Vulnerabilities > CVE-2015-0413

047910
CVSS 1.9 - LOW
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE

Summary

Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. As per http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0079.NASL
    descriptionUpdated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413) The CVE-2015-0383 issue was discovered by Red Hat. Note: With this update, the Oracle Java SE now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the Red Hat Bugzilla bug linked to in the References section for instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id80931
    published2015-01-23
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80931
    titleRHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:0079) (POODLE)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:0079. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80931);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/24 15:35:39");
    
      script_cve_id("CVE-2014-3566", "CVE-2014-6585", "CVE-2014-6587", "CVE-2014-6591", "CVE-2014-6593", "CVE-2014-6601", "CVE-2015-0383", "CVE-2015-0395", "CVE-2015-0403", "CVE-2015-0406", "CVE-2015-0407", "CVE-2015-0408", "CVE-2015-0410", "CVE-2015-0412", "CVE-2015-0413");
      script_xref(name:"RHSA", value:"2015:0079");
    
      script_name(english:"RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:0079) (POODLE)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.7.0-oracle packages that fix several security issues
    are now available for Oracle Java for Red Hat Enterprise Linux 5, 6,
    and 7.
    
    Red Hat Product Security has rated this update as having Critical
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    Oracle Java SE version 7 includes the Oracle Java Runtime Environment
    and the Oracle Java Software Development Kit.
    
    This update fixes several vulnerabilities in the Oracle Java Runtime
    Environment and the Oracle Java Software Development Kit. Further
    information about these flaws can be found on the Oracle Java SE
    Critical Patch Update Advisory page, listed in the References section.
    (CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591,
    CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395,
    CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408,
    CVE-2015-0410, CVE-2015-0412, CVE-2015-0413)
    
    The CVE-2015-0383 issue was discovered by Red Hat.
    
    Note: With this update, the Oracle Java SE now disables the SSL 3.0
    protocol to address the CVE-2014-3566 issue (also known as POODLE).
    Refer to the Red Hat Bugzilla bug linked to in the References section
    for instructions on how to re-enable SSL 3.0 support if needed.
    
    All users of java-1.7.0-oracle are advised to upgrade to these updated
    packages, which provide Oracle Java 7 Update 75 and resolve these
    issues. All running instances of Oracle Java must be restarted for the
    update to take effect."
      );
      # http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?df55894d"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1152789#c82"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:0079"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3566"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-6585"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-6587"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-6591"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-6593"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-6601"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0383"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0395"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0406"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0407"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0408"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0410"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0413"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/22");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x / 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:0079";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11")) flag++;
    
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-1.7.0.75-1jpp.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-1.7.0.75-1jpp.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6")) flag++;
    
    
      if (rpm_check(release:"RHEL7", cpu:"i686", reference:"java-1.7.0-oracle-1.7.0.75-1jpp.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-oracle-1.7.0.75-1jpp.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"i686", reference:"java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-oracle-plugin-1.7.0.75-1jpp.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-oracle / java-1.7.0-oracle-devel / etc");
      }
    }
    
  • NASL familyMisc.
    NASL idVCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-WIN.NASL
    descriptionThe version of VMware vCenter Operations Manager installed on the remote Windows host has a bundled version of the Java JRE prior to version 1.7.0_76-b13 (aka 7.0.760.13). It is, therefore, affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) Additionally, unspecified vulnerabilities also exist in the following bundled Java components : - 2D (CVE-2014-6585, CVE-2014-6591) - Deployment (CVE-2015-0403, CVE-2015-0406) - Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0437) - Installation (CVE-2015-0421) - JAX-WS (CVE-2015-0412) - JSSE (CVE-2014-6593) - Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400) - RMI (CVE-2015-0408) - Security (CVE-2015-0410) - Serviceability (CVE-2015-0413) - Swing (CVE-2015-0407) VMware has released a patch that updates the JRE bundled with the appliance.
    last seen2020-06-01
    modified2020-06-02
    plugin id82707
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82707
    titleVMware vCenter Operations Management Windows JRE Update 1.7.0_76-b13 (VMSA-2015-0003) (POODLE)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82707);
      script_version("1.11");
      script_cvs_date("Date: 2018/11/15 20:50:24");
    
      script_cve_id(
        "CVE-2014-3566",
        "CVE-2014-6549",
        "CVE-2014-6585",
        "CVE-2014-6587",
        "CVE-2014-6591",
        "CVE-2014-6593",
        "CVE-2014-6601",
        "CVE-2015-0383",
        "CVE-2015-0395",
        "CVE-2015-0400",
        "CVE-2015-0403",
        "CVE-2015-0406",
        "CVE-2015-0407",
        "CVE-2015-0408",
        "CVE-2015-0410",
        "CVE-2015-0412",
        "CVE-2015-0413",
        "CVE-2015-0421",
        "CVE-2015-0437"
      );
      script_bugtraq_id(
        70574,
        72132,
        72136,
        72137,
        72140,
        72142,
        72146,
        72148,
        72150,
        72154,
        72155,
        72159,
        72162,
        72165,
        72168,
        72169,
        72173,
        72175,
        72176
      );
      script_xref(name:"CERT", value:"577193");
      script_xref(name:"VMSA", value:"2015-0003");
    
      script_name(english:"VMware vCenter Operations Management Windows JRE Update 1.7.0_76-b13 (VMSA-2015-0003) (POODLE)");
      script_summary(english:"Checks the version of VMware vCenter Operations Manager.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host has a virtualization application installed
    that is missing a vendor supplied security patch.");
      script_set_attribute(attribute:"description", value:
    "The version of VMware vCenter Operations Manager installed on the
    remote Windows host has a bundled version of the Java JRE prior to
    version 1.7.0_76-b13 (aka 7.0.760.13). It is, therefore, affected by a
    man-in-the-middle (MitM) information disclosure vulnerability known as
    POODLE. The vulnerability is due to the way SSL 3.0 handles padding
    bytes when decrypting messages encrypted using block ciphers in cipher
    block chaining (CBC) mode. MitM attackers can decrypt a selected byte
    of a cipher text in as few as 256 tries if they are able to force a
    victim application to repeatedly send the same data over newly created
    SSL 3.0 connections. (CVE-2014-3566)
    
    Additionally, unspecified vulnerabilities also exist in the following
    bundled Java components :
    
      - 2D (CVE-2014-6585, CVE-2014-6591)
    
      - Deployment (CVE-2015-0403, CVE-2015-0406)
    
      - Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395,
        CVE-2015-0437)
    
      - Installation (CVE-2015-0421)
    
      - JAX-WS (CVE-2015-0412)
    
      - JSSE (CVE-2014-6593)
    
      - Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400)
    
      - RMI (CVE-2015-0408)
    
      - Security (CVE-2015-0410)
    
      - Serviceability (CVE-2015-0413)
    
      - Swing (CVE-2015-0407)
    
    VMware has released a patch that updates the JRE bundled with the
    appliance.");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2015-0003.html");
      # https://www.oracle.com/technetwork/java/javase/7u76-relnotes-2389087.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ae8dfc7a");
      # https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75c6cafb");
      script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2014/10/14/poodle.html");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/ssl-poodle.pdf");
      script_set_attribute(attribute:"see_also", value:"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00");
      script_set_attribute(attribute:"solution", value:"Apply the vendor supplied patches.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/10");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vcenter_operations");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
    
      script_dependencies("vmware_vcenter_operations_manager_installed.nbin");
      script_require_keys("SMB/Registry/Enumerated","installed_sw/VMware vCenter Operations Manager");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("smb_func.inc");
    include("install_func.inc");
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    
    appname = "VMware vCenter Operations Manager";
    install = get_single_install(app_name : appname, exit_if_unknown_ver : TRUE);
    jrever  = install['jreversion'];
    fixed   = "7.0.760.13";
    version = install['version'];
    
    if(jrever == UNKNOWN_VER)
      audit(AUDIT_UNKNOWN_APP_VER,appname+"'s redistributed JRE");
    
    if(version !~ "^5\.(7|8)" && version !~ "^6\.")
      audit(AUDIT_NOT_INST, appname + " 5.7.x / 5.8.x / 6.x");
    
    if(ver_compare(ver:jrever,fix:fixed,strict:FALSE) < 0)
    {
      port = kb_smb_transport();
      if (report_verbosity > 0)
      {
        report = '\n' +
                 '\n  Installed Version : '+install['version']+
                 '\n  JRE Path          : '+install['jrepath']+
                 '\n  JRE Version       : '+jrever+
                 '\n  Fixed JRE Version : '+fixed+
                 '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
    }
    else audit(AUDIT_PATCH_INSTALLED, "VMware-vcops-JRE-SKIP-TLS-HP.exe",appname,version);
    
    
  • NASL familyMisc.
    NASL idVMWARE_WORKSPACE_PORTAL_VMSA2015-0003.NASL
    descriptionThe VMware Workspace Portal (formerly known as VMware Horizon Workspace) installed on the remote host is version 2.x prior to 2.1.1. It is, therefore, affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) Additionally, unspecified vulnerabilities also exist in the following bundled Java components : - 2D (CVE-2014-6585, CVE-2014-6591) - Deployment (CVE-2015-0403, CVE-2015-0406) - Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0437) - Installation (CVE-2015-0421) - JAX-WS (CVE-2015-0412) - JSSE (CVE-2014-6593) - Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400) - RMI (CVE-2015-0408) - Security (CVE-2015-0410) - Serviceability (CVE-2015-0413) - Swing (CVE-2015-0407)
    last seen2020-06-01
    modified2020-06-02
    plugin id82742
    published2015-04-13
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82742
    titleVMware Workspace Portal Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2487-1.NASL
    descriptionSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395, CVE-2015-0408, CVE-2015-0412) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400, CVE-2015-0407) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6593) A vulnerability was discovered in the OpenJDK JRE related to integrity and availability. An attacker could exploit this to cause a denial of service. (CVE-2015-0383) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could this exploit to cause a denial of service. (CVE-2015-0410) A vulnerability was discovered in the OpenJDK JRE related to data integrity. (CVE-2015-0413). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id81045
    published2015-01-28
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81045
    titleUbuntu 14.04 LTS / 14.10 : openjdk-7 vulnerabilities (USN-2487-1) (POODLE)
  • NASL familyMisc.
    NASL idVCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-LINUX.NASL
    descriptionThe version of VMware vCenter Operations Manager installed on the remote Linux host has a bundled version of the Java JRE prior to version 1.7.0_76-b13 (aka 7.0.760.13). It is, therefore, affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) Additionally, unspecified vulnerabilities also exist in the following bundled Java components : - 2D (CVE-2014-6585, CVE-2014-6591) - Deployment (CVE-2015-0403, CVE-2015-0406) - Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0437) - Installation (CVE-2015-0421) - JAX-WS (CVE-2015-0412) - JSSE (CVE-2014-6593) - Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400) - RMI (CVE-2015-0408) - Security (CVE-2015-0410) - Serviceability (CVE-2015-0413) - Swing (CVE-2015-0407) VMware has released a patch that updates the JRE bundled with the appliance.
    last seen2020-06-01
    modified2020-06-02
    plugin id82705
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82705
    titleVMware vCenter Operations Management Linux JRE Update 1.7.0_76-b13 (VMSA-2015-0003) (POODLE)
  • NASL familyMisc.
    NASL idVMWARE_VCENTER_VMSA-2015-0003.NASL
    descriptionThe VMware vCenter Server installed on the remote host is version 5.0 prior to 5.0u3d, 5.1 prior to 5.1u3a, 5.5 prior to 5.5u2e, or 6.0 prior to 6.0.0a. It is, therefore, affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE, related to the bundled JRE component. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. Additionally, multiple unspecified vulnerabilities also exist in the following bundled JRE components : - 2D (CVE-2014-6585, CVE-2014-6591) - Deployment (CVE-2015-0403, CVE-2015-0406) - Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0437) - Installation (CVE-2015-0421) - JAX-WS (CVE-2015-0412) - JSSE (CVE-2014-6593) - Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400) - RMI (CVE-2015-0408) - Security (CVE-2015-0410) - Serviceability (CVE-2015-0413) - Swing (CVE-2015-0407)
    last seen2020-06-01
    modified2020-06-02
    plugin id83186
    published2015-05-01
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83186
    titleVMware vCenter Server Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)
  • NASL familyWindows
    NASL idVMWARE_VCENTER_CHARGEBACK_MANAGER_VMSA_2015_0003.NASL
    descriptionThe version of VMware vCenter Chargeback Manager installed on the remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) Additionally, unspecified vulnerabilities also exist in the following bundled Java components : - 2D (CVE-2014-6585, CVE-2014-6591) - Deployment (CVE-2015-0403, CVE-2015-0406) - Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0437) - Installation (CVE-2015-0421) - JAX-WS (CVE-2015-0412) - JSSE (CVE-2014-6593) - Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400) - RMI (CVE-2015-0408) - Security (CVE-2015-0410) - Serviceability (CVE-2015-0413) - Swing (CVE-2015-0407)
    last seen2020-06-01
    modified2020-06-02
    plugin id82899
    published2015-04-20
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82899
    titleVMware vCenter Chargeback Manager Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0080.NASL
    descriptionUpdated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413, CVE-2015-0421, CVE-2015-0437) The CVE-2015-0383 issue was discovered by Red Hat. Note: With this update, the Oracle Java SE now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the Red Hat Bugzilla bug linked to in the References section for instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 31 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id80932
    published2015-01-23
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80932
    titleRHEL 6 : java-1.8.0-oracle (RHSA-2015:0080) (POODLE)
  • NASL familyWindows
    NASL idVMWARE_HORIZON_VIEW_VMSA-2015-0003.NASL
    descriptionThe VMware Horizon View installed on the remote Windows host is version 5.x prior to 5.3.4 or version 6.x prior to 6.1. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - An XML external entity (XXE) injection vulnerability exists in the included Flex BlazeDS component due to an incorrect configuration of the XML parser that allows external XML entities to be accepted from untrusted sources. An unauthenticated, remote attacker can exploit this vulnerability, via a via a crafted AMF message, to gain access to sensitive information. (CVE-2015-3269) - A flaw exists in the bundled Adobe ColdFusion and LiveCycle Data Services components related to request handling between a user and the server. A remote attacker can exploit this, via a specially crafted request, to bypass access restrictions (e.g. host or network ACLs), conduct port scanning of internal networks, enumerate internal hosts, or possibly invoke additional protocols (e.g. Gopher, TFTP). (CVE-2015-5255) Additionally, unspecified vulnerabilities also exist in the following bundled Java components : - 2D (CVE-2014-6585, CVE-2014-6591) - Deployment (CVE-2015-0403, CVE-2015-0406) - Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0437) - Installation (CVE-2015-0421) - JAX-WS (CVE-2015-0412) - JSSE (CVE-2014-6593) - Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400) - RMI (CVE-2015-0408) - Security (CVE-2015-0410) - Serviceability (CVE-2015-0413) - Swing (CVE-2015-0407)
    last seen2020-06-01
    modified2020-06-02
    plugin id82741
    published2015-04-13
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82741
    titleVMware Horizon View Multiple Vulnerabilities (VMSA-2015-0003) (VMSA-2015-0008) (POODLE)
  • NASL familyMisc.
    NASL idVCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-VAPP.NASL
    descriptionThe version of VMware vCenter Operations Manager installed on the remote host has a bundled version of the Java JRE prior to version 1.7.0_76-b13 (aka 7.0.760). It is, therefore, affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) Additionally, unspecified vulnerabilities also exist in the following bundled Java components : - 2D (CVE-2014-6585, CVE-2014-6591) - Deployment (CVE-2015-0403, CVE-2015-0406) - Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0437) - Installation (CVE-2015-0421) - JAX-WS (CVE-2015-0412) - JSSE (CVE-2014-6593) - Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400) - RMI (CVE-2015-0408) - Security (CVE-2015-0410) - Serviceability (CVE-2015-0413) - Swing (CVE-2015-0407) VMware has released a patch that updates the JRE bundled with the appliance.
    last seen2020-06-01
    modified2020-06-02
    plugin id82706
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82706
    titleVMware vCenter Operations Management vApp JRE Update 1.7.0_76-b13 (VMSA-2015-0003) (POODLE)
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_JAN_2015_UNIX.NASL
    descriptionThe version of Oracle Java SE or Java for Business installed on the remote host is prior to 8 Update 31, 7 Update 75, 6 Update 91, or 5 Update 81. It is, therefore, affected by security vulnerabilities in the following components : - 2D - Deployment - Hotspot - Install - JAX-WS - JSSE - Libraries - RMI - Security - Serviceability - Swing
    last seen2020-06-01
    modified2020-06-02
    plugin id80907
    published2015-01-22
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80907
    titleOracle Java SE Multiple Vulnerabilities (January 2015 CPU) (Unix) (POODLE)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_7_0-OPENJDK-150206.NASL
    descriptionjava-1_7_0-openjdk was updated to fix 19 security issues. Details are available at http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.h tml#AppendixJAVA
    last seen2020-06-01
    modified2020-06-02
    plugin id81419
    published2015-02-20
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81419
    titleSuSE 11.3 Security Update : java-1_7_0-openjdk (SAT Patch Number 10286)
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_JAN_2015.NASL
    descriptionThe version of Oracle Java SE or Java for Business installed on the remote host is prior to 8 Update 31, 7 Update 75, 6 Update 91, or 5 Update 81. It is, therefore, affected by security vulnerabilities in the following components : - 2D - Deployment - Hotspot - Install - JAX-WS - JSSE - Libraries - RMI - Security - Serviceability - Swing
    last seen2020-06-01
    modified2020-06-02
    plugin id80908
    published2015-01-22
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80908
    titleOracle Java SE Multiple Vulnerabilities (January 2015 CPU) (POODLE)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201507-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201507-14 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Oracle JRE/JDK. Please review the CVE identifiers referenced below for details. Impact : An context-dependent attacker may be able to influence the confidentiality, integrity, and availability of Java applications/runtime. Workaround : There is no workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id84719
    published2015-07-14
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84719
    titleGLSA-201507-14 : Oracle JRE/JDK: Multiple vulnerabilities (POODLE)

Redhat

advisories
  • bugzilla
    id1184278
    titleCVE-2015-0413 Oracle JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentjava-1.7.0-oracle is earlier than 1:1.7.0.75-1jpp.2.el7
            ovaloval:com.redhat.rhsa:tst:20150079001
          • commentjava-1.7.0-oracle is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413017
        • AND
          • commentjava-1.7.0-oracle-src is earlier than 1:1.7.0.75-1jpp.2.el7
            ovaloval:com.redhat.rhsa:tst:20150079003
          • commentjava-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413021
        • AND
          • commentjava-1.7.0-oracle-javafx is earlier than 1:1.7.0.75-1jpp.2.el7
            ovaloval:com.redhat.rhsa:tst:20150079005
          • commentjava-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413019
        • AND
          • commentjava-1.7.0-oracle-devel is earlier than 1:1.7.0.75-1jpp.2.el7
            ovaloval:com.redhat.rhsa:tst:20150079007
          • commentjava-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413015
        • AND
          • commentjava-1.7.0-oracle-plugin is earlier than 1:1.7.0.75-1jpp.2.el7
            ovaloval:com.redhat.rhsa:tst:20150079009
          • commentjava-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413025
        • AND
          • commentjava-1.7.0-oracle-jdbc is earlier than 1:1.7.0.75-1jpp.2.el7
            ovaloval:com.redhat.rhsa:tst:20150079011
          • commentjava-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413023
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentjava-1.7.0-oracle-plugin is earlier than 1:1.7.0.75-1jpp.1.el6
            ovaloval:com.redhat.rhsa:tst:20150079014
          • commentjava-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413025
        • AND
          • commentjava-1.7.0-oracle-devel is earlier than 1:1.7.0.75-1jpp.1.el6
            ovaloval:com.redhat.rhsa:tst:20150079015
          • commentjava-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413015
        • AND
          • commentjava-1.7.0-oracle-javafx is earlier than 1:1.7.0.75-1jpp.1.el6
            ovaloval:com.redhat.rhsa:tst:20150079016
          • commentjava-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413019
        • AND
          • commentjava-1.7.0-oracle is earlier than 1:1.7.0.75-1jpp.1.el6
            ovaloval:com.redhat.rhsa:tst:20150079017
          • commentjava-1.7.0-oracle is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413017
        • AND
          • commentjava-1.7.0-oracle-jdbc is earlier than 1:1.7.0.75-1jpp.1.el6
            ovaloval:com.redhat.rhsa:tst:20150079018
          • commentjava-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413023
        • AND
          • commentjava-1.7.0-oracle-src is earlier than 1:1.7.0.75-1jpp.1.el6
            ovaloval:com.redhat.rhsa:tst:20150079019
          • commentjava-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413021
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentjava-1.7.0-oracle is earlier than 1:1.7.0.75-1jpp.1.el5_11
            ovaloval:com.redhat.rhsa:tst:20150079021
          • commentjava-1.7.0-oracle is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20140413004
        • AND
          • commentjava-1.7.0-oracle-jdbc is earlier than 1:1.7.0.75-1jpp.1.el5_11
            ovaloval:com.redhat.rhsa:tst:20150079023
          • commentjava-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20140413012
        • AND
          • commentjava-1.7.0-oracle-src is earlier than 1:1.7.0.75-1jpp.1.el5_11
            ovaloval:com.redhat.rhsa:tst:20150079025
          • commentjava-1.7.0-oracle-src is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20140413006
        • AND
          • commentjava-1.7.0-oracle-javafx is earlier than 1:1.7.0.75-1jpp.1.el5_11
            ovaloval:com.redhat.rhsa:tst:20150079027
          • commentjava-1.7.0-oracle-javafx is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20140413010
        • AND
          • commentjava-1.7.0-oracle-plugin is earlier than 1:1.7.0.75-1jpp.1.el5_11
            ovaloval:com.redhat.rhsa:tst:20150079029
          • commentjava-1.7.0-oracle-plugin is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20140413008
        • AND
          • commentjava-1.7.0-oracle-devel is earlier than 1:1.7.0.75-1jpp.1.el5_11
            ovaloval:com.redhat.rhsa:tst:20150079031
          • commentjava-1.7.0-oracle-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20140413002
    rhsa
    idRHSA-2015:0079
    released2015-01-22
    severityCritical
    titleRHSA-2015:0079: java-1.7.0-oracle security update (Critical)
  • rhsa
    idRHSA-2015:0080
rpms
  • java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el5_11
  • java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el6
  • java-1.7.0-oracle-1:1.7.0.75-1jpp.2.el7
  • java-1.7.0-oracle-devel-1:1.7.0.75-1jpp.1.el5_11
  • java-1.7.0-oracle-devel-1:1.7.0.75-1jpp.1.el6
  • java-1.7.0-oracle-devel-1:1.7.0.75-1jpp.2.el7
  • java-1.7.0-oracle-javafx-1:1.7.0.75-1jpp.1.el5_11
  • java-1.7.0-oracle-javafx-1:1.7.0.75-1jpp.1.el6
  • java-1.7.0-oracle-javafx-1:1.7.0.75-1jpp.2.el7
  • java-1.7.0-oracle-jdbc-1:1.7.0.75-1jpp.1.el5_11
  • java-1.7.0-oracle-jdbc-1:1.7.0.75-1jpp.1.el6
  • java-1.7.0-oracle-jdbc-1:1.7.0.75-1jpp.2.el7
  • java-1.7.0-oracle-plugin-1:1.7.0.75-1jpp.1.el5_11
  • java-1.7.0-oracle-plugin-1:1.7.0.75-1jpp.1.el6
  • java-1.7.0-oracle-plugin-1:1.7.0.75-1jpp.2.el7
  • java-1.7.0-oracle-src-1:1.7.0.75-1jpp.1.el5_11
  • java-1.7.0-oracle-src-1:1.7.0.75-1jpp.1.el6
  • java-1.7.0-oracle-src-1:1.7.0.75-1jpp.2.el7
  • java-1.8.0-oracle-1:1.8.0.31-1jpp.1.el6
  • java-1.8.0-oracle-devel-1:1.8.0.31-1jpp.1.el6
  • java-1.8.0-oracle-javafx-1:1.8.0.31-1jpp.1.el6
  • java-1.8.0-oracle-jdbc-1:1.8.0.31-1jpp.1.el6
  • java-1.8.0-oracle-plugin-1:1.8.0.31-1jpp.1.el6
  • java-1.8.0-oracle-src-1:1.8.0.31-1jpp.1.el6