Vulnerabilities > CVE-2012-0499

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
sun
oracle
critical
nessus

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Vulnerable Configurations

Part Description Count
Application
Sun
189
Application
Oracle
20

Nessus

  • NASL familyWindows
    NASL idORACLE_JROCKIT_CPU_APR_2012.NASL
    descriptionThe remote host has a version of Oracle JRockit that is affected by multiple vulnerabilities that could allow a remote attacker to compromise system confidentiality and integrity via unspecified vectors.
    last seen2020-06-01
    modified2020-06-02
    plugin id76683
    published2014-07-22
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76683
    titleOracle JRockit R27 < R27.7.2.5 / R28 < R28.2.3.13 Multiple Vulnerabilities (April 2012 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76683);
      script_version("1.11");
      script_cvs_date("Date: 2018/11/15 20:50:28");
    
      script_cve_id(
        "CVE-2012-1695",
        "CVE-2012-0497",
        "CVE-2012-0498",
        "CVE-2012-0499",
        "CVE-2011-3563",
        "CVE-2012-0501",
        "CVE-2011-5035"
      );
      script_bugtraq_id(
        57087,
        52009,
        52019,
        52016,
        52012,
        52013,
        51194
      );
    
      script_name(english:"Oracle JRockit R27 < R27.7.2.5 / R28 < R28.2.3.13 Multiple Vulnerabilities (April 2012 CPU)");
      script_summary(english:"Checks the version of jvm.dll.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a programming platform that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host has a version of Oracle JRockit that is affected by
    multiple vulnerabilities that could allow a remote attacker to
    compromise system confidentiality and integrity via unspecified
    vectors.");
      script_set_attribute(attribute:"solution", value:"Upgrade to version R27.7.2.5 / R28.2.3.13 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      # https://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83822adc");
    script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/04/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/22");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jrockit");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
    
      script_dependencies("oracle_jrockit_installed.nasl");
      script_require_keys("installed_sw/Oracle JRockit");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("install_func.inc");
    
    app     = "Oracle JRockit";
    get_install_count(app_name:app, exit_if_zero:TRUE);
    install = get_single_install(app_name:app);
    ver     = install['version'];
    type    = install['type'];
    path    = install['path'];
    
    # 26 and below may not be supported, may not be affected --
    # it's not listed as affected so we do not check it.
    if (ver_compare(ver:ver, fix:"27", strict:FALSE) < 0) audit(AUDIT_INST_VER_NOT_VULN, app);
    
    if (ver_compare(ver:ver, fix:"28", strict:FALSE) < 0)
    {
      compare = "27.7.2";
      fix     = "27.7.2.5";
    }
    else
    {
      compare = "28.2.3";
      fix     = "28.2.3.13";
    }
    
    if (ver_compare(ver:ver, fix:compare, strict:FALSE) >= 0) audit(AUDIT_INST_VER_NOT_VULN, app);
    
    # The DLL we're looking at is a level deeper in the JDK, since it
    # keeps a subset of the JRE in a subdirectory.
    if (type == "JDK")  path += "\jre";
    
    path += "\bin\jrockit\jvm.dll";
    
    report =
      '\n  Type              : ' + type +
      '\n  Path              : ' + path +
      '\n  Installed version : ' + ver +
      '\n  Fixed version     : ' + fix +
      '\n';
    
    port = get_kb_item("SMB/transport");
    if (!port) port = 445;
    
    if (report_verbosity > 0) security_hole(port:port, extra:report);
    else security_hole(port);
    
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0514.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id58866
    published2012-04-25
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58866
    titleRHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:0514)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:0514. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58866);
      script_version ("1.31");
      script_cvs_date("Date: 2019/10/24 15:35:35");
    
      script_cve_id("CVE-2011-3563", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0498", "CVE-2012-0499", "CVE-2012-0500", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507");
      script_bugtraq_id(51194, 52009, 52011, 52012, 52013, 52014, 52015, 52016, 52017, 52018, 52019, 52161);
      script_xref(name:"RHSA", value:"2012:0514");
    
      script_name(english:"RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:0514)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.6.0-ibm packages that fix several security issues are
    now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
    
    The Red Hat Security Response Team has rated this update as having
    critical security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The IBM Java SE version 6 release includes the IBM Java 6 Runtime
    Environment and the IBM Java 6 Software Development Kit.
    
    This update fixes several vulnerabilities in the IBM Java 6 Runtime
    Environment and the IBM Java 6 Software Development Kit. Detailed
    vulnerability descriptions are linked from the IBM 'Security alerts'
    page, listed in the References section. (CVE-2011-3563, CVE-2011-5035,
    CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500,
    CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505,
    CVE-2012-0506, CVE-2012-0507)
    
    All users of java-1.6.0-ibm are advised to upgrade to these updated
    packages, containing the IBM Java 6 SR10-FP1 release. All running
    instances of IBM Java must be restarted for the update to take effect."
      );
      # http://www.ibm.com/developerworks/java/jdk/alerts/
      script_set_attribute(
        attribute:"see_also",
        value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2012:0514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-5035"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-0505"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-3563"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-0506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-0497"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-0503"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-0502"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-0501"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-0500"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-0499"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-0498"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-0507"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java AtomicReferenceArray Type Violation Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/04/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2012:0514";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5")) flag++;
    
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_4_2-IBM-120529.NASL
    descriptionIBM Java 1.4.2 SR13 FP12 has been released which fixes various bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ has more informations. CVEs addressed: CVE-2011-3563 / CVE-2012-0499 / CVE-2012-0502 / CVE-2012-0503 / CVE-2012-0505 / CVE-2012-0506
    last seen2020-06-05
    modified2013-01-25
    plugin id64161
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64161
    titleSuSE 11.1 Security Update : IBM Java (SAT Patch Number 6360)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64161);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2011-3563", "CVE-2012-0499", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506");
    
      script_name(english:"SuSE 11.1 Security Update : IBM Java (SAT Patch Number 6360)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "IBM Java 1.4.2 SR13 FP12 has been released which fixes various bugs
    and security issues.
    
    http://www.ibm.com/developerworks/java/jdk/alerts/ has more
    informations.
    
    CVEs addressed: CVE-2011-3563 / CVE-2012-0499 / CVE-2012-0502 /
    CVE-2012-0503 / CVE-2012-0505 / CVE-2012-0506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=763805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-3563.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-0499.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-0502.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-0503.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-0505.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-0506.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6360.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/05/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:1, reference:"java-1_4_2-ibm-1.4.2_sr13.12-0.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"java-1_4_2-ibm-jdbc-1.4.2_sr13.12-0.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"java-1_4_2-ibm-plugin-1.4.2_sr13.12-0.2.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_FEB_2012_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 3 / 6 Update 31 / 5.0 Update 34 / 1.4.2_36 and is, therefore, potentially affected by security issues in the following components : - 2D - AWT - CORBA - Concurrency - Deployment - I18n - Install - Java Runtime Environment - Lightweight HTTP Server - Serialization - Sound
    last seen2020-06-01
    modified2020-06-02
    plugin id64847
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64847
    titleOracle Java SE Multiple Vulnerabilities (February 2012 CPU) (Unix)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(64847);
      script_version("1.16");
      script_cvs_date("Date: 2018/11/15 20:50:23");
    
      script_cve_id(
        "CVE-2011-3563",
        "CVE-2011-5035",
        "CVE-2012-0497",
        "CVE-2012-0498",
        "CVE-2012-0499",
        "CVE-2012-0500",
        "CVE-2012-0501",
        "CVE-2012-0502",
        "CVE-2012-0503",
        "CVE-2012-0504",
        "CVE-2012-0505",
        "CVE-2012-0506",
        "CVE-2012-0507",
        "CVE-2012-0508"
      );
      script_bugtraq_id(
        51194,
        52009,
        52010,
        52011,
        52012,
        52013,
        52014,
        52015,
        52016,
        52017,
        52018,
        52019,
        52020,
        52161
      );
      script_xref(name:"EDB-ID", value:"18520");
      script_xref(name:"EDB-ID", value:"18679");
    
      script_name(english:"Oracle Java SE Multiple Vulnerabilities (February 2012 CPU) (Unix)");
      script_summary(english:"Checks version of the JRE");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Unix host contains a programming platform that is affected
    by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle (formerly Sun) Java SE or Java for Business
    installed on the remote host is earlier than 7 Update 3 / 6 Update 31 /
    5.0 Update 34 / 1.4.2_36 and is, therefore, potentially affected by
    security issues in the following components :
    
      - 2D
      - AWT
      - CORBA
      - Concurrency
      - Deployment
      - I18n
      - Install
      - Java Runtime Environment
      - Lightweight HTTP Server
      - Serialization
      - Sound");
      script_set_attribute(attribute:"see_also", value:"http://www.pre-cert.de/advisories/PRE-SA-2012-01.txt");
      script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20160729014835/http://telussecuritylabs.com/threats/show/TSL20120214-01");
      # http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?aa5506d5");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-032/");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-037/");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-038/");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-039/");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-045/");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-060/");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-081/");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-082/");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-083/");
      script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2012/Jun/69");
      script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2012/Jun/70");
      script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2012/Jun/71");
      script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/7u3-relnotes-1481928.html");
      script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/6u31-relnotes-1482342.html");
      # https://www.oracle.com/technetwork/java/javase/documentation/overview-137139.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?84f3023c");
      # https://www.oracle.com/technetwork/java/javase/documentation/overview-142120.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d2825206");
      script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/java/eol-135779.html");
      script_set_attribute(attribute:"solution", value:
    "Update to JDK / JRE 7 Update 3 / 6 Update 31, JDK 5.0 Update 34, SDK
    1.4.2_36 or later, and remove, if necessary, any affected versions.
    
    Note that an Extended Support contract with Oracle is needed to obtain
    JDK 5.0 Update 34 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java AtomicReferenceArray Type Violation Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/02/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"agent", value:"unix");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
    
      script_dependencies("sun_java_jre_installed_unix.nasl");
      script_require_keys("Host/Java/JRE/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*");
    
    info = "";
    vuln = 0;
    vuln2 = 0;
    installed_versions = "";
    granular = "";
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "Host/Java/JRE/Unmanaged/";
      if (ver !~ "^[0-9.]+") continue;
    
      installed_versions = installed_versions + " & " + ver;
    
      if (
        ver =~ '^1\\.7\\.0_0[0-2]([^0-9]|$)' ||
        ver =~ '^1\\.6\\.0_([0-9]|[0-2][0-9]|30)([^0-9]|$)' ||
        ver =~ '^1\\.5\\.0_([0-9]|[0-2][0-9]|3[0-3])([^0-9]|$)' ||
        ver =~ '^1\\.4\\.([01]_|2_([0-9]|[0-2][0-9]|3[0-5])([^0-9]|$))'
      )
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.7.0_03 / 1.6.0_31 / 1.5.0_34 / 1.4.2_36\n';
      }
      else if (ver =~ "^[\d\.]+$")
      {
        dirs = make_list(get_kb_list(install));
        foreach dir (dirs)
          granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n';
      }
      else
      {
        dirs = make_list(get_kb_list(install));
        vuln2 += max_index(dirs);
      }
    
    }
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
          info;
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
      if (granular) exit(0, granular);
    }
    else
    {
      if (granular) exit(0, granular);
    
      installed_versions = substr(installed_versions, 3);
      if (vuln2 > 1)
        exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
      else
        exit(0, "The Java "+installed_versions+" install on the remote host is not affected.");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_10_6_UPDATE7.NASL
    descriptionThe remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 7, which updates the Java version to 1.6.0_31. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen2019-10-28
    modified2012-04-05
    plugin id58605
    published2012-04-05
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58605
    titleMac OS X : Java for Mac OS X 10.6 Update 7
    code
    #TRUSTED 6495a2e55bdae4c234c9397f12865b04bd33235a6d5fe3a7d23f5520a99f0df3d8bdd1b4dc7fc6cfbeb39a2a35c1293f79ff74804038027537fd39af0cb4d21fd86bdfdb56002f0ce02f52feb19da5896bf8194d09e526fa966cba261a01de688a00f6d4574996c9342d3fce3e99678932ce098708c9a31de91ffc13ee18086dfe87fb5de1d9200853c048991c822b297dd2bd74b67c68bc50d3b2ce726b895ef0b8865cccfa939be3f4920f5c3f871465e9f4c1613569f9589537a778fc09553c2f5303eab6744a8843f5ab0dd820b226d5b1c3d733f3d0db2cb4617e176dc3f57915fd260a147451ebd533d59cf6d2dd1ade049f1f0ded142c46f913dd9d641f4389b6e470cc76c189e87c5de2a42ba7d7f58431f049bd1e05e5fa2a200f6d71870a5f4851317cbbe3fd4a6c35807cd2a4c43717dc3ed5c5be1200568e65b9433ee7e961e044c69756e3dfb108d1cd21ddb8e26eae4bc5619544f179d479ada8b124db62127ad47d043d676f73df371f52e097d4977db598d4302a93563076deeb28fc7684292588023d2ddc3e1177a8ab8a721a00832af63787df52f8f04b170aa8c45eedcec5a8f22236326722b6fcb7fa1e73aa69ee96c1c813a5a9a80d99fd76ed450f7d3769b18da93c2e065e0bab14c37a3df98e595abac834921c24453f1d644ff9c01256f28390816cd840b627ff0a78988734b640027e9f0bcd94
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58605);
      script_version("1.15");
      script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");
    
      script_cve_id(
        "CVE-2011-3563",
        "CVE-2011-5035",
        "CVE-2012-0497",
        "CVE-2012-0498",
        "CVE-2012-0499",
        "CVE-2012-0500",
        "CVE-2012-0501",
        "CVE-2012-0502",
        "CVE-2012-0503",
        "CVE-2012-0505",
        "CVE-2012-0506",
        "CVE-2012-0507"
      );
      script_bugtraq_id(
        51194,
        52009,
        52011,
        52012,
        52013,
        52014,
        52015,
        52016,
        52017,
        52018,
        52019,
        52161
      );
    
      script_name(english:"Mac OS X : Java for Mac OS X 10.6 Update 7");
      script_summary(english:"Checks version of the JavaVM framework");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host has a version of Java that is affected by multiple
    vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote Mac OS X host is running a version of Java for Mac OS X
    10.6 that is missing Update 7, which updates the Java version to
    1.6.0_31.  As such, it is affected by several security
    vulnerabilities, the most serious of which may allow an untrusted Java
    applet to execute arbitrary code with the privileges of the current
    user outside the Java sandbox."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.apple.com/kb/HT5228"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.apple.com/archives/security-announce/2012/Apr/msg00000.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "Upgrade to Java for Mac OS X 10.6 Update 7, which includes version
    13.7.0 of the JavaVM Framework."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_set_attribute(attribute:"metasploit_name", value:'Java AtomicReferenceArray Type Violation Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/05");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:java_1.6");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("ssh_func.inc");
    include("macosx_func.inc");
    
    
    
    if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
      enable_ssh_wrappers();
    else disable_ssh_wrappers();
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) exit(0, "The host does not appear to be running Mac OS X.");
    if (!ereg(pattern:"Mac OS X 10\.6([^0-9]|$)", string:os))
      exit(0, "The host is running "+os+" and therefore is not affected.");
    
    plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist";
    cmd =
      'plutil -convert xml1 -o - \'' + plist + '\' | ' +
      'grep -A 1 CFBundleVersion | ' +
      'tail -n 1 | ' +
      'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\'';
    version = exec_cmd(cmd:cmd);
    if (!strlen(version)) exit(1, "Failed to get the version of the JavaVM Framework.");
    
    version = chomp(version);
    if (!ereg(pattern:"^[0-9]+\.", string:version)) exit(1, "The JavaVM Framework version does not appear to be numeric ("+version+").");
    
    fixed_version = "13.7.0";
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Framework         : JavaVM' +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version + '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
    }
    else exit(0, "The host is not affected since it is running Mac OS X 10.6 and has JavaVM Framework version "+version+".");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_10_7_2012-001.NASL
    descriptionThe remote Mac OS X host is running a version of Java for Mac OS X 10.7 that is missing update 2012-001, which updates the Java version to 1.6.0_31. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen2019-10-28
    modified2012-04-05
    plugin id58606
    published2012-04-05
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58606
    titleMac OS X : Java for OS X Lion 2012-001
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-021.NASL
    descriptionMultiple security issues were identified and fixed in OpenJDK (icedtea6) : Fix issues in java sound (CVE-2011-3563). Fix in AtomicReferenceArray (CVE-2011-3571). Add property to limit number of request headers to the HTTP Server (CVE-2011-5035). Incorect checking for graphics rendering object (CVE-2012-0497). Multiple unspecified vulnerabilities allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2012-0498. CVE-2012-0499, CVE-2012-0500). Better input parameter checking in zip file processing (CVE-2012-0501). Issues with some KeyboardFocusManager method (CVE-2012-0502). Issues with TimeZone class (CVE-2012-0503). Enhance exception throwing mechanism in ObjectStreamClass (CVE-2012-0505). Issues with some method in corba (CVE-2012-0506). The updated packages provides icedtea6-1.10.6 which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id58026
    published2012-02-20
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58026
    titleMandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:021)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0702.NASL
    descriptionUpdated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id64038
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64038
    titleRHEL 5 : java-1.4.2-ibm (RHSA-2012:0702)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_5_0-IBM-8100.NASL
    descriptionIBM Java 1.5.0 has been updated to SR13-FP1, fixing various security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen2020-06-05
    modified2012-05-10
    plugin id59064
    published2012-05-10
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59064
    titleSuSE 10 Security Update : IBM Java 1.6.0 (ZYPP Patch Number 8100)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_6_0-IBM-8094.NASL
    descriptionIBM Java 1.6.0 has been updated to SR10-FP1, fixing various security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen2020-06-05
    modified2012-05-10
    plugin id59065
    published2012-05-10
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59065
    titleSuSE 10 Security Update : IBM Java 1.6.0 (ZYPP Patch Number 8094)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1080.NASL
    descriptionUpdated java-1.4.2-ibm-sap packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 for SAP. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id78927
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78927
    titleRHEL 5 / 6 : java-1.4.2-ibm-sap (RHSA-2012:1080)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_4_2-IBM-8151.NASL
    descriptionIBM Java 1.4.2 SR13 FP12 has been released, fixing various bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts> has more informations. CVEs addressed: CVE-2011-3563 / CVE-2012-0499 / CVE-2012-0502 / CVE-2012-0503 / CVE-2012-0505 / CVE-2012-0506
    last seen2020-06-05
    modified2012-06-14
    plugin id59493
    published2012-06-14
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59493
    titleSuSE 10 Security Update : IBM Java (ZYPP Patch Number 8151)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201401-30.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id72139
    published2014-01-27
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72139
    titleGLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_FEB_2012.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 3 / 6 Update 31 / 5.0 Update 34 / 1.4.2_36 and is, therefore, potentially affected by security issues in the following components : - 2D - AWT - CORBA - Concurrency - Deployment - I18n - Install - Java Runtime Environment - Lightweight HTTP Server - Serialization - Sound
    last seen2020-06-01
    modified2020-06-02
    plugin id57959
    published2012-02-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57959
    titleOracle Java SE Multiple Vulnerabilities (February 2012 CPU)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120216_JAVA_1_6_0_SUN_ON_SL4_X.NASL
    descriptionThis update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page. (CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 31 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen2020-03-18
    modified2012-08-01
    plugin id61252
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61252
    titleScientific Linux Security Update : java-1.6.0-sun on SL4.x, SL5.x i386/x86_64 (20120216)
  • NASL familyMisc.
    NASL idVMWARE_VCENTER_VMSA-2012-0013.NASL
    descriptionThe version of VMware vCenter installed on the remote host is 4.0 earlier than Update 4a, 4.1 earlier than Update 3, or 5.0 earlier than Update 2. As such, it is potentially affected by multiple vulnerabilities in the included Oracle (Sun) Java Runtime Environment.
    last seen2020-06-01
    modified2020-06-02
    plugin id66806
    published2013-06-05
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66806
    titleVMware vCenter Multiple Vulnerabilities (VMSA-2012-0013)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-IBM-120427.NASL
    descriptionIBM Java 1.6.0 was updated to SR10-FP1, fixing various security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen2020-06-05
    modified2013-01-25
    plugin id64164
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64164
    titleSuSE 11.1 Security Update : IBM Java 1.6.0 (SAT Patch Number 6225)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1455.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Users of Red Hat Network Satellite Server 5.4 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted (
    last seen2020-06-01
    modified2020-06-02
    plugin id78975
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78975
    titleRHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0508.NASL
    descriptionUpdated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM
    last seen2020-04-16
    modified2012-04-24
    plugin id58840
    published2012-04-24
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58840
    titleRHEL 5 / 6 : java-1.5.0-ibm (RHSA-2012:0508) (BEAST)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0139.NASL
    descriptionUpdated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 31 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id57991
    published2012-02-17
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57991
    titleRHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2012:0139)

Oval

accepted2015-03-23T04:00:46.030-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationDTCC
  • nameShane Shaffer
    organizationG2, Inc.
  • nameDragos Prisaca
    organizationG2, Inc.
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentJava SE Runtime Environment 5 is installed
    ovaloval:org.mitre.oval:def:15748
  • commentJava SE Runtime Environment 6 is installed
    ovaloval:org.mitre.oval:def:16362
  • commentJava SE Runtime Environment 7 is installed
    ovaloval:org.mitre.oval:def:16050
descriptionUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
familywindows
idoval:org.mitre.oval:def:14878
statusaccepted
submitted2012-02-17T15:24:26.000-05:00
titleUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
version12

Redhat

advisories
  • rhsa
    idRHSA-2012:0508
  • rhsa
    idRHSA-2012:0514
  • rhsa
    idRHSA-2012:0702
  • rhsa
    idRHSA-2012:1080
  • rhsa
    idRHSA-2013:1455
rpms
  • java-1.6.0-sun-1:1.6.0.31-1jpp.1.el4
  • java-1.6.0-sun-1:1.6.0.31-1jpp.1.el5
  • java-1.6.0-sun-1:1.6.0.31-1jpp.1.el6_2
  • java-1.6.0-sun-demo-1:1.6.0.31-1jpp.1.el4
  • java-1.6.0-sun-demo-1:1.6.0.31-1jpp.1.el5
  • java-1.6.0-sun-demo-1:1.6.0.31-1jpp.1.el6_2
  • java-1.6.0-sun-devel-1:1.6.0.31-1jpp.1.el4
  • java-1.6.0-sun-devel-1:1.6.0.31-1jpp.1.el5
  • java-1.6.0-sun-devel-1:1.6.0.31-1jpp.1.el6_2
  • java-1.6.0-sun-jdbc-1:1.6.0.31-1jpp.1.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.31-1jpp.1.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.31-1jpp.1.el6_2
  • java-1.6.0-sun-plugin-1:1.6.0.31-1jpp.1.el4
  • java-1.6.0-sun-plugin-1:1.6.0.31-1jpp.1.el5
  • java-1.6.0-sun-plugin-1:1.6.0.31-1jpp.1.el6_2
  • java-1.6.0-sun-src-1:1.6.0.31-1jpp.1.el4
  • java-1.6.0-sun-src-1:1.6.0.31-1jpp.1.el5
  • java-1.6.0-sun-src-1:1.6.0.31-1jpp.1.el6_2
  • java-1.5.0-ibm-1:1.5.0.13.1-1jpp.1.el5
  • java-1.5.0-ibm-1:1.5.0.13.1-1jpp.2.el6_2
  • java-1.5.0-ibm-accessibility-1:1.5.0.13.1-1jpp.1.el5
  • java-1.5.0-ibm-demo-1:1.5.0.13.1-1jpp.1.el5
  • java-1.5.0-ibm-demo-1:1.5.0.13.1-1jpp.2.el6_2
  • java-1.5.0-ibm-devel-1:1.5.0.13.1-1jpp.1.el5
  • java-1.5.0-ibm-devel-1:1.5.0.13.1-1jpp.2.el6_2
  • java-1.5.0-ibm-javacomm-1:1.5.0.13.1-1jpp.1.el5
  • java-1.5.0-ibm-javacomm-1:1.5.0.13.1-1jpp.2.el6_2
  • java-1.5.0-ibm-jdbc-1:1.5.0.13.1-1jpp.1.el5
  • java-1.5.0-ibm-jdbc-1:1.5.0.13.1-1jpp.2.el6_2
  • java-1.5.0-ibm-plugin-1:1.5.0.13.1-1jpp.1.el5
  • java-1.5.0-ibm-plugin-1:1.5.0.13.1-1jpp.2.el6_2
  • java-1.5.0-ibm-src-1:1.5.0.13.1-1jpp.1.el5
  • java-1.5.0-ibm-src-1:1.5.0.13.1-1jpp.2.el6_2
  • java-1.6.0-ibm-1:1.6.0.10.1-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.10.1-1jpp.5.el6_2
  • java-1.6.0-ibm-accessibility-1:1.6.0.10.1-1jpp.1.el5
  • java-1.6.0-ibm-demo-1:1.6.0.10.1-1jpp.1.el5
  • java-1.6.0-ibm-demo-1:1.6.0.10.1-1jpp.5.el6_2
  • java-1.6.0-ibm-devel-1:1.6.0.10.1-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.10.1-1jpp.5.el6_2
  • java-1.6.0-ibm-javacomm-1:1.6.0.10.1-1jpp.1.el5
  • java-1.6.0-ibm-javacomm-1:1.6.0.10.1-1jpp.5.el6_2
  • java-1.6.0-ibm-jdbc-1:1.6.0.10.1-1jpp.1.el5
  • java-1.6.0-ibm-jdbc-1:1.6.0.10.1-1jpp.5.el6_2
  • java-1.6.0-ibm-plugin-1:1.6.0.10.1-1jpp.1.el5
  • java-1.6.0-ibm-plugin-1:1.6.0.10.1-1jpp.5.el6_2
  • java-1.6.0-ibm-src-1:1.6.0.10.1-1jpp.1.el5
  • java-1.6.0-ibm-src-1:1.6.0.10.1-1jpp.5.el6_2
  • java-1.4.2-ibm-0:1.4.2.13.12-1jpp.1.el5_8
  • java-1.4.2-ibm-demo-0:1.4.2.13.12-1jpp.1.el5_8
  • java-1.4.2-ibm-devel-0:1.4.2.13.12-1jpp.1.el5_8
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.12-1jpp.1.el5_8
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.12-1jpp.1.el5_8
  • java-1.4.2-ibm-plugin-0:1.4.2.13.12-1jpp.1.el5_8
  • java-1.4.2-ibm-src-0:1.4.2.13.12-1jpp.1.el5_8
  • java-1.4.2-ibm-sap-0:1.4.2.13.12.sap-1jpp.2.el5
  • java-1.4.2-ibm-sap-demo-0:1.4.2.13.12.sap-1jpp.2.el5
  • java-1.4.2-ibm-sap-devel-0:1.4.2.13.12.sap-1jpp.2.el5
  • java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.12.sap-1jpp.2.el5
  • java-1.4.2-ibm-sap-src-0:1.4.2.13.12.sap-1jpp.2.el5
  • java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9
  • java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4
  • java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9
  • java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4

Seebug

bulletinFamilyexploit
descriptionCVE ID: CVE-2011-3389,CVE-2011-3516,CVE-2011-3521,CVE-2011-3544,CVE-2011-3545,CVE-2011-3546,CVE-2011-3547,CVE-2011-3548,CVE-2011-3549,CVE-2011-3550,CVE-2011-3551,CVE-2011-3552,CVE-2011-3553,CVE-2011-3554,CVE-2011-3556,CVE-2011-3557,CVE-2011-3560,CVE-2011-3561,CVE-2011-3563,CVE-2011-5035,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0501,CVE-2012-0502,CVE-2012-0503,CVE-2012-0505,CVE-2012-0506,CVE-2012-0507,CVE-2012-0732,CVE-2012-2159,CVE-2012-2161 IBM Rational AppScan是应用安全性软件,能够在开发的各个阶段扫描并测试所有常见的Web应用漏洞。 IBM Rational AppScan 8.6之前版本在实现上存在多个漏洞,可被恶意用户利用泄露敏感信息、执行欺骗和XSS攻击、劫持用户会话、对DNS缓存投毒、操作某些数据、造成拒绝服务和控制受影响系统。 0 IBM Rational AppScan 8.x IBM Rational AppScan 7.x 厂商补丁: IBM --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.ers.ibm.com/
idSSV:60220
last seen2017-11-19
modified2012-06-16
published2012-06-16
reporterRoot
titleIBM Rational AppScan 8.x/7.x 多个安全漏洞

References