patch 128641-30 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-3555"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(264, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:128641"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/14"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWasJdbcDrivers", version:"9.1,REV=2007.09.07.14.07") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWasac", version:"9.1,REV=2007.09.07.13.59") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWasacee", version:"9.1,REV=2007.09.07.14.08") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWascml", version:"9.1,REV=2007.09.07.14.08") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWascmn", version:"9.1,REV=2007.09.07.14.02") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWascmnse", version:"9.1,REV=2007.09.07.14.08") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWasdem", version:"9.1,REV=2007.09.07.14.02") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWashdm", version:"9.1,REV=2007.09.07.14.07") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWasjdoc", version:"9.1,REV=2007.09.07.14.03") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWaslb", version:"9.1,REV=2007.09.07.14.04") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWasman", version:"9.1,REV=2007.09.07.14.03") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWasr", version:"9.1,REV=2007.09.07.14.03") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWasu", version:"9.1,REV=2007.09.07.13.59") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWasuee", version:"9.1,REV=2007.09.07.14.07") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWasut", version:"9.1,REV=2007.09.07.14.03") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128641-30", obsoleted_by:"", package:"SUNWaswbcr", version:"9.1,REV=2007.09.07.14.08") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWasJdbcDrivers / SUNWasac / SUNWasacee / SUNWascml / SUNWascmn / etc"); }NASL family Solaris Local Security Checks NASL id SOLARIS9_124672.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 27092 published 2007-10-17 reporter This script is Copyright (C) 2007-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27092 title Solaris 9 (sparc) : 124672-20 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(27092); script_version("$Revision: 1.19 $"); script_cvs_date("$Date: 2016/12/12 14:59:32 $"); script_cve_id("CVE-2009-0278", "CVE-2009-2625", "CVE-2011-5035"); script_xref(name:"IAVT", value:"2009-T-0009"); script_name(english:"Solaris 9 (sparc) : 124672-20"); script_summary(english:"Check for patch 124672-20"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 124672-20" ); script_set_attribute( attribute:"description", value: "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/124672-20" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_cwe_id(200, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2016 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"124672-20", obsoleted_by:"", package:"SUNWasuee", version:"8.2,REV=2007.01.17.14.57") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"124672-20", obsoleted_by:"", package:"SUNWasacee", version:"8.2,REV=2007.01.17.14.57") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"124672-20", obsoleted_by:"", package:"SUNWascml", version:"8.2,REV=2007.01.17.14.57") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"124672-20", obsoleted_by:"", package:"SUNWasu", version:"8.2,REV=2007.01.17.14.43") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"124672-20", obsoleted_by:"", package:"SUNWasdem", version:"8.2,REV=2007.01.17.14.43") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"124672-20", obsoleted_by:"", package:"SUNWashdm", version:"8.2,REV=2007.01.17.14.57") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"124672-20", obsoleted_by:"", package:"SUNWaswbcr", version:"8.2,REV=2007.01.17.14.57") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"124672-20", obsoleted_by:"", package:"SUNWasut", version:"8.2,REV=2007.01.17.14.43") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"124672-20", obsoleted_by:"", package:"SUNWasman", version:"8.2,REV=2007.01.17.14.43") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"124672-20", obsoleted_by:"", package:"SUNWascmnse", version:"8.2,REV=2007.01.17.14.57") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"124672-20", obsoleted_by:"", package:"SUNWaslb", version:"8.2,REV=2007.01.17.14.57") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"124672-20", obsoleted_by:"", package:"SUNWascmn", version:"8.2,REV=2007.01.17.14.43") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"124672-20", obsoleted_by:"", package:"SUNWasac", version:"8.2,REV=2007.01.17.14.43") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS9_128640.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 35419 published 2009-01-19 reporter This script is Copyright (C) 2009-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35419 title Solaris 9 (sparc) : 128640-30 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(35419); script_version("$Revision: 1.14 $"); script_cvs_date("$Date: 2016/12/09 21:14:09 $"); script_cve_id("CVE-2009-0217", "CVE-2009-2625", "CVE-2009-3555", "CVE-2011-3564", "CVE-2011-5035"); script_name(english:"Solaris 9 (sparc) : 128640-30"); script_summary(english:"Check for patch 128640-30"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 128640-30" ); script_set_attribute( attribute:"description", value: "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/128640-30" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_cwe_id(264, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"128640-30", obsoleted_by:"", package:"SUNWasu", version:"9.1,REV=2007.09.07.14.57") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"128640-30", obsoleted_by:"", package:"SUNWashdm", version:"9.1,REV=2007.09.07.15.10") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"128640-30", obsoleted_by:"", package:"SUNWasut", version:"9.1,REV=2007.09.07.15.04") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"128640-30", obsoleted_by:"", package:"SUNWasman", version:"9.1,REV=2007.09.07.15.04") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"128640-30", obsoleted_by:"", package:"SUNWasjdoc", version:"9.1,REV=2007.09.07.15.04") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"128640-30", obsoleted_by:"", package:"SUNWaslb", version:"9.1,REV=2007.09.07.15.05") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"128640-30", obsoleted_by:"", package:"SUNWascmn", version:"9.1,REV=2007.09.07.15.03") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"128640-30", obsoleted_by:"", package:"SUNWasJdbcDrivers", version:"9.1,REV=2007.09.07.15.10") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"128640-30", obsoleted_by:"", package:"SUNWasac", version:"9.1,REV=2007.09.07.14.58") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Misc. NASL id ORACLE_JAVA_CPU_FEB_2012_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 3 / 6 Update 31 / 5.0 Update 34 / 1.4.2_36 and is, therefore, potentially affected by security issues in the following components : - 2D - AWT - CORBA - Concurrency - Deployment - I18n - Install - Java Runtime Environment - Lightweight HTTP Server - Serialization - Sound last seen 2020-06-01 modified 2020-06-02 plugin id 64847 published 2013-02-22 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64847 title Oracle Java SE Multiple Vulnerabilities (February 2012 CPU) (Unix) code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(64847); script_version("1.16"); script_cvs_date("Date: 2018/11/15 20:50:23"); script_cve_id( "CVE-2011-3563", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0498", "CVE-2012-0499", "CVE-2012-0500", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0504", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507", "CVE-2012-0508" ); script_bugtraq_id( 51194, 52009, 52010, 52011, 52012, 52013, 52014, 52015, 52016, 52017, 52018, 52019, 52020, 52161 ); script_xref(name:"EDB-ID", value:"18520"); script_xref(name:"EDB-ID", value:"18679"); script_name(english:"Oracle Java SE Multiple Vulnerabilities (February 2012 CPU) (Unix)"); script_summary(english:"Checks version of the JRE"); script_set_attribute(attribute:"synopsis", value: "The remote Unix host contains a programming platform that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 3 / 6 Update 31 / 5.0 Update 34 / 1.4.2_36 and is, therefore, potentially affected by security issues in the following components : - 2D - AWT - CORBA - Concurrency - Deployment - I18n - Install - Java Runtime Environment - Lightweight HTTP Server - Serialization - Sound"); script_set_attribute(attribute:"see_also", value:"http://www.pre-cert.de/advisories/PRE-SA-2012-01.txt"); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20160729014835/http://telussecuritylabs.com/threats/show/TSL20120214-01"); # http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?aa5506d5"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-032/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-037/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-038/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-039/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-045/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-060/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-081/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-082/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-083/"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2012/Jun/69"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2012/Jun/70"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2012/Jun/71"); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/7u3-relnotes-1481928.html"); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/6u31-relnotes-1482342.html"); # https://www.oracle.com/technetwork/java/javase/documentation/overview-137139.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?84f3023c"); # https://www.oracle.com/technetwork/java/javase/documentation/overview-142120.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d2825206"); script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/java/eol-135779.html"); script_set_attribute(attribute:"solution", value: "Update to JDK / JRE 7 Update 3 / 6 Update 31, JDK 5.0 Update 34, SDK 1.4.2_36 or later, and remove, if necessary, any affected versions. Note that an Extended Support contract with Oracle is needed to obtain JDK 5.0 Update 34 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Java AtomicReferenceArray Type Violation Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/14"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"agent", value:"unix"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("sun_java_jre_installed_unix.nasl"); script_require_keys("Host/Java/JRE/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*"); info = ""; vuln = 0; vuln2 = 0; installed_versions = ""; granular = ""; foreach install (list_uniq(keys(installs))) { ver = install - "Host/Java/JRE/Unmanaged/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; if ( ver =~ '^1\\.7\\.0_0[0-2]([^0-9]|$)' || ver =~ '^1\\.6\\.0_([0-9]|[0-2][0-9]|30)([^0-9]|$)' || ver =~ '^1\\.5\\.0_([0-9]|[0-2][0-9]|3[0-3])([^0-9]|$)' || ver =~ '^1\\.4\\.([01]_|2_([0-9]|[0-2][0-9]|3[0-5])([^0-9]|$))' ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.7.0_03 / 1.6.0_31 / 1.5.0_34 / 1.4.2_36\n'; } else if (ver =~ "^[\d\.]+$") { dirs = make_list(get_kb_list(install)); foreach dir (dirs) granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n'; } else { dirs = make_list(get_kb_list(install)); vuln2 += max_index(dirs); } } # Report if any were found to be vulnerable. if (info) { if (report_verbosity > 0) { if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_hole(port:0, extra:report); } else security_hole(0); if (granular) exit(0, granular); } else { if (granular) exit(0, granular); installed_versions = substr(installed_versions, 3); if (vuln2 > 1) exit(0, "The Java "+installed_versions+" installs on the remote host are not affected."); else exit(0, "The Java "+installed_versions+" install on the remote host is not affected."); }NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_6_UPDATE7.NASL description The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 7, which updates the Java version to 1.6.0_31. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox. last seen 2019-10-28 modified 2012-04-05 plugin id 58605 published 2012-04-05 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58605 title Mac OS X : Java for Mac OS X 10.6 Update 7 code #TRUSTED 6495a2e55bdae4c234c9397f12865b04bd33235a6d5fe3a7d23f5520a99f0df3d8bdd1b4dc7fc6cfbeb39a2a35c1293f79ff74804038027537fd39af0cb4d21fd86bdfdb56002f0ce02f52feb19da5896bf8194d09e526fa966cba261a01de688a00f6d4574996c9342d3fce3e99678932ce098708c9a31de91ffc13ee18086dfe87fb5de1d9200853c048991c822b297dd2bd74b67c68bc50d3b2ce726b895ef0b8865cccfa939be3f4920f5c3f871465e9f4c1613569f9589537a778fc09553c2f5303eab6744a8843f5ab0dd820b226d5b1c3d733f3d0db2cb4617e176dc3f57915fd260a147451ebd533d59cf6d2dd1ade049f1f0ded142c46f913dd9d641f4389b6e470cc76c189e87c5de2a42ba7d7f58431f049bd1e05e5fa2a200f6d71870a5f4851317cbbe3fd4a6c35807cd2a4c43717dc3ed5c5be1200568e65b9433ee7e961e044c69756e3dfb108d1cd21ddb8e26eae4bc5619544f179d479ada8b124db62127ad47d043d676f73df371f52e097d4977db598d4302a93563076deeb28fc7684292588023d2ddc3e1177a8ab8a721a00832af63787df52f8f04b170aa8c45eedcec5a8f22236326722b6fcb7fa1e73aa69ee96c1c813a5a9a80d99fd76ed450f7d3769b18da93c2e065e0bab14c37a3df98e595abac834921c24453f1d644ff9c01256f28390816cd840b627ff0a78988734b640027e9f0bcd94 # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(58605); script_version("1.15"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14"); script_cve_id( "CVE-2011-3563", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0498", "CVE-2012-0499", "CVE-2012-0500", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507" ); script_bugtraq_id( 51194, 52009, 52011, 52012, 52013, 52014, 52015, 52016, 52017, 52018, 52019, 52161 ); script_name(english:"Mac OS X : Java for Mac OS X 10.6 Update 7"); script_summary(english:"Checks version of the JavaVM framework"); script_set_attribute( attribute:"synopsis", value: "The remote host has a version of Java that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 7, which updates the Java version to 1.6.0_31. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox." ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT5228" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2012/Apr/msg00000.html" ); script_set_attribute( attribute:"solution", value: "Upgrade to Java for Mac OS X 10.6 Update 7, which includes version 13.7.0 of the JavaVM Framework." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"metasploit_name", value:'Java AtomicReferenceArray Type Violation Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/28"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/05"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:java_1.6"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("ssh_func.inc"); include("macosx_func.inc"); if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS) enable_ssh_wrappers(); else disable_ssh_wrappers(); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); os = get_kb_item("Host/MacOSX/Version"); if (!os) exit(0, "The host does not appear to be running Mac OS X."); if (!ereg(pattern:"Mac OS X 10\.6([^0-9]|$)", string:os)) exit(0, "The host is running "+os+" and therefore is not affected."); plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist"; cmd = 'plutil -convert xml1 -o - \'' + plist + '\' | ' + 'grep -A 1 CFBundleVersion | ' + 'tail -n 1 | ' + 'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\''; version = exec_cmd(cmd:cmd); if (!strlen(version)) exit(1, "Failed to get the version of the JavaVM Framework."); version = chomp(version); if (!ereg(pattern:"^[0-9]+\.", string:version)) exit(1, "The JavaVM Framework version does not appear to be numeric ("+version+")."); fixed_version = "13.7.0"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Framework : JavaVM' + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else exit(0, "The host is not affected since it is running Mac OS X 10.6 and has JavaVM Framework version "+version+".");NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_7_2012-001.NASL description The remote Mac OS X host is running a version of Java for Mac OS X 10.7 that is missing update 2012-001, which updates the Java version to 1.6.0_31. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox. last seen 2019-10-28 modified 2012-04-05 plugin id 58606 published 2012-04-05 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58606 title Mac OS X : Java for OS X Lion 2012-001 NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-021.NASL description Multiple security issues were identified and fixed in OpenJDK (icedtea6) : Fix issues in java sound (CVE-2011-3563). Fix in AtomicReferenceArray (CVE-2011-3571). Add property to limit number of request headers to the HTTP Server (CVE-2011-5035). Incorect checking for graphics rendering object (CVE-2012-0497). Multiple unspecified vulnerabilities allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2012-0498. CVE-2012-0499, CVE-2012-0500). Better input parameter checking in zip file processing (CVE-2012-0501). Issues with some KeyboardFocusManager method (CVE-2012-0502). Issues with TimeZone class (CVE-2012-0503). Enhance exception throwing mechanism in ObjectStreamClass (CVE-2012-0505). Issues with some method in corba (CVE-2012-0506). The updated packages provides icedtea6-1.10.6 which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 58026 published 2012-02-20 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58026 title Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:021) NASL family Solaris Local Security Checks NASL id SOLARIS10_124672.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. This plugin has been deprecated and either replaced with individual 124672 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 27072 published 2007-10-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=27072 title Solaris 10 (sparc) : 124672-20 (deprecated) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-136.NASL description update to version 1.11.1 to fix several security issues : - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server last seen 2020-06-05 modified 2014-06-13 plugin id 74558 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74558 title openSUSE Security Update : java-1_6_0-openjdk (openSUSE-2012-136) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-43.NASL description It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505) The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571) It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503) The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035) The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563) A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502) It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506) An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501) last seen 2020-06-01 modified 2020-06-02 plugin id 69650 published 2013-09-04 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69650 title Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-43) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0135.NASL description Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505) The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571) It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503) The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035) The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563) A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502) It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506) An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-04-16 modified 2012-02-15 plugin id 57956 published 2012-02-15 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57956 title RHEL 6 : java-1.6.0-openjdk (RHSA-2012:0135) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-0135.NASL description Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505) The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571) It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503) The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035) The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563) A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502) It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506) An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 57961 published 2012-02-16 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57961 title CentOS 6 : java-1.6.0-openjdk (CESA-2012:0135) NASL family Web Servers NASL id GLASSFISH_CVE-2011-5035.NASL description The version of GlassFish Server running on the remote host is affected by a denial of service vulnerability which can be triggered by specially crafted requests containing parameter values that cause hash collisions when computing the hash values for storage in a hash table. last seen 2020-06-01 modified 2020-06-02 plugin id 58090 published 2012-02-22 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58090 title Oracle GlassFish Server 2.1.1 < 2.1.1.15 / 3.0.1 < 3.0.1.5 / 3.1.1 < 3.1.1.2 Hash Collision DoS NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_124673.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 27099 published 2007-10-17 reporter This script is Copyright (C) 2007-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27099 title Solaris 9 (x86) : 124673-20 NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-OPENJDK-120220.NASL description java-1_6_0-openjdk was updated to the IcedTea 1.11.1 b24 release, fixing multiple security issues : - S7082299, CVE-2011-3571: Fix inAtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server last seen 2020-06-05 modified 2012-02-28 plugin id 58141 published 2012-02-28 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58141 title SuSE 11.1 Security Update : Java 1.6.0 (SAT Patch Number 5845) NASL family SuSE Local Security Checks NASL id SUSE_11_4_JAVA-1_6_0-OPENJDK-120222.NASL description java-1_6_0-openjdk was updated to the b24 release, fixing multiple security issues : dbg114-java-1_6_0-openjdk-5856 java-1_6_0-openjdk-5856 new_updateinfo Security fixes - S7082299, CVE-2011-3571: Fix inAtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server last seen 2020-06-05 modified 2014-06-13 plugin id 75871 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75871 title openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:0309-1) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_6_0-IBM-8094.NASL description IBM Java 1.6.0 has been updated to SR10-FP1, fixing various security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/ last seen 2020-06-05 modified 2012-05-10 plugin id 59065 published 2012-05-10 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59065 title SuSE 10 Security Update : IBM Java 1.6.0 (ZYPP Patch Number 8094) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-30.NASL description The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72139 published 2014-01-27 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72139 title GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT) NASL family Windows NASL id ORACLE_JAVA_CPU_FEB_2012.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 3 / 6 Update 31 / 5.0 Update 34 / 1.4.2_36 and is, therefore, potentially affected by security issues in the following components : - 2D - AWT - CORBA - Concurrency - Deployment - I18n - Install - Java Runtime Environment - Lightweight HTTP Server - Serialization - Sound last seen 2020-06-01 modified 2020-06-02 plugin id 57959 published 2012-02-15 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57959 title Oracle Java SE Multiple Vulnerabilities (February 2012 CPU) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_128641.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 35421 published 2009-01-19 reporter This script is Copyright (C) 2009-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35421 title Solaris 9 (x86) : 128641-30 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_124673.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. This plugin has been deprecated and either replaced with individual 124673 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 27077 published 2007-10-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=27077 title Solaris 10 (x86) : 124673-20 (deprecated) NASL family Fedora Local Security Checks NASL id FEDORA_2012-1690.NASL description - Updated to OpenJDK7u3/IcedTea7 2.1 - Security fixes : - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7082299, CVE-2011-3571: AtomicReferenceArray insufficient array type check - S7110687, CVE-2012-0503: Unrestricted use of TimeZone.setDefault - S7110700, CVE-2012-0505: Incomplete info in the deserialization exception - S7110683, CVE-2012-0502: KeyboardFocusManager focus stealing - S7088367, CVE-2011-3563: JavaSound incorrect bounds check - S7126960, CVE-2011-5035: Add property to limit number of request headers to the HTTP Server - S7118283, CVE-2012-0501: Off-by-one bug in ZIP reading code - S7110704, CVE-2012-0506: CORBA fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-02-16 plugin id 57967 published 2012-02-16 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57967 title Fedora 16 : java-1.7.0-openjdk-1.7.0.3-2.1.fc16 (2012-1690) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1373-1.NASL description It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. (CVE-2011-5035) ATTENTION: this update changes previous Java HttpServer class behavior by limiting the number of request headers to 200. This may be increased by adjusting the sun.net.httpserver.maxReqHeaders property. It was discovered that the Java Sound component did not properly check buffer boundaries. A remote attacker could use this to cause a denial of service or view confidential data. (CVE-2011-3563) It was discovered that the Java2D implementation does not properly check graphics rendering objects before passing them to the native renderer. A remote attacker could use this to cause a denial of service or to bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that an off-by-one error exists in the Java ZIP file processing code. An attacker could us this to cause a denial of service through a maliciously crafted ZIP file. (CVE-2012-0501) It was discovered that the Java AWT KeyboardFocusManager did not properly enforce keyboard focus security policy. A remote attacker could use this with an untrusted application or applet to grab keyboard focus and possibly expose confidential data. (CVE-2012-0502) It was discovered that the Java TimeZone class did not properly enforce security policy around setting the default time zone. A remote attacker could use this with an untrusted application or applet to set a new default time zone and bypass Java sandbox restrictions. (CVE-2012-0503) It was discovered the Java ObjectStreamClass did not throw an accurately identifiable exception when a deserialization failure occurred. A remote attacker could use this with an untrusted application or applet to bypass Java sandbox restrictions. (CVE-2012-0505) It was discovered that the Java CORBA implementation did not properly protect repository identifiers on certain CORBA objects. A remote attacker could use this to corrupt object data. (CVE-2012-0506) It was discovered that the Java AtomicReferenceArray class implementation did not properly check if an array was of the expected Object[] type. A remote attacker could use this with a malicious application or applet to bypass Java sandbox restrictions. (CVE-2012-0507). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 58130 published 2012-02-27 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58130 title Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : openjdk-6 vulnerabilities (USN-1373-1) NASL family Solaris Local Security Checks NASL id SOLARIS10_124672-20.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 107410 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107410 title Solaris 10 (sparc) : 124672-20 NASL family Solaris Local Security Checks NASL id SOLARIS8_124672.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 27509 published 2007-10-18 reporter This script is Copyright (C) 2007-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27509 title Solaris 8 (sparc) : 124672-20 NASL family Fedora Local Security Checks NASL id FEDORA_2012-2595.NASL description - Updated to OpenJDK7u3/IcedTea7 2.1 - Removed upstreamed glibc nameclash patch - Added patch to remove the -mimpure option to gcc - Security fixes : - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7082299, CVE-2011-3571: AtomicReferenceArray insufficient array type check - S7110687, CVE-2012-0503: Unrestricted use of TimeZone.setDefault - S7110700, CVE-2012-0505: Incomplete info in the deserialization exception - S7110683, CVE-2012-0502: KeyboardFocusManager focus stealing - S7088367, CVE-2011-3563: JavaSound incorrect bounds check - S7126960, CVE-2011-5035: Add property to limit number of request headers to the HTTP Server - S7118283, CVE-2012-0501: Off-by-one bug in ZIP reading code - S7110704, CVE-2012-0506: CORBA fix - Add patch to fix compilation with GCC 4.7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-02-29 plugin id 58161 published 2012-02-29 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58161 title Fedora 17 : java-1.7.0-openjdk-1.7.0.3-2.1.fc17 (2012-2595) NASL family Solaris Local Security Checks NASL id SOLARIS10_128640-30.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 107469 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107469 title Solaris 10 (sparc) : 128640-30 NASL family Scientific Linux Local Security Checks NASL id SL_20120216_JAVA_1_6_0_SUN_ON_SL4_X.NASL description This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page. (CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 31 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect. last seen 2020-03-18 modified 2012-08-01 plugin id 61252 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61252 title Scientific Linux Security Update : java-1.6.0-sun on SL4.x, SL5.x i386/x86_64 (20120216) NASL family Scientific Linux Local Security Checks NASL id SL_20120214_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL description These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505) The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571) It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503) The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035) The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563) A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502) It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506) An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-03-18 modified 2012-08-01 plugin id 61248 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61248 title Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64 (20120214) NASL family Solaris Local Security Checks NASL id SOLARIS10_128640.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. This plugin has been deprecated and either replaced with individual 128640 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 35409 published 2009-01-19 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=35409 title Solaris 10 (sparc) : 128640-30 (deprecated) NASL family Misc. NASL id VMWARE_VCENTER_VMSA-2012-0013.NASL description The version of VMware vCenter installed on the remote host is 4.0 earlier than Update 4a, 4.1 earlier than Update 3, or 5.0 earlier than Update 2. As such, it is potentially affected by multiple vulnerabilities in the included Oracle (Sun) Java Runtime Environment. last seen 2020-06-01 modified 2020-06-02 plugin id 66806 published 2013-06-05 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66806 title VMware vCenter Multiple Vulnerabilities (VMSA-2012-0013) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201406-32.NASL description The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 76303 published 2014-06-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76303 title GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT) NASL family Scientific Linux Local Security Checks NASL id SL_20120221_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL description These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505) The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571) It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503) The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035) The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563) A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502) It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506) An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501) This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-03-18 modified 2012-08-01 plugin id 61264 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61264 title Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 (20120221) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0322.NASL description From Red Hat Security Advisory 2012:0322 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505) The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571) It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503) The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035) The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563) A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502) It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506) An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501) This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68487 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68487 title Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2012-0322) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-IBM-120427.NASL description IBM Java 1.6.0 was updated to SR10-FP1, fixing various security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/ last seen 2020-06-05 modified 2013-01-25 plugin id 64164 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64164 title SuSE 11.1 Security Update : IBM Java 1.6.0 (SAT Patch Number 6225) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0135.NASL description From Red Hat Security Advisory 2012:0135 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505) The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571) It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503) The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035) The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563) A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502) It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506) An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68459 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68459 title Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2012-0135) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2420.NASL description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. - CVE-2011-3377 The IcedTea browser plugin included in the openjdk-6 package does not properly enforce the Same Origin Policy on web content served under a domain name which has a common suffix with the required domain name. - CVE-2011-3563 The Java Sound component did not properly check for array boundaries. A malicious input or an untrusted Java application or applet could use this flaw to cause Java Virtual Machine to crash or disclose portion of its memory. - CVE-2011-5035 The OpenJDK embedded web server did not guard against an excessive number of a request parameters, leading to a denial of service vulnerability involving hash collisions. - CVE-2012-0497 It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. This could lead to JVM crash or Java sandbox bypass. - CVE-2012-0501 The ZIP central directory parser used by java.util.zip.ZipFile entered an infinite recursion in native code when processing a crafted ZIP file, leading to a denial of service. - CVE-2012-0502 A flaw was found in the AWT KeyboardFocusManager class that could allow untrusted Java applets to acquire keyboard focus and possibly steal sensitive information. - CVE-2012-0503 The java.util.TimeZone.setDefault() method lacked a security manager invocation, allowing an untrusted Java application or applet to set a new default time zone. - CVE-2012-0505 The Java serialization code leaked references to serialization exceptions, possibly leaking critical objects to untrusted code in Java applets and applications. - CVE-2012-0506 It was discovered that CORBA implementation in Java did not properly protect repository identifiers (that can be obtained using _ids() method) on certain Corba objects. This could have been used to perform modification of the data that should have been immutable. - CVE-2012-0507 The AtomicReferenceArray class implementation did not properly check if the array is of an expected Object[] type. A malicious Java application or applet could use this flaw to cause Java Virtual Machine to crash or bypass Java sandbox restrictions. last seen 2020-03-17 modified 2012-02-29 plugin id 58148 published 2012-02-29 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58148 title Debian DSA-2420-1 : openjdk-6 - several vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0322.NASL description Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505) The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571) It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503) The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035) The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563) A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502) It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506) An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501) This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-04-16 modified 2012-02-22 plugin id 58084 published 2012-02-22 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58084 title RHEL 5 : java-1.6.0-openjdk (RHSA-2012:0322) NASL family Fedora Local Security Checks NASL id FEDORA_2012-1711.NASL description The update contains the following security fixes : - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server This release also contains the following additional fix : - PR865: Patching fails with patches/ecj/jaxws-getdtdtype.patch Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-02-20 plugin id 58019 published 2012-02-20 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58019 title Fedora 16 : java-1.6.0-openjdk-1.6.0.0-65.1.11.1.fc16 (2012-1711) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1455.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Users of Red Hat Network Satellite Server 5.4 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ( last seen 2020-06-01 modified 2020-06-02 plugin id 78975 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78975 title RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_128641.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. This plugin has been deprecated and either replaced with individual 128641 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 35415 published 2009-01-19 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=35415 title Solaris 10 (x86) : 128641-30 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_124673-20.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 107913 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107913 title Solaris 10 (x86) : 124673-20 NASL family Fedora Local Security Checks NASL id FEDORA_2012-1721.NASL description The update contains the following security fixes : - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server This release also contains the following additional fix : - PR865: Patching fails with patches/ecj/jaxws-getdtdtype.patch Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-02-22 plugin id 58080 published 2012-02-22 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58080 title Fedora 15 : java-1.6.0-openjdk-1.6.0.0-63.1.10.6.fc15 (2012-1721) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0139.NASL description Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 31 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 57991 published 2012-02-17 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57991 title RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2012:0139)
Oval
| accepted | 2013-07-29T04:00:57.418-04:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| definition_extensions |
| ||||
| description | Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. | ||||
| family | windows | ||||
| id | oval:org.mitre.oval:def:16908 | ||||
| status | accepted | ||||
| submitted | 2013-04-29T10:26:26.748+04:00 | ||||
| title | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server | ||||
| version | 6 |
Redhat
| advisories |
| ||||||||
| rpms |
|
Seebug
bulletinFamily exploit description No description provided by source. id SSV:72458 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-72458 title PHP Hash Table Collision Proof Of Concept bulletinFamily exploit description CVE ID: CVE-2011-3389,CVE-2011-3516,CVE-2011-3521,CVE-2011-3544,CVE-2011-3545,CVE-2011-3546,CVE-2011-3547,CVE-2011-3548,CVE-2011-3549,CVE-2011-3550,CVE-2011-3551,CVE-2011-3552,CVE-2011-3553,CVE-2011-3554,CVE-2011-3556,CVE-2011-3557,CVE-2011-3560,CVE-2011-3561,CVE-2011-3563,CVE-2011-5035,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0501,CVE-2012-0502,CVE-2012-0503,CVE-2012-0505,CVE-2012-0506,CVE-2012-0507,CVE-2012-0732,CVE-2012-2159,CVE-2012-2161 IBM Rational AppScan是应用安全性软件,能够在开发的各个阶段扫描并测试所有常见的Web应用漏洞。 IBM Rational AppScan 8.6之前版本在实现上存在多个漏洞,可被恶意用户利用泄露敏感信息、执行欺骗和XSS攻击、劫持用户会话、对DNS缓存投毒、操作某些数据、造成拒绝服务和控制受影响系统。 0 IBM Rational AppScan 8.x IBM Rational AppScan 7.x 厂商补丁: IBM --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.ers.ibm.com/ id SSV:60220 last seen 2017-11-19 modified 2012-06-16 published 2012-06-16 reporter Root title IBM Rational AppScan 8.x/7.x 多个安全漏洞
References
- http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html
- http://marc.info/?l=bugtraq&m=133364885411663&w=2
- http://marc.info/?l=bugtraq&m=133847939902305&w=2
- http://marc.info/?l=bugtraq&m=134254866602253&w=2
- http://marc.info/?l=bugtraq&m=134254957702612&w=2
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://rhn.redhat.com/errata/RHSA-2012-0514.html
- http://rhn.redhat.com/errata/RHSA-2013-1455.html
- http://secunia.com/advisories/48073
- http://secunia.com/advisories/48074
- http://secunia.com/advisories/48589
- http://secunia.com/advisories/48950
- http://secunia.com/advisories/57126
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://www.debian.org/security/2012/dsa-2420
- http://www.kb.cert.org/vuls/id/903934
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.nruns.com/_downloads/advisory28122011.pdf
- http://www.ocert.org/advisories/ocert-2011-003.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
- http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
- http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
- https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16908