Vulnerabilities > CVE-2014-4265 - Unspecified vulnerability in Oracle JDK and JRE

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
oracle
nessus

Summary

Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.

Vulnerable Configurations

Part Description Count
Application
Oracle
6

Nessus

  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_JUL_2014.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 11, 7 Update 65, 6 Update 81, or 5 Update 71. It is, therefore, affected by security issues in the following components : - Deployment - Hotspot - JavaFX - JMX - Libraries - Security - Serviceability - Swing
    last seen2020-06-01
    modified2020-06-02
    plugin id76532
    published2014-07-16
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76532
    titleOracle Java SE Multiple Vulnerabilities (July 2014 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76532);
      script_version("1.9");
      script_cvs_date("Date: 2019/11/26");
    
      script_cve_id(
        "CVE-2014-2483",
        "CVE-2014-2490",
        "CVE-2014-4208",
        "CVE-2014-4209",
        "CVE-2014-4216",
        "CVE-2014-4218",
        "CVE-2014-4219",
        "CVE-2014-4220",
        "CVE-2014-4221",
        "CVE-2014-4223",
        "CVE-2014-4227",
        "CVE-2014-4244",
        "CVE-2014-4247",
        "CVE-2014-4252",
        "CVE-2014-4262",
        "CVE-2014-4263",
        "CVE-2014-4264",
        "CVE-2014-4265",
        "CVE-2014-4266",
        "CVE-2014-4268"
      );
    
      script_name(english:"Oracle Java SE Multiple Vulnerabilities (July 2014 CPU)");
      script_summary(english:"Checks the version of the JRE.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a programming platform that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle (formerly Sun) Java SE or Java for Business
    installed on the remote host is prior to 8 Update 11, 7 Update 65, 6
    Update 81, or 5 Update 71. It is, therefore, affected by security
    issues in the following components :
    
      - Deployment
      - Hotspot
      - JavaFX
      - JMX
      - Libraries
      - Security
      - Serviceability
      - Swing");
      # http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4743a1ef");
      # http://www.oracle.com/technetwork/java/javase/8u11-relnotes-2232915.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?81911044");
      # https://www.oracle.com/technetwork/java/javase/7u55-relnotes-2177812.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?39cb260f");
      # http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?726f7054");
      # https://www.oracle.com/technetwork/java/javase/documentation/overview-137139.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?84f3023c");
      script_set_attribute(attribute:"solution", value:
    "Update to JDK / JRE 8 Update 11, 7 Update 65, 6 Update 81, or 5 Update
    71 or later and, if necessary, remove any affected versions.
    
    Note that an extended support contract with Oracle is needed to obtain
    JDK / JRE 5 Update 71 or later or 6 Update 81 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("sun_java_jre_installed.nasl");
      script_require_keys("SMB/Java/JRE/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("SMB/Java/JRE/*");
    
    info = "";
    unaffected = make_list();
    vuln = 0;
    
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "SMB/Java/JRE/";
      if (ver !~ "^[0-9.]+") continue;
    
      # Fixes : (JDK|JRE) 8 Update 11 / 7 Update 65 / 6 Update 81 / 5 Update 71
      if (
        ver =~ '^1\\.5\\.0_(0[0-9]|[0-6][0-9]|70)([^0-9]|$)' ||
        ver =~ '^1\\.6\\.0_(0[0-9]|[0-7][0-9]|80)([^0-9]|$)' ||
        ver =~ '^1\\.7\\.0_(0[0-9]|[0-5][0-9]|6[0-4])([^0-9]|$)' ||
        ver =~ '^1\\.8\\.0_(0[0-9]|10)([^0-9]|$)'
      )
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.5.0_71 / 1.6.0_81 / 1.7.0_65 / 1.8.0_11\n';
      }
      else
        unaffected = make_list(unaffected, ver);
    }
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' + 'The following vulnerable instance'+s+' installed on the' +
          '\n' + 'remote host :' +
          '\n' + 
          info;
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else
      audit(AUDIT_INST_VER_NOT_VULN, "Oracle Java", unaffected);
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201502-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201502-12 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Oracle’s Java SE Development Kit and Runtime Environment. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, disclose, update, insert, or delete certain data. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id81370
    published2015-02-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81370
    titleGLSA-201502-12 : Oracle JRE/JDK: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201502-12.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81370);
      script_version("1.4");
      script_cvs_date("Date: 2019/08/12 17:35:38");
    
      script_cve_id("CVE-2014-0429", "CVE-2014-0432", "CVE-2014-0446", "CVE-2014-0448", "CVE-2014-0449", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-0463", "CVE-2014-0464", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2409", "CVE-2014-2410", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2420", "CVE-2014-2421", "CVE-2014-2422", "CVE-2014-2423", "CVE-2014-2427", "CVE-2014-2428", "CVE-2014-2483", "CVE-2014-2490", "CVE-2014-4208", "CVE-2014-4209", "CVE-2014-4216", "CVE-2014-4218", "CVE-2014-4219", "CVE-2014-4220", "CVE-2014-4221", "CVE-2014-4223", "CVE-2014-4227", "CVE-2014-4244", "CVE-2014-4247", "CVE-2014-4252", "CVE-2014-4262", "CVE-2014-4263", "CVE-2014-4264", "CVE-2014-4265", "CVE-2014-4266", "CVE-2014-4268", "CVE-2014-4288", "CVE-2014-6456", "CVE-2014-6457", "CVE-2014-6458", "CVE-2014-6466", "CVE-2014-6468", "CVE-2014-6476", "CVE-2014-6485", "CVE-2014-6492", "CVE-2014-6493", "CVE-2014-6502", "CVE-2014-6503", "CVE-2014-6504", "CVE-2014-6506", "CVE-2014-6511", "CVE-2014-6512", "CVE-2014-6513", "CVE-2014-6515", "CVE-2014-6517", "CVE-2014-6519", "CVE-2014-6527", "CVE-2014-6531", "CVE-2014-6532", "CVE-2014-6558", "CVE-2014-6562");
      script_bugtraq_id(66856, 66866, 66870, 66873, 66877, 66879, 66881, 66883, 66886, 66887, 66891, 66893, 66894, 66897, 66898, 66899, 66902, 66903, 66904, 66905, 66907, 66908, 66909, 66910, 66911, 66912, 66913, 66914, 66915, 66916, 66917, 66918, 66919, 66920, 68562, 68571, 68576, 68580, 68583, 68590, 68596, 68599, 68603, 68608, 68612, 68615, 68620, 68624, 68626, 68632, 68636, 68639, 68642, 68645, 70456, 70460, 70468, 70470, 70484, 70488, 70507, 70518, 70519, 70522, 70523, 70531, 70533, 70538, 70544, 70548, 70552, 70556, 70560, 70564, 70565, 70567, 70569, 70570, 70572);
      script_xref(name:"GLSA", value:"201502-12");
    
      script_name(english:"GLSA-201502-12 : Oracle JRE/JDK: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201502-12
    (Oracle JRE/JDK: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Oracle’s Java SE
          Development Kit and Runtime Environment. Please review the CVE
          identifiers referenced below for details.
      
    Impact :
    
        A context-dependent attacker may be able to execute arbitrary code,
          disclose, update, insert, or delete certain data.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201502-12"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Oracle JRE 1.7 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=dev-java/oracle-jre-bin-1.7.0.71'
        All Oracle JDK 1.7 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=dev-java/oracle-jdk-bin-1.7.0.71'
        All users of the precompiled 32-bit Oracle JRE should upgrade to the
          latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=app-emulation/emul-linux-x86-java-1.7.0.71'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:emul-linux-x86-java");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:oracle-jdk-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:oracle-jre-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/02/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-java/oracle-jre-bin", unaffected:make_list("ge 1.7.0.71"), vulnerable:make_list("lt 1.7.0.71"))) flag++;
    if (qpkg_check(package:"dev-java/oracle-jdk-bin", unaffected:make_list("ge 1.7.0.71"), vulnerable:make_list("lt 1.7.0.71"))) flag++;
    if (qpkg_check(package:"app-emulation/emul-linux-x86-java", unaffected:make_list("ge 1.7.0.71"), vulnerable:make_list("lt 1.7.0.71"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Oracle JRE/JDK");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1041.NASL
    descriptionUpdated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-4208, CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4220, CVE-2014-4221, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265, CVE-2014-4266) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7-FP1 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id77142
    published2014-08-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77142
    titleRHEL 5 / 6 : java-1.7.0-ibm (RHSA-2014:1041)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1041. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77142);
      script_version("1.19");
      script_cvs_date("Date: 2019/10/24 15:35:38");
    
      script_cve_id("CVE-2014-3068", "CVE-2014-3086", "CVE-2014-4208", "CVE-2014-4209", "CVE-2014-4218", "CVE-2014-4219", "CVE-2014-4220", "CVE-2014-4221", "CVE-2014-4227", "CVE-2014-4244", "CVE-2014-4252", "CVE-2014-4262", "CVE-2014-4263", "CVE-2014-4265", "CVE-2014-4266");
      script_bugtraq_id(68571, 68576, 68580, 68583, 68596, 68599, 68603, 68620, 68624, 68632, 68636, 68639, 68642, 71408);
      script_xref(name:"RHSA", value:"2014:1041");
    
      script_name(english:"RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2014:1041)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.7.0-ibm packages that fix several security issues are
    now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
    
    Red Hat Product Security has rated this update as having Critical
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    IBM Java SE version 7 includes the IBM Java Runtime Environment and
    the IBM Java Software Development Kit.
    
    This update fixes several vulnerabilities in the IBM Java Runtime
    Environment and the IBM Java Software Development Kit. Detailed
    vulnerability descriptions are linked from the IBM Security alerts
    page, listed in the References section. (CVE-2014-4208, CVE-2014-4209,
    CVE-2014-4218, CVE-2014-4219, CVE-2014-4220, CVE-2014-4221,
    CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262,
    CVE-2014-4263, CVE-2014-4265, CVE-2014-4266)
    
    The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
    Product Security.
    
    All users of java-1.7.0-ibm are advised to upgrade to these updated
    packages, containing the IBM Java SE 7 SR7-FP1 release. All running
    instances of IBM Java must be restarted for the update to take effect."
      );
      # https://www.ibm.com/developerworks/java/jdk/alerts/
      script_set_attribute(
        attribute:"see_also",
        value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:1041"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4262"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4263"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4266"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4252"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4244"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4219"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4218"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4221"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4209"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4265"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4227"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4220"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4208"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3068"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3086"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:1041";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", reference:"java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el5_10")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el5_10")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el5_10")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el5_10")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el5_10")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el5_10")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el5_10")) flag++;
    
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el6_5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-ibm / java-1.7.0-ibm-demo / java-1.7.0-ibm-devel / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_7_0-OPENJDK-140721.NASL
    descriptionThis Critical Patch Update contains 20 new security fixes for Oracle Java SE. All of these vulnerabilities could have been remotely exploitable without authentication, i.e., could be exploited over a network without the need for a username and password.
    last seen2020-06-05
    modified2014-08-05
    plugin id76998
    published2014-08-05
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76998
    titleSuSE 11.3 Security Update : openjdk (SAT Patch Number 9543)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0264.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Satellite 5.6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2014-3065, CVE-2014-3068, CVE-2014-3566, CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265, CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412) The CVE-2014-4262 and CVE-2014-6512 issues were discovered by Florian Weimer of Red Hat Product Security. Users of Red Hat Satellite 5.6 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16-FP3 release. For this update to take effect, Red Hat Satellite must be restarted (
    last seen2020-06-01
    modified2020-06-02
    plugin id81505
    published2015-02-25
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81505
    titleRHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0264) (POODLE)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-IBM-140815.NASL
    descriptionjava-1_6_0-ibm has been updated to fix ten security issues.
    last seen2020-06-05
    modified2014-08-22
    plugin id77319
    published2014-08-22
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77319
    titleSuSE 11.3 Security Update : IBM Java (SAT Patch Number 9615)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1042.NASL
    descriptionUpdated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-4208, CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4220, CVE-2014-4221, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265, CVE-2014-4266) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR1-FP1 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id77143
    published2014-08-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77143
    titleRHEL 7 : java-1.7.1-ibm (RHSA-2014:1042)
  • NASL familyCGI abuses
    NASL idPUPPET_ENTERPRISE_331.NASL
    descriptionAccording to its self-reported version number, the Puppet Enterprise application installed on the remote host is version 3.3.0. Therefore, it contains a bundled version of Oracle Java that is affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id77282
    published2014-08-20
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77282
    titlePuppet Enterprise 3.3.0 Bundled Oracle Java Vulnerabilities
  • NASL familyWindows
    NASL idVMWARE_VCENTER_UPDATE_MGR_VMSA-2014-0012.NASL
    descriptionThe version of VMware vCenter Update Manager installed on the remote Windows host is 5.1 prior to Update 3. It is, therefore, affected by multiple vulnerabilities related to the bundled version of Oracle JRE prior to 1.6.0_81.
    last seen2020-06-01
    modified2020-06-02
    plugin id79864
    published2014-12-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79864
    titleVMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0012)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0902.NASL
    descriptionUpdated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4219, CVE-2014-2490, CVE-2014-4216, CVE-2014-4223, CVE-2014-4262, CVE-2014-2483, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4221, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265, CVE-2014-4220, CVE-2014-4208, CVE-2014-4264) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https:// access.redhat.com/solutions/732883 All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 65 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id79036
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79036
    titleRHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2014:0902)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0908.NASL
    descriptionUpdated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2014-4219, CVE-2014-4216, CVE-2014-4262, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https:// access.redhat.com/solutions/732883 All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 81 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id79109
    published2014-11-11
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79109
    titleRHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2014:0908)
  • NASL familyAIX Local Security Checks
    NASL idAIX_JAVA_JUL2014_ADVISORY.NASL
    descriptionThe version of Java SDK installed on the remote host is affected by the following vulnerabilities : - A privilege escalation vulnerability in IBM Java Virtual Machine allows remote attackers to execute code to increase access in the context of a security manager. (CVE-2014-3086) - Data integrity vulnerabilities exist in Oracle Java within the the Deployment subcomponent. (CVE-2014-4208, CVE-2014-4220, CVE-2014-4265) - An information disclosure vulnerability in Oracle Java
    last seen2020-06-01
    modified2020-06-02
    plugin id77333
    published2014-08-22
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77333
    titleAIX Java Advisory : java_jul2014_advisory.asc
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_7_0-IBM-140815.NASL
    descriptionIBM Java 1.7.0 has been updated to fix 14 security issues.
    last seen2020-06-05
    modified2014-08-20
    plugin id77273
    published2014-08-20
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77273
    titleSuSE 11.3 Security Update : IBM Java 1.7.0 (SAT Patch Number 9616)
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_JUL_2014_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 11, 7 Update 65, 6 Update 81, or 5 Update 71. It is, therefore, affected by security issues in the following components : - Deployment - Hotspot - JavaFX - JMX - Libraries - Security - Serviceability - Swing
    last seen2020-06-01
    modified2020-06-02
    plugin id76533
    published2014-07-16
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76533
    titleOracle Java SE Multiple Vulnerabilities (July 2014 CPU) (Unix)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1033.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP1 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id77081
    published2014-08-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77081
    titleRHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:1033)
  • NASL familyMisc.
    NASL idVMWARE_VCENTER_VMSA-2014-0012.NASL
    descriptionThe VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities in third party libraries : - Due to improper certificate validation when connecting to a CIM server on an ESXi host, an attacker can perform man-in-the-middle attacks. (CVE-2014-8371) - The bundled version of Oracle JRE is prior to 1.6.0_81 and thus is affected by multiple vulnerabilities. Note that this only affects version 5.1 and 5.0 of vCenter but is only fixed in 5.1 Update 3.
    last seen2020-06-01
    modified2020-06-02
    plugin id79865
    published2014-12-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79865
    titleVMware Security Updates for vCenter Server (VMSA-2014-0012)

Redhat

advisories
  • bugzilla
    id1119913
    titleCVE-2014-4265 Oracle JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentjava-1.6.0-sun-jdbc is earlier than 1:1.6.0.81-1jpp.1.el7
            ovaloval:com.redhat.rhsa:tst:20140908001
          • commentjava-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140414025
        • AND
          • commentjava-1.6.0-sun-plugin is earlier than 1:1.6.0.81-1jpp.1.el7
            ovaloval:com.redhat.rhsa:tst:20140908003
          • commentjava-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140414023
        • AND
          • commentjava-1.6.0-sun-src is earlier than 1:1.6.0.81-1jpp.1.el7
            ovaloval:com.redhat.rhsa:tst:20140908005
          • commentjava-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140414019
        • AND
          • commentjava-1.6.0-sun-demo is earlier than 1:1.6.0.81-1jpp.1.el7
            ovaloval:com.redhat.rhsa:tst:20140908007
          • commentjava-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140414015
        • AND
          • commentjava-1.6.0-sun-devel is earlier than 1:1.6.0.81-1jpp.1.el7
            ovaloval:com.redhat.rhsa:tst:20140908009
          • commentjava-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140414017
        • AND
          • commentjava-1.6.0-sun is earlier than 1:1.6.0.81-1jpp.1.el7
            ovaloval:com.redhat.rhsa:tst:20140908011
          • commentjava-1.6.0-sun is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140414021
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentjava-1.6.0-sun-plugin is earlier than 1:1.6.0.81-1jpp.1.el6_5
            ovaloval:com.redhat.rhsa:tst:20140908014
          • commentjava-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140414023
        • AND
          • commentjava-1.6.0-sun-jdbc is earlier than 1:1.6.0.81-1jpp.1.el6_5
            ovaloval:com.redhat.rhsa:tst:20140908015
          • commentjava-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140414025
        • AND
          • commentjava-1.6.0-sun-src is earlier than 1:1.6.0.81-1jpp.1.el6_5
            ovaloval:com.redhat.rhsa:tst:20140908016
          • commentjava-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140414019
        • AND
          • commentjava-1.6.0-sun is earlier than 1:1.6.0.81-1jpp.1.el6_5
            ovaloval:com.redhat.rhsa:tst:20140908017
          • commentjava-1.6.0-sun is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140414021
        • AND
          • commentjava-1.6.0-sun-devel is earlier than 1:1.6.0.81-1jpp.1.el6_5
            ovaloval:com.redhat.rhsa:tst:20140908018
          • commentjava-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140414017
        • AND
          • commentjava-1.6.0-sun-demo is earlier than 1:1.6.0.81-1jpp.1.el6_5
            ovaloval:com.redhat.rhsa:tst:20140908019
          • commentjava-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140414015
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentjava-1.6.0-sun-demo is earlier than 1:1.6.0.81-1jpp.1.el5_10
            ovaloval:com.redhat.rhsa:tst:20140908021
          • commentjava-1.6.0-sun-demo is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20140414008
        • AND
          • commentjava-1.6.0-sun-jdbc is earlier than 1:1.6.0.81-1jpp.1.el5_10
            ovaloval:com.redhat.rhsa:tst:20140908023
          • commentjava-1.6.0-sun-jdbc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20140414012
        • AND
          • commentjava-1.6.0-sun is earlier than 1:1.6.0.81-1jpp.1.el5_10
            ovaloval:com.redhat.rhsa:tst:20140908025
          • commentjava-1.6.0-sun is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20140414002
        • AND
          • commentjava-1.6.0-sun-plugin is earlier than 1:1.6.0.81-1jpp.1.el5_10
            ovaloval:com.redhat.rhsa:tst:20140908027
          • commentjava-1.6.0-sun-plugin is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20140414004
        • AND
          • commentjava-1.6.0-sun-devel is earlier than 1:1.6.0.81-1jpp.1.el5_10
            ovaloval:com.redhat.rhsa:tst:20140908029
          • commentjava-1.6.0-sun-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20140414010
        • AND
          • commentjava-1.6.0-sun-src is earlier than 1:1.6.0.81-1jpp.1.el5_10
            ovaloval:com.redhat.rhsa:tst:20140908031
          • commentjava-1.6.0-sun-src is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20140414006
    rhsa
    idRHSA-2014:0908
    released2014-07-21
    severityImportant
    titleRHSA-2014:0908: java-1.6.0-sun security update (Important)
  • rhsa
    idRHSA-2014:0902
  • rhsa
    idRHSA-2015:0264
rpms
  • java-1.7.0-oracle-1:1.7.0.65-1jpp.1.el6_5
  • java-1.7.0-oracle-1:1.7.0.65-1jpp.1.el7
  • java-1.7.0-oracle-1:1.7.0.65-1jpp.2.el5_10
  • java-1.7.0-oracle-devel-1:1.7.0.65-1jpp.1.el6_5
  • java-1.7.0-oracle-devel-1:1.7.0.65-1jpp.1.el7
  • java-1.7.0-oracle-devel-1:1.7.0.65-1jpp.2.el5_10
  • java-1.7.0-oracle-javafx-1:1.7.0.65-1jpp.1.el6_5
  • java-1.7.0-oracle-javafx-1:1.7.0.65-1jpp.1.el7
  • java-1.7.0-oracle-javafx-1:1.7.0.65-1jpp.2.el5_10
  • java-1.7.0-oracle-jdbc-1:1.7.0.65-1jpp.1.el6_5
  • java-1.7.0-oracle-jdbc-1:1.7.0.65-1jpp.1.el7
  • java-1.7.0-oracle-jdbc-1:1.7.0.65-1jpp.2.el5_10
  • java-1.7.0-oracle-plugin-1:1.7.0.65-1jpp.1.el6_5
  • java-1.7.0-oracle-plugin-1:1.7.0.65-1jpp.1.el7
  • java-1.7.0-oracle-plugin-1:1.7.0.65-1jpp.2.el5_10
  • java-1.7.0-oracle-src-1:1.7.0.65-1jpp.1.el6_5
  • java-1.7.0-oracle-src-1:1.7.0.65-1jpp.1.el7
  • java-1.7.0-oracle-src-1:1.7.0.65-1jpp.2.el5_10
  • java-1.6.0-sun-1:1.6.0.81-1jpp.1.el5_10
  • java-1.6.0-sun-1:1.6.0.81-1jpp.1.el6_5
  • java-1.6.0-sun-1:1.6.0.81-1jpp.1.el7
  • java-1.6.0-sun-demo-1:1.6.0.81-1jpp.1.el5_10
  • java-1.6.0-sun-demo-1:1.6.0.81-1jpp.1.el6_5
  • java-1.6.0-sun-demo-1:1.6.0.81-1jpp.1.el7
  • java-1.6.0-sun-devel-1:1.6.0.81-1jpp.1.el5_10
  • java-1.6.0-sun-devel-1:1.6.0.81-1jpp.1.el6_5
  • java-1.6.0-sun-devel-1:1.6.0.81-1jpp.1.el7
  • java-1.6.0-sun-jdbc-1:1.6.0.81-1jpp.1.el5_10
  • java-1.6.0-sun-jdbc-1:1.6.0.81-1jpp.1.el6_5
  • java-1.6.0-sun-jdbc-1:1.6.0.81-1jpp.1.el7
  • java-1.6.0-sun-plugin-1:1.6.0.81-1jpp.1.el5_10
  • java-1.6.0-sun-plugin-1:1.6.0.81-1jpp.1.el6_5
  • java-1.6.0-sun-plugin-1:1.6.0.81-1jpp.1.el7
  • java-1.6.0-sun-src-1:1.6.0.81-1jpp.1.el5_10
  • java-1.6.0-sun-src-1:1.6.0.81-1jpp.1.el6_5
  • java-1.6.0-sun-src-1:1.6.0.81-1jpp.1.el7
  • java-1.6.0-ibm-1:1.6.0.16.1-1jpp.1.el5_10
  • java-1.6.0-ibm-1:1.6.0.16.1-1jpp.1.el6_5
  • java-1.6.0-ibm-accessibility-1:1.6.0.16.1-1jpp.1.el5_10
  • java-1.6.0-ibm-demo-1:1.6.0.16.1-1jpp.1.el5_10
  • java-1.6.0-ibm-demo-1:1.6.0.16.1-1jpp.1.el6_5
  • java-1.6.0-ibm-devel-1:1.6.0.16.1-1jpp.1.el5_10
  • java-1.6.0-ibm-devel-1:1.6.0.16.1-1jpp.1.el6_5
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.1-1jpp.1.el5_10
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.1-1jpp.1.el6_5
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.1-1jpp.1.el5_10
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.1-1jpp.1.el6_5
  • java-1.6.0-ibm-plugin-1:1.6.0.16.1-1jpp.1.el5_10
  • java-1.6.0-ibm-plugin-1:1.6.0.16.1-1jpp.1.el6_5
  • java-1.6.0-ibm-src-1:1.6.0.16.1-1jpp.1.el5_10
  • java-1.6.0-ibm-src-1:1.6.0.16.1-1jpp.1.el6_5
  • java-1.7.0-ibm-1:1.7.0.7.1-1jpp.1.el5_10
  • java-1.7.0-ibm-1:1.7.0.7.1-1jpp.1.el6_5
  • java-1.7.0-ibm-demo-1:1.7.0.7.1-1jpp.1.el5_10
  • java-1.7.0-ibm-demo-1:1.7.0.7.1-1jpp.1.el6_5
  • java-1.7.0-ibm-devel-1:1.7.0.7.1-1jpp.1.el5_10
  • java-1.7.0-ibm-devel-1:1.7.0.7.1-1jpp.1.el6_5
  • java-1.7.0-ibm-jdbc-1:1.7.0.7.1-1jpp.1.el5_10
  • java-1.7.0-ibm-jdbc-1:1.7.0.7.1-1jpp.1.el6_5
  • java-1.7.0-ibm-plugin-1:1.7.0.7.1-1jpp.1.el5_10
  • java-1.7.0-ibm-plugin-1:1.7.0.7.1-1jpp.1.el6_5
  • java-1.7.0-ibm-src-1:1.7.0.7.1-1jpp.1.el5_10
  • java-1.7.0-ibm-src-1:1.7.0.7.1-1jpp.1.el6_5
  • java-1.7.1-ibm-1:1.7.1.1.1-1jpp.1.el7_0
  • java-1.7.1-ibm-demo-1:1.7.1.1.1-1jpp.1.el7_0
  • java-1.7.1-ibm-devel-1:1.7.1.1.1-1jpp.1.el7_0
  • java-1.7.1-ibm-jdbc-1:1.7.1.1.1-1jpp.1.el7_0
  • java-1.7.1-ibm-plugin-1:1.7.1.1.1-1jpp.1.el7_0
  • java-1.7.1-ibm-src-1:1.7.1.1.1-1jpp.1.el7_0
  • java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6
  • java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6