Vulnerabilities > CVE-2012-5078 - Remote Security vulnerability in Oracle JavaFX

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
oracle
critical
nessus

Summary

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5080. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)"

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-OPENJDK-121023.NASL
    descriptionjava-openjdk was upgraded to version 1.11.5 to fix various security and non-security issues.
    last seen2020-06-05
    modified2013-01-25
    plugin id64169
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64169
    titleSuSE 11.2 Security Update : OpenJDK (SAT Patch Number 6987)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64169);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3216", "CVE-2012-4416", "CVE-2012-4681", "CVE-2012-5067", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5078", "CVE-2012-5079", "CVE-2012-5080", "CVE-2012-5081", "CVE-2012-5082", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089");
    
      script_name(english:"SuSE 11.2 Security Update : OpenJDK (SAT Patch Number 6987)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "java-openjdk was upgraded to version 1.11.5 to fix various security
    and non-security issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=785433"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1531.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1532.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1533.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3143.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3159.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3216.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4416.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4681.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5067.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5068.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5069.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5070.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5071.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5072.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5073.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5074.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5075.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5076.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5077.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5078.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5079.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5080.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5081.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5082.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5083.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5084.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5085.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5086.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5087.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5088.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5089.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6987.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Applet Method Handle Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"java-1_6_0-openjdk-1.6.0.0_b24.1.11.5-0.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.5-0.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.5-0.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"java-1_6_0-openjdk-1.6.0.0_b24.1.11.5-0.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.5-0.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.5-0.2.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_OCT_2012.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 9 / 6 Update 37 / 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by security issues in the following components : - 2D - Beans - Concurrency - Deployment - Hotspot - JAX-WS - JMX - JSSE - Libraries - Networking - Security - Swing
    last seen2020-06-01
    modified2020-06-02
    plugin id62593
    published2012-10-17
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62593
    titleOracle Java SE Multiple Vulnerabilities (October 2012 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(62593);
      script_version("1.18");
      script_cvs_date("Date: 2018/11/15 20:50:28");
    
      script_cve_id(
        "CVE-2012-1531",
        "CVE-2012-1532",
        "CVE-2012-1533",
        "CVE-2012-3143",
        "CVE-2012-3159",
        "CVE-2012-3216",
        "CVE-2012-4416",
        "CVE-2012-5067",
        "CVE-2012-5068",
        "CVE-2012-5069",
        "CVE-2012-5070",
        "CVE-2012-5071",
        "CVE-2012-5072",
        "CVE-2012-5073",
        "CVE-2012-5074",
        "CVE-2012-5075",
        "CVE-2012-5076",
        "CVE-2012-5077",
        "CVE-2012-5078",
        "CVE-2012-5079",
        "CVE-2012-5080",
        "CVE-2012-5081",
        "CVE-2012-5082",
        "CVE-2012-5083",
        "CVE-2012-5084",
        "CVE-2012-5085",
        "CVE-2012-5086",
        "CVE-2012-5087",
        "CVE-2012-5088",
        "CVE-2012-5089"
      );
      script_bugtraq_id(
        55501,
        56025,
        56033,
        56039,
        56043,
        56046,
        56051,
        56054,
        56055,
        56056,
        56057,
        56058,
        56059,
        56061,
        56063,
        56065,
        56066,
        56067,
        56068,
        56070,
        56071,
        56072,
        56075,
        56076,
        56078,
        56079,
        56080,
        56081,
        56082,
        56083
      );
    
      script_name(english:"Oracle Java SE Multiple Vulnerabilities (October 2012 CPU)");
      script_summary(english:"Checks version of the JRE");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a programming platform that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle (formerly Sun) Java SE or Java for Business
    installed on the remote host is earlier than 7 Update 9 / 6 Update 37
    / 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by
    security issues in the following components :
    
      - 2D
      - Beans
      - Concurrency
      - Deployment
      - Hotspot
      - JAX-WS
      - JMX
      - JSSE
      - Libraries
      - Networking
      - Security
      - Swing");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/524506/30/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/524507/30/0/threaded");
      # http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b0eb44d4");
      script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html");
      script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/6u37-relnotes-1863283.html");
      script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/java/eol-135779.html");
      script_set_attribute(attribute:"solution", value:
    "Update to JDK / JRE 7 Update 9 / 6 Update 37, JDK 5.0 Update 38, SDK
    1.4.2_40 or later, and remove, if necessary, any affected versions.
    
    Note that an Extended Support contract with Oracle is needed to obtain
    JDK 5.0 Update 38 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Applet Method Handle Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("sun_java_jre_installed.nasl");
      script_require_keys("SMB/Java/JRE/Installed");
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("SMB/Java/JRE/*");
    
    info = "";
    vuln = 0;
    installed_versions = "";
    
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "SMB/Java/JRE/";
      if (ver !~ "^[0-9.]+") continue;
    
      installed_versions = installed_versions + " & " + ver;
    
      if (
        ver =~ '^1\\.7\\.0_0[0-8]([^0-9]|$)' ||
        ver =~ '^1\\.6\\.0_([0-9]|[0-2][0-9]|3[0-6])([^0-9]|$)' ||
        ver =~ '^1\\.5\\.0_([0-9]|[0-2][0-9]|3[0-7])([^0-9]|$)' ||
        ver =~ '^1\\.4\\.([01]_|2_([0-9]|[0-3][0-9])([^0-9]|$))'
      )
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.7.0_09 / 1.6.0_37 / 1.5.0_38 / 1.4.2_40\n';
      }
    }
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
          info;
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else
    {
      installed_versions = substr(installed_versions, 3);
      if (" & " >< installed_versions)
        exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
      else
        exit(0, "The Java "+installed_versions+" install on the remote host is not affected.");
    }
    
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_OCT_2012_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 9 / 6 Update 37 / 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by security issues in the following components : - 2D - Beans - Concurrency - Deployment - Hotspot - JAX-WS - JMX - JSSE - Libraries - Networking - Security - Swing
    last seen2020-06-01
    modified2020-06-02
    plugin id64849
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64849
    titleOracle Java SE Multiple Vulnerabilities (October 2012 CPU) (Unix)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(64849);
      script_version("1.12");
      script_cvs_date("Date: 2018/11/15 20:50:23");
    
      script_cve_id(
        "CVE-2012-1531",
        "CVE-2012-1532",
        "CVE-2012-1533",
        "CVE-2012-3143",
        "CVE-2012-3159",
        "CVE-2012-3216",
        "CVE-2012-4416",
        "CVE-2012-5067",
        "CVE-2012-5068",
        "CVE-2012-5069",
        "CVE-2012-5070",
        "CVE-2012-5071",
        "CVE-2012-5072",
        "CVE-2012-5073",
        "CVE-2012-5074",
        "CVE-2012-5075",
        "CVE-2012-5076",
        "CVE-2012-5077",
        "CVE-2012-5078",
        "CVE-2012-5079",
        "CVE-2012-5080",
        "CVE-2012-5081",
        "CVE-2012-5082",
        "CVE-2012-5083",
        "CVE-2012-5084",
        "CVE-2012-5085",
        "CVE-2012-5086",
        "CVE-2012-5087",
        "CVE-2012-5088",
        "CVE-2012-5089"
      );
      script_bugtraq_id(
        55501,
        56025,
        56033,
        56039,
        56043,
        56046,
        56051,
        56054,
        56055,
        56056,
        56057,
        56058,
        56059,
        56061,
        56063,
        56065,
        56066,
        56067,
        56068,
        56070,
        56071,
        56072,
        56075,
        56076,
        56078,
        56079,
        56080,
        56081,
        56082,
        56083
      );
    
      script_name(english:"Oracle Java SE Multiple Vulnerabilities (October 2012 CPU) (Unix)");
      script_summary(english:"Checks version of the JRE");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Unix host contains a programming platform that is affected
    by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle (formerly Sun) Java SE or Java for Business
    installed on the remote host is earlier than 7 Update 9 / 6 Update 37
    / 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by
    security issues in the following components :
    
      - 2D
      - Beans
      - Concurrency
      - Deployment
      - Hotspot
      - JAX-WS
      - JMX
      - JSSE
      - Libraries
      - Networking
      - Security
      - Swing");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/524506/30/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/524507/30/0/threaded");
      # http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b0eb44d4");
      script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html");
      script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/6u37-relnotes-1863283.html");
      script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/java/eol-135779.html");
      script_set_attribute(attribute:"solution", value:
    "Update to JDK / JRE 7 Update 9 / 6 Update 37, JDK 5.0 Update 38, SDK
    1.4.2_40 or later and remove, if necessary, any affected versions.
    
    Note that an Extended Support contract with Oracle is needed to obtain
    JDK 5 .0 Update 38 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Applet Method Handle Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"agent", value:"unix");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
    
      script_dependencies("sun_java_jre_installed_unix.nasl");
      script_require_keys("Host/Java/JRE/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*");
    
    info = "";
    vuln = 0;
    vuln2 = 0;
    installed_versions = "";
    granular = "";
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "Host/Java/JRE/Unmanaged/";
      if (ver !~ "^[0-9.]+") continue;
    
      installed_versions = installed_versions + " & " + ver;
    
      if (
        ver =~ '^1\\.7\\.0_0[0-8]([^0-9]|$)' ||
        ver =~ '^1\\.6\\.0_([0-9]|[0-2][0-9]|3[0-6])([^0-9]|$)' ||
        ver =~ '^1\\.5\\.0_([0-9]|[0-2][0-9]|3[0-7])([^0-9]|$)' ||
        ver =~ '^1\\.4\\.([01]_|2_([0-9]|[0-3][0-9])([^0-9]|$))'
      )
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.7.0_09 / 1.6.0_37 / 1.5.0_38 / 1.4.2_40\n';
      }
      else if (ver =~ "^[\d\.]+$")
      {
        dirs = make_list(get_kb_list(install));
        foreach dir (dirs)
          granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n';
      }
      else
      {
        dirs = make_list(get_kb_list(install));
        vuln2 += max_index(dirs);
      }
    
    }
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
          info;
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
      if (granular) exit(0, granular);
    }
    else
    {
      if (granular) exit(0, granular);
    
      installed_versions = substr(installed_versions, 3);
      if (vuln2 > 1)
        exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
      else
        exit(0, "The Java "+installed_versions+" install on the remote host is not affected.");
    }
    
  • NASL familyMisc.
    NASL idVMWARE_ESX_VMSA-2013-0003_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - Java Runtime Environment (JRE) - Network File Copy (NFC) Protocol - OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id89663
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89663
    titleVMware ESX / ESXi NFC and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0003) (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89663);
      script_version("1.12");
      script_cvs_date("Date: 2019/09/24 15:02:54");
    
      script_cve_id(
        "CVE-2012-1531",
        "CVE-2012-1532",
        "CVE-2012-1533",
        "CVE-2012-2110",
        "CVE-2012-3143",
        "CVE-2012-3159",
        "CVE-2012-3216",
        "CVE-2012-4416",
        "CVE-2012-5067",
        "CVE-2012-5068",
        "CVE-2012-5069",
        "CVE-2012-5070",
        "CVE-2012-5071",
        "CVE-2012-5072",
        "CVE-2012-5073",
        "CVE-2012-5074",
        "CVE-2012-5075",
        "CVE-2012-5076",
        "CVE-2012-5077",
        "CVE-2012-5078",
        "CVE-2012-5079",
        "CVE-2012-5080",
        "CVE-2012-5081",
        "CVE-2012-5082",
        "CVE-2012-5083",
        "CVE-2012-5084",
        "CVE-2012-5085",
        "CVE-2012-5086",
        "CVE-2012-5087",
        "CVE-2012-5088",
        "CVE-2012-5089",
        "CVE-2013-1659"
      );
      script_bugtraq_id(
        53158, 
        55501, 
        56025, 
        56033, 
        56039, 
        56043, 
        56046, 
        56051, 
        56054, 
        56055, 
        56056, 
        56057, 
        56058, 
        56059, 
        56061, 
        56063, 
        56065, 
        56066, 
        56067, 
        56068, 
        56070, 
        56071, 
        56072, 
        56075, 
        56076, 
        56078, 
        56079, 
        56080, 
        56081, 
        56082, 
        56083, 
        58115
      );
      script_xref(name:"VMSA", value:"2013-0003");
    
      script_name(english:"VMware ESX / ESXi NFC and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0003) (remote check)");
      script_summary(english:"Checks the version and build numbers of the remote host.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESX / ESXi host is missing a security-related patch.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESX / ESXi host is missing a security-related patch.
    It is, therefore, affected by multiple vulnerabilities, including
    remote code execution vulnerabilities, in several components and
    third-party libraries :
    
      - Java Runtime Environment (JRE)
      - Network File Copy (NFC) Protocol
      - OpenSSL");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0003.html");
      # http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b0eb44d4");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the vendor advisory that
    pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 /
    4.1.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1531");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Applet Method Handle Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
      script_require_ports("Host/VMware/vsphere");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    ver   = get_kb_item_or_exit("Host/VMware/version");
    rel   = get_kb_item_or_exit("Host/VMware/release");
    port  = get_kb_item_or_exit("Host/VMware/vsphere");
    esx   = '';
    build = 0;
    fix   = FALSE;
    
    if ("ESX" >!< rel)
      audit(AUDIT_OS_NOT, "VMware ESX/ESXi");
    
    extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
    if (empty_or_null(extract))
      audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");
    
    esx = extract[1];
    ver = extract[2];
    
    extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);
    if (isnull(extract))
      audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver);
    
    build = int(extract[1]);
    
    fixes = make_array(
        "4.1", 874690,
        "4.0", 989856,
        "3.5", 988599
    );
    
    fix = fixes[ver];
    
    if (!fix)
      audit(AUDIT_INST_VER_NOT_VULN, esx, ver, build);
    
    if (build < fix)
    {
      report = '\n  Version         : ' + esx + " " + ver +
               '\n  Installed build : ' + build +
               '\n  Fixed build     : ' + fix +
               '\n';
      security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);
      exit(0);
    }
    else
      audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
    

Oval

accepted2013-06-03T04:02:52.820-04:00
classvulnerability
contributors
nameSergey Artykhov
organizationALTX-SOFT
definition_extensions
commentJavaFX 2.x is installed
ovaloval:org.mitre.oval:def:16479
descriptionUnspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
familywindows
idoval:org.mitre.oval:def:16308
statusaccepted
submitted2013-04-17T10:26:26.748+04:00
titleUnspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
version4