Vulnerabilities > CVE-2012-5067 - Unspecified vulnerability in Oracle JDK and JRE

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
oracle
nessus
exploit available
metasploit

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.

Vulnerable Configurations

Part Description Count
Application
Oracle
20

Exploit-Db

descriptionJava Applet JAX-WS Remote Code Execution. CVE-2012-5067,CVE-2012-5076. Remote exploits for multiple platform
idEDB-ID:22657
last seen2016-02-02
modified2012-11-13
published2012-11-13
reportermetasploit
sourcehttps://www.exploit-db.com/download/22657/
titleJava Applet JAX-WS Remote Code Execution

Metasploit

descriptionThis module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.
idMSF:EXPLOIT/MULTI/BROWSER/JAVA_JRE17_JAXWS
last seen2020-05-11
modified2017-07-24
published2012-11-11
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/java_jre17_jaxws.rb
titleJava Applet JAX-WS Remote Code Execution

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-OPENJDK-121023.NASL
    descriptionjava-openjdk was upgraded to version 1.11.5 to fix various security and non-security issues.
    last seen2020-06-05
    modified2013-01-25
    plugin id64169
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64169
    titleSuSE 11.2 Security Update : OpenJDK (SAT Patch Number 6987)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64169);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-4681", "CVE-2012-5067", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5078", "CVE-2012-5079", "CVE-2012-5080", "CVE-2012-5081", "CVE-2012-5082", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089");
    
      script_name(english:"SuSE 11.2 Security Update : OpenJDK (SAT Patch Number 6987)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "java-openjdk was upgraded to version 1.11.5 to fix various security
    and non-security issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=785433"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1531.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1532.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1533.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3143.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3159.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3216.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4416.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4681.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5067.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5068.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5069.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5070.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5071.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5072.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5073.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5074.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5075.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5076.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5077.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5078.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5079.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5080.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5081.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5082.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5083.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5084.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5085.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5086.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5087.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5088.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5089.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6987.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Applet Method Handle Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"java-1_6_0-openjdk-1.6.0.0_b24.1.11.5-0.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.5-0.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.5-0.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"java-1_6_0-openjdk-1.6.0.0_b24.1.11.5-0.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.5-0.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.5-0.2.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_OCT_2012.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 9 / 6 Update 37 / 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by security issues in the following components : - 2D - Beans - Concurrency - Deployment - Hotspot - JAX-WS - JMX - JSSE - Libraries - Networking - Security - Swing
    last seen2020-06-01
    modified2020-06-02
    plugin id62593
    published2012-10-17
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62593
    titleOracle Java SE Multiple Vulnerabilities (October 2012 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(62593);
      script_version("1.18");
      script_cvs_date("Date: 2018/11/15 20:50:28");
    
      script_cve_id(
        "CVE-2012-1531",
        "CVE-2012-1532",
        "CVE-2012-1533",
        "CVE-2012-3143",
        "CVE-2012-3159",
        "CVE-2012-3216",
        "CVE-2012-4416",
        "CVE-2012-5067",
        "CVE-2012-5068",
        "CVE-2012-5069",
        "CVE-2012-5070",
        "CVE-2012-5071",
        "CVE-2012-5072",
        "CVE-2012-5073",
        "CVE-2012-5074",
        "CVE-2012-5075",
        "CVE-2012-5076",
        "CVE-2012-5077",
        "CVE-2012-5078",
        "CVE-2012-5079",
        "CVE-2012-5080",
        "CVE-2012-5081",
        "CVE-2012-5082",
        "CVE-2012-5083",
        "CVE-2012-5084",
        "CVE-2012-5085",
        "CVE-2012-5086",
        "CVE-2012-5087",
        "CVE-2012-5088",
        "CVE-2012-5089"
      );
      script_bugtraq_id(
        55501,
        56025,
        56033,
        56039,
        56043,
        56046,
        56051,
        56054,
        56055,
        56056,
        56057,
        56058,
        56059,
        56061,
        56063,
        56065,
        56066,
        56067,
        56068,
        56070,
        56071,
        56072,
        56075,
        56076,
        56078,
        56079,
        56080,
        56081,
        56082,
        56083
      );
    
      script_name(english:"Oracle Java SE Multiple Vulnerabilities (October 2012 CPU)");
      script_summary(english:"Checks version of the JRE");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a programming platform that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle (formerly Sun) Java SE or Java for Business
    installed on the remote host is earlier than 7 Update 9 / 6 Update 37
    / 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by
    security issues in the following components :
    
      - 2D
      - Beans
      - Concurrency
      - Deployment
      - Hotspot
      - JAX-WS
      - JMX
      - JSSE
      - Libraries
      - Networking
      - Security
      - Swing");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/524506/30/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/524507/30/0/threaded");
      # http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b0eb44d4");
      script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html");
      script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/6u37-relnotes-1863283.html");
      script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/java/eol-135779.html");
      script_set_attribute(attribute:"solution", value:
    "Update to JDK / JRE 7 Update 9 / 6 Update 37, JDK 5.0 Update 38, SDK
    1.4.2_40 or later, and remove, if necessary, any affected versions.
    
    Note that an Extended Support contract with Oracle is needed to obtain
    JDK 5.0 Update 38 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Applet Method Handle Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("sun_java_jre_installed.nasl");
      script_require_keys("SMB/Java/JRE/Installed");
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("SMB/Java/JRE/*");
    
    info = "";
    vuln = 0;
    installed_versions = "";
    
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "SMB/Java/JRE/";
      if (ver !~ "^[0-9.]+") continue;
    
      installed_versions = installed_versions + " & " + ver;
    
      if (
        ver =~ '^1\\.7\\.0_0[0-8]([^0-9]|$)' ||
        ver =~ '^1\\.6\\.0_([0-9]|[0-2][0-9]|3[0-6])([^0-9]|$)' ||
        ver =~ '^1\\.5\\.0_([0-9]|[0-2][0-9]|3[0-7])([^0-9]|$)' ||
        ver =~ '^1\\.4\\.([01]_|2_([0-9]|[0-3][0-9])([^0-9]|$))'
      )
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.7.0_09 / 1.6.0_37 / 1.5.0_38 / 1.4.2_40\n';
      }
    }
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
          info;
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else
    {
      installed_versions = substr(installed_versions, 3);
      if (" & " >< installed_versions)
        exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
      else
        exit(0, "The Java "+installed_versions+" install on the remote host is not affected.");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201401-30.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id72139
    published2014-01-27
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72139
    titleGLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201401-30.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72139);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/12 17:35:38");
    
      script_cve_id("CVE-2011-3563", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0498", "CVE-2012-0499", "CVE-2012-0500", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0504", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507", "CVE-2012-0547", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-1541", "CVE-2012-1682", "CVE-2012-1711", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-1717", "CVE-2012-1718", "CVE-2012-1719", "CVE-2012-1721", "CVE-2012-1722", "CVE-2012-1723", "CVE-2012-1724", "CVE-2012-1725", "CVE-2012-1726", "CVE-2012-3136", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3174", "CVE-2012-3213", "CVE-2012-3216", "CVE-2012-3342", "CVE-2012-4416", "CVE-2012-4681", "CVE-2012-5067", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089", "CVE-2013-0169", "CVE-2013-0351", "CVE-2013-0401", "CVE-2013-0402", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0422", "CVE-2013-0423", "CVE-2013-0430", "CVE-2013-0437", "CVE-2013-0438", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0448", "CVE-2013-0449", "CVE-2013-0809", "CVE-2013-1473", "CVE-2013-1479", "CVE-2013-1481", "CVE-2013-1484", "CVE-2013-1485", "CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1488", "CVE-2013-1491", "CVE-2013-1493", "CVE-2013-1500", "CVE-2013-1518", "CVE-2013-1537", "CVE-2013-1540", "CVE-2013-1557", "CVE-2013-1558", "CVE-2013-1561", "CVE-2013-1563", "CVE-2013-1564", "CVE-2013-1569", "CVE-2013-1571", "CVE-2013-2383", "CVE-2013-2384", "CVE-2013-2394", "CVE-2013-2400", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2414", "CVE-2013-2415", "CVE-2013-2416", "CVE-2013-2417", "CVE-2013-2418", "CVE-2013-2419", "CVE-2013-2420", "CVE-2013-2421", "CVE-2013-2422", "CVE-2013-2423", "CVE-2013-2424", "CVE-2013-2425", "CVE-2013-2426", "CVE-2013-2427", "CVE-2013-2428", "CVE-2013-2429", "CVE-2013-2430", "CVE-2013-2431", "CVE-2013-2432", "CVE-2013-2433", "CVE-2013-2434", "CVE-2013-2435", "CVE-2013-2436", "CVE-2013-2437", "CVE-2013-2438", "CVE-2013-2439", "CVE-2013-2440", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2445", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2449", "CVE-2013-2450", "CVE-2013-2451", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2460", "CVE-2013-2461", "CVE-2013-2462", "CVE-2013-2463", "CVE-2013-2464", "CVE-2013-2465", "CVE-2013-2466", "CVE-2013-2467", "CVE-2013-2468", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3743", "CVE-2013-3744", "CVE-2013-3829", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5775", "CVE-2013-5776", "CVE-2013-5777", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5788", "CVE-2013-5789", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5800", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5805", "CVE-2013-5806", "CVE-2013-5809", "CVE-2013-5810", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5844", "CVE-2013-5846", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851", "CVE-2013-5852", "CVE-2013-5854", "CVE-2013-5870", "CVE-2013-5878", "CVE-2013-5887", "CVE-2013-5888", "CVE-2013-5889", "CVE-2013-5893", "CVE-2013-5895", "CVE-2013-5896", "CVE-2013-5898", "CVE-2013-5899", "CVE-2013-5902", "CVE-2013-5904", "CVE-2013-5905", "CVE-2013-5906", "CVE-2013-5907", "CVE-2013-5910", "CVE-2014-0368", "CVE-2014-0373", "CVE-2014-0375", "CVE-2014-0376", "CVE-2014-0382", "CVE-2014-0385", "CVE-2014-0387", "CVE-2014-0403", "CVE-2014-0408", "CVE-2014-0410", "CVE-2014-0411", "CVE-2014-0415", "CVE-2014-0416", "CVE-2014-0417", "CVE-2014-0418", "CVE-2014-0422", "CVE-2014-0423", "CVE-2014-0424", "CVE-2014-0428");
      script_bugtraq_id(51194, 52009, 52011, 52012, 52013, 52014, 52015, 52016, 52017, 52018, 52019, 52020, 52161, 53946, 53947, 53948, 53949, 53950, 53951, 53952, 53953, 53954, 53958, 53959, 53960, 55213, 55336, 55337, 55339, 55501, 56025, 56033, 56039, 56043, 56046, 56051, 56054, 56055, 56056, 56057, 56058, 56059, 56061, 56063, 56065, 56067, 56070, 56071, 56072, 56075, 56076, 56079, 56080, 56081, 56082, 56083, 57246, 57312, 57681, 57689, 57697, 57699, 57700, 57704, 57706, 57708, 57714, 57716, 57717, 57718, 57720, 57722, 57723, 57728, 57731, 57778, 58027, 58028, 58029, 58031, 58238, 58296, 58397, 58493, 58504, 58507, 59088, 59089, 59124, 59128, 59131, 59137, 59141, 59145, 59149, 59153, 59154, 59159, 59162, 59165, 59166, 59167, 59170, 59172, 59175, 59178, 59179, 59184, 59185, 59187, 59190, 59191, 59194, 59195, 59203, 59206, 59208, 59212, 59213, 59219, 59220, 59228, 59234, 59243, 60617, 60618, 60619, 60620, 60621, 60622, 60623, 60624, 60625, 60626, 60627, 60629, 60630, 60631, 60632, 60633, 60634, 60635, 60636, 60637, 60638, 60639, 60640, 60641, 60643, 60644, 60645, 60646, 60647, 60649, 60650, 60651, 60652, 60653, 60654, 60655, 60656, 60657, 60658, 60659, 63079, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63112, 63115, 63118, 63120, 63121, 63122, 63124, 63126, 63127, 63128, 63129, 63130, 63131, 63132, 63133, 63134, 63135, 63136, 63137, 63139, 63140, 63141, 63142, 63143, 63144, 63145, 63146, 63147, 63148, 63149, 63150, 63151, 63152, 63153, 63154, 63155, 63156, 63157, 63158, 64863, 64875, 64882, 64890, 64894, 64899, 64901, 64903, 64906, 64907, 64910, 64912, 64914, 64915, 64916, 64917, 64918, 64919, 64920, 64921, 64922, 64923, 64925, 64926, 64927, 64928, 64929, 64930, 64931, 64932, 64933, 64934, 64935, 64936, 64937);
      script_xref(name:"GLSA", value:"201401-30");
    
      script_name(english:"GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201401-30
    (Oracle JRE/JDK: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been reported in the Oracle Java
          implementation. Please review the CVE identifiers referenced below for
          details.
      
    Impact :
    
        An unauthenticated, remote attacker could exploit these vulnerabilities
          to execute arbitrary code.
          Furthermore, a local or remote attacker could exploit these
          vulnerabilities to cause unspecified impact, possibly including remote
          execution of arbitrary code.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201401-30"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Oracle JDK 1.7 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=dev-java/oracle-jdk-bin-1.7.0.51'
        All Oracle JRE 1.7 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=dev-java/oracle-jre-bin-1.7.0.51'
        All users of the precompiled 32-bit Oracle JRE should upgrade to the
          latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=app-emulation/emul-linux-x86-java-1.7.0.51'
        All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one
          of the newer Oracle packages like dev-java/oracle-jdk-bin or
          dev-java/oracle-jre-bin or choose another alternative we provide; eg. the
          IBM JDK/JRE or the open source IcedTea.
        NOTE: As Oracle has revoked the DLJ license for its Java implementation,
          the packages can no longer be updated automatically."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:emul-linux-x86-java");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:oracle-jdk-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:oracle-jre-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:sun-jdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:sun-jre-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/27");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-java/sun-jre-bin", unaffected:make_list(), vulnerable:make_list("le 1.6.0.45"))) flag++;
    if (qpkg_check(package:"dev-java/oracle-jre-bin", unaffected:make_list("ge 1.7.0.51"), vulnerable:make_list("lt 1.7.0.51"))) flag++;
    if (qpkg_check(package:"dev-java/oracle-jdk-bin", unaffected:make_list("ge 1.7.0.51"), vulnerable:make_list("lt 1.7.0.51"))) flag++;
    if (qpkg_check(package:"dev-java/sun-jdk", unaffected:make_list(), vulnerable:make_list("le 1.6.0.45"))) flag++;
    if (qpkg_check(package:"app-emulation/emul-linux-x86-java", unaffected:make_list("ge 1.7.0.51"), vulnerable:make_list("lt 1.7.0.51"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Oracle JRE/JDK");
    }
    
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_OCT_2012_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 9 / 6 Update 37 / 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by security issues in the following components : - 2D - Beans - Concurrency - Deployment - Hotspot - JAX-WS - JMX - JSSE - Libraries - Networking - Security - Swing
    last seen2020-06-01
    modified2020-06-02
    plugin id64849
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64849
    titleOracle Java SE Multiple Vulnerabilities (October 2012 CPU) (Unix)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(64849);
      script_version("1.12");
      script_cvs_date("Date: 2018/11/15 20:50:23");
    
      script_cve_id(
        "CVE-2012-1531",
        "CVE-2012-1532",
        "CVE-2012-1533",
        "CVE-2012-3143",
        "CVE-2012-3159",
        "CVE-2012-3216",
        "CVE-2012-4416",
        "CVE-2012-5067",
        "CVE-2012-5068",
        "CVE-2012-5069",
        "CVE-2012-5070",
        "CVE-2012-5071",
        "CVE-2012-5072",
        "CVE-2012-5073",
        "CVE-2012-5074",
        "CVE-2012-5075",
        "CVE-2012-5076",
        "CVE-2012-5077",
        "CVE-2012-5078",
        "CVE-2012-5079",
        "CVE-2012-5080",
        "CVE-2012-5081",
        "CVE-2012-5082",
        "CVE-2012-5083",
        "CVE-2012-5084",
        "CVE-2012-5085",
        "CVE-2012-5086",
        "CVE-2012-5087",
        "CVE-2012-5088",
        "CVE-2012-5089"
      );
      script_bugtraq_id(
        55501,
        56025,
        56033,
        56039,
        56043,
        56046,
        56051,
        56054,
        56055,
        56056,
        56057,
        56058,
        56059,
        56061,
        56063,
        56065,
        56066,
        56067,
        56068,
        56070,
        56071,
        56072,
        56075,
        56076,
        56078,
        56079,
        56080,
        56081,
        56082,
        56083
      );
    
      script_name(english:"Oracle Java SE Multiple Vulnerabilities (October 2012 CPU) (Unix)");
      script_summary(english:"Checks version of the JRE");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Unix host contains a programming platform that is affected
    by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle (formerly Sun) Java SE or Java for Business
    installed on the remote host is earlier than 7 Update 9 / 6 Update 37
    / 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by
    security issues in the following components :
    
      - 2D
      - Beans
      - Concurrency
      - Deployment
      - Hotspot
      - JAX-WS
      - JMX
      - JSSE
      - Libraries
      - Networking
      - Security
      - Swing");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/524506/30/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/524507/30/0/threaded");
      # http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b0eb44d4");
      script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html");
      script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/6u37-relnotes-1863283.html");
      script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/java/eol-135779.html");
      script_set_attribute(attribute:"solution", value:
    "Update to JDK / JRE 7 Update 9 / 6 Update 37, JDK 5.0 Update 38, SDK
    1.4.2_40 or later and remove, if necessary, any affected versions.
    
    Note that an Extended Support contract with Oracle is needed to obtain
    JDK 5 .0 Update 38 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Applet Method Handle Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"agent", value:"unix");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
    
      script_dependencies("sun_java_jre_installed_unix.nasl");
      script_require_keys("Host/Java/JRE/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*");
    
    info = "";
    vuln = 0;
    vuln2 = 0;
    installed_versions = "";
    granular = "";
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "Host/Java/JRE/Unmanaged/";
      if (ver !~ "^[0-9.]+") continue;
    
      installed_versions = installed_versions + " & " + ver;
    
      if (
        ver =~ '^1\\.7\\.0_0[0-8]([^0-9]|$)' ||
        ver =~ '^1\\.6\\.0_([0-9]|[0-2][0-9]|3[0-6])([^0-9]|$)' ||
        ver =~ '^1\\.5\\.0_([0-9]|[0-2][0-9]|3[0-7])([^0-9]|$)' ||
        ver =~ '^1\\.4\\.([01]_|2_([0-9]|[0-3][0-9])([^0-9]|$))'
      )
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.7.0_09 / 1.6.0_37 / 1.5.0_38 / 1.4.2_40\n';
      }
      else if (ver =~ "^[\d\.]+$")
      {
        dirs = make_list(get_kb_list(install));
        foreach dir (dirs)
          granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n';
      }
      else
      {
        dirs = make_list(get_kb_list(install));
        vuln2 += max_index(dirs);
      }
    
    }
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
          info;
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
      if (granular) exit(0, granular);
    }
    else
    {
      if (granular) exit(0, granular);
    
      installed_versions = substr(installed_versions, 3);
      if (vuln2 > 1)
        exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
      else
        exit(0, "The Java "+installed_versions+" install on the remote host is not affected.");
    }
    
  • NASL familyMisc.
    NASL idVMWARE_ESX_VMSA-2013-0003_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - Java Runtime Environment (JRE) - Network File Copy (NFC) Protocol - OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id89663
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89663
    titleVMware ESX / ESXi NFC and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0003) (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89663);
      script_version("1.12");
      script_cvs_date("Date: 2019/09/24 15:02:54");
    
      script_cve_id(
        "CVE-2012-1531",
        "CVE-2012-1532",
        "CVE-2012-1533",
        "CVE-2012-2110",
        "CVE-2012-3143",
        "CVE-2012-3159",
        "CVE-2012-3216",
        "CVE-2012-4416",
        "CVE-2012-5067",
        "CVE-2012-5068",
        "CVE-2012-5069",
        "CVE-2012-5070",
        "CVE-2012-5071",
        "CVE-2012-5072",
        "CVE-2012-5073",
        "CVE-2012-5074",
        "CVE-2012-5075",
        "CVE-2012-5076",
        "CVE-2012-5077",
        "CVE-2012-5078",
        "CVE-2012-5079",
        "CVE-2012-5080",
        "CVE-2012-5081",
        "CVE-2012-5082",
        "CVE-2012-5083",
        "CVE-2012-5084",
        "CVE-2012-5085",
        "CVE-2012-5086",
        "CVE-2012-5087",
        "CVE-2012-5088",
        "CVE-2012-5089",
        "CVE-2013-1659"
      );
      script_bugtraq_id(
        53158, 
        55501, 
        56025, 
        56033, 
        56039, 
        56043, 
        56046, 
        56051, 
        56054, 
        56055, 
        56056, 
        56057, 
        56058, 
        56059, 
        56061, 
        56063, 
        56065, 
        56066, 
        56067, 
        56068, 
        56070, 
        56071, 
        56072, 
        56075, 
        56076, 
        56078, 
        56079, 
        56080, 
        56081, 
        56082, 
        56083, 
        58115
      );
      script_xref(name:"VMSA", value:"2013-0003");
    
      script_name(english:"VMware ESX / ESXi NFC and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0003) (remote check)");
      script_summary(english:"Checks the version and build numbers of the remote host.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESX / ESXi host is missing a security-related patch.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESX / ESXi host is missing a security-related patch.
    It is, therefore, affected by multiple vulnerabilities, including
    remote code execution vulnerabilities, in several components and
    third-party libraries :
    
      - Java Runtime Environment (JRE)
      - Network File Copy (NFC) Protocol
      - OpenSSL");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0003.html");
      # http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b0eb44d4");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the vendor advisory that
    pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 /
    4.1.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1531");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Applet Method Handle Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
      script_require_ports("Host/VMware/vsphere");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    ver   = get_kb_item_or_exit("Host/VMware/version");
    rel   = get_kb_item_or_exit("Host/VMware/release");
    port  = get_kb_item_or_exit("Host/VMware/vsphere");
    esx   = '';
    build = 0;
    fix   = FALSE;
    
    if ("ESX" >!< rel)
      audit(AUDIT_OS_NOT, "VMware ESX/ESXi");
    
    extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
    if (empty_or_null(extract))
      audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");
    
    esx = extract[1];
    ver = extract[2];
    
    extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);
    if (isnull(extract))
      audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver);
    
    build = int(extract[1]);
    
    fixes = make_array(
        "4.1", 874690,
        "4.0", 989856,
        "3.5", 988599
    );
    
    fix = fixes[ver];
    
    if (!fix)
      audit(AUDIT_INST_VER_NOT_VULN, esx, ver, build);
    
    if (build < fix)
    {
      report = '\n  Version         : ' + esx + " " + ver +
               '\n  Installed build : ' + build +
               '\n  Fixed build     : ' + fix +
               '\n';
      security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);
      exit(0);
    }
    else
      audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_7_0-IBM-121113.NASL
    descriptionIBM Java 1.7.0 has been updated to SR3 which fixes bugs and security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/ CVEs fixed: CVE-2012-3159 / CVE-2012-3216 / CVE-2012-5070 / CVE-2012-5067 / CVE-2012-3143 / CVE-2012-5076 / CVE-2012-5077 / CVE-2012-5073 / CVE-2012-5074 / CVE-2012-5075 / CVE-2012-5083 / CVE-2012-5083 / CVE-2012-5072 / CVE-2012-1531 / CVE-2012-5081 / CVE-2012-1532 / CVE-2012-1533 / CVE-2012-5069 / CVE-2012-5071 / CVE-2012-5084 / CVE-2012-5087 / CVE-2012-5086 / CVE-2012-5079 / CVE-2012-5088 / CVE-2012-5089
    last seen2020-06-05
    modified2013-01-25
    plugin id64171
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64171
    titleSuSE 11.2 Security Update : IBM Java 1.7.0 (SAT Patch Number 7046)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64171);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-5067", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089");
    
      script_name(english:"SuSE 11.2 Security Update : IBM Java 1.7.0 (SAT Patch Number 7046)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "IBM Java 1.7.0 has been updated to SR3 which fixes bugs and security
    issues.
    
    More information can be found on :
    
    http://www.ibm.com/developerworks/java/jdk/alerts/
    
    CVEs fixed: CVE-2012-3159 / CVE-2012-3216 / CVE-2012-5070 /
    CVE-2012-5067 / CVE-2012-3143 / CVE-2012-5076 / CVE-2012-5077 /
    CVE-2012-5073 / CVE-2012-5074 / CVE-2012-5075 / CVE-2012-5083 /
    CVE-2012-5083 / CVE-2012-5072 / CVE-2012-1531 / CVE-2012-5081 /
    CVE-2012-1532 / CVE-2012-1533 / CVE-2012-5069 / CVE-2012-5071 /
    CVE-2012-5084 / CVE-2012-5087 / CVE-2012-5086 / CVE-2012-5079 /
    CVE-2012-5088 / CVE-2012-5089"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=788750"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1531.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1532.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1533.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3143.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3159.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3216.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5067.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5069.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5070.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5071.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5072.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5073.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5074.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5075.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5076.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5077.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5079.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5081.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5083.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5084.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5086.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5087.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5088.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5089.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7046.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Applet Method Handle Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/11/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:2, reference:"java-1_7_0-ibm-1.7.0_sr3.0-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"java-1_7_0-ibm-jdbc-1.7.0_sr3.0-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"java-1_7_0-ibm-alsa-1.7.0_sr3.0-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"java-1_7_0-ibm-plugin-1.7.0_sr3.0-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"java-1_7_0-ibm-plugin-1.7.0_sr3.0-0.5.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1467.NASL
    descriptionUpdated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1718, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823, CVE-2012-5067, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR3 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id62932
    published2012-11-16
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62932
    titleRHEL 6 : java-1.7.0-ibm (RHSA-2012:1467) (ROBOT)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1619-1.NASL
    descriptionSeveral information disclosure vulnerabilities were discovered in the OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075, CVE-2012-5077, CVE-2012-5085) Vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5089) Information disclosure vulnerabilities were discovered in the OpenJDK JRE. These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070) Vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2012-5073, CVE-2012-5079) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. This issue only affected Ubuntu 12.10. (CVE-2012-5074) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. These issues only affected Ubuntu 12.10. (CVE-2012-5076, CVE-2012-5087, CVE-2012-5088) A denial of service vulnerability was found in OpenJDK. (CVE-2012-5081) Please see the following for more information: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-15159 24.html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62709
    published2012-10-26
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62709
    titleUbuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1619-1) (ROBOT)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2012-1489-2.NASL
    descriptionIBM Java 1.7.0 has been updated to SR3 which fixes bugs and security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/ CVEs fixed: CVE-2012-3159, CVE-2012-3216, CVE-2012-5070, CVE-2012-5067, CVE-2012-3143, CVE-2012-5076, CVE-2012-5077, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5083, CVE-2012-5083, CVE-2012-5072, CVE-2012-1531, CVE-2012-5081, CVE-2012-1532, CVE-2012-1533, CVE-2012-5069, CVE-2012-5071, CVE-2012-5084, CVE-2012-5087, CVE-2012-5086, CVE-2012-5079, CVE-2012-5088, CVE-2012-5089 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-05-20
    plugin id83567
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83567
    titleSUSE SLES11 Security Update : IBM Java 1.7.0 (SUSE-SU-2012:1489-2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1391.NASL
    descriptionUpdated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5067, CVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 9. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id62635
    published2012-10-19
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62635
    titleRHEL 6 : java-1.7.0-oracle (RHSA-2012:1391)

Oval

accepted2013-06-03T04:02:44.458-04:00
classvulnerability
contributors
nameSergey Artykhov
organizationALTX-SOFT
definition_extensions
commentJava SE Runtime Environment 7 is installed
ovaloval:org.mitre.oval:def:16050
descriptionUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
familywindows
idoval:org.mitre.oval:def:16055
statusaccepted
submitted2013-04-17T10:26:26.748+04:00
titleUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
version4

Redhat

advisories
  • rhsa
    idRHSA-2012:1391
  • rhsa
    idRHSA-2012:1467
rpms
  • java-1.7.0-oracle-1:1.7.0.9-1jpp.3.el6_3
  • java-1.7.0-oracle-devel-1:1.7.0.9-1jpp.3.el6_3
  • java-1.7.0-oracle-javafx-1:1.7.0.9-1jpp.3.el6_3
  • java-1.7.0-oracle-jdbc-1:1.7.0.9-1jpp.3.el6_3
  • java-1.7.0-oracle-plugin-1:1.7.0.9-1jpp.3.el6_3
  • java-1.7.0-oracle-src-1:1.7.0.9-1jpp.3.el6_3
  • java-1.7.0-ibm-1:1.7.0.3.0-1jpp.2.el6_3
  • java-1.7.0-ibm-demo-1:1.7.0.3.0-1jpp.2.el6_3
  • java-1.7.0-ibm-devel-1:1.7.0.3.0-1jpp.2.el6_3
  • java-1.7.0-ibm-jdbc-1:1.7.0.3.0-1jpp.2.el6_3
  • java-1.7.0-ibm-plugin-1:1.7.0.3.0-1jpp.2.el6_3
  • java-1.7.0-ibm-src-1:1.7.0.3.0-1jpp.2.el6_3

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:76456
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-76456
titleJava Applet JAX-WS Remote Code Execution