Vulnerabilities > CVE-2015-0460 - Unspecified vulnerability in Oracle JDK and JRE

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
oracle
critical
nessus

Summary

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Per Oracle: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. (http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html)

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-212.NASL
    descriptionUpdated java-1.7.0 packages fix security vulnerabilities : An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions (CVE-2015-0469). A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions (CVE-2015-0460). A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly (CVE-2015-0488). A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions (CVE-2015-0477). A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted (CVE-2005-1080, CVE-2015-0480). It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures (CVE-2015-0478).
    last seen2020-06-01
    modified2020-06-02
    plugin id83104
    published2015-04-28
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83104
    titleMandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2015:212)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2015:212. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83104);
      script_version("2.3");
      script_cvs_date("Date: 2019/08/02 13:32:57");
    
      script_cve_id("CVE-2005-1080", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488");
      script_bugtraq_id(13083, 74072, 74097, 74104, 74111, 74119, 74147);
      script_xref(name:"MDVSA", value:"2015:212");
    
      script_name(english:"Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2015:212)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.7.0 packages fix security vulnerabilities :
    
    An off-by-one flaw, leading to a buffer overflow, was found in the
    font parsing code in the 2D component in OpenJDK. A specially crafted
    font file could possibly cause the Java Virtual Machine to execute
    arbitrary code, allowing an untrusted Java application or applet to
    bypass Java sandbox restrictions (CVE-2015-0469).
    
    A flaw was found in the way the Hotspot component in OpenJDK handled
    phantom references. An untrusted Java application or applet could use
    this flaw to corrupt the Java Virtual Machine memory and, possibly,
    execute arbitrary code, bypassing Java sandbox restrictions
    (CVE-2015-0460).
    
    A flaw was found in the way the JSSE component in OpenJDK parsed X.509
    certificate options. A specially crafted certificate could cause JSSE
    to raise an exception, possibly causing an application using JSSE to
    exit unexpectedly (CVE-2015-0488).
    
    A flaw was discovered in the Beans component in OpenJDK. An untrusted
    Java application or applet could use this flaw to bypass certain Java
    sandbox restrictions (CVE-2015-0477).
    
    A directory traversal flaw was found in the way the jar tool extracted
    JAR archive files. A specially crafted JAR archive could cause jar to
    overwrite arbitrary files writable by the user running jar when the
    archive was extracted (CVE-2005-1080, CVE-2015-0480).
    
    It was found that the RSA implementation in the JCE component in
    OpenJDK did not follow recommended practices for implementing RSA
    signatures (CVE-2015-0478)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2015-0158.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"java-1.7.0-openjdk-1.7.0.65-2.5.5.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"java-1.7.0-openjdk-accessibility-1.7.0.65-2.5.5.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"java-1.7.0-openjdk-demo-1.7.0.65-2.5.5.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"java-1.7.0-openjdk-devel-1.7.0.65-2.5.5.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"java-1.7.0-openjdk-headless-1.7.0.65-2.5.5.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"java-1.7.0-openjdk-javadoc-1.7.0.65-2.5.5.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"java-1.7.0-openjdk-src-1.7.0.65-2.5.5.1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0806.NASL
    descriptionUpdated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82801
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82801
    titleCentOS 6 / 7 : java-1.7.0-openjdk (CESA-2015:0806)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:0806 and 
    # CentOS Errata and Security Advisory 2015:0806 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82801);
      script_version("1.12");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2005-1080", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488");
      script_bugtraq_id(13083, 74072, 74097, 74104, 74111, 74119, 74147);
      script_xref(name:"RHSA", value:"2015:0806");
    
      script_name(english:"CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2015:0806)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.7.0-openjdk packages that fix multiple security issues
    are now available for Red Hat Enterprise Linux 6 and 7.
    
    Red Hat Product Security has rated this update as having Critical
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
    Environment and the OpenJDK 7 Java Software Development Kit.
    
    An off-by-one flaw, leading to a buffer overflow, was found in the
    font parsing code in the 2D component in OpenJDK. A specially crafted
    font file could possibly cause the Java Virtual Machine to execute
    arbitrary code, allowing an untrusted Java application or applet to
    bypass Java sandbox restrictions. (CVE-2015-0469)
    
    A flaw was found in the way the Hotspot component in OpenJDK handled
    phantom references. An untrusted Java application or applet could use
    this flaw to corrupt the Java Virtual Machine memory and, possibly,
    execute arbitrary code, bypassing Java sandbox restrictions.
    (CVE-2015-0460)
    
    A flaw was found in the way the JSSE component in OpenJDK parsed X.509
    certificate options. A specially crafted certificate could cause JSSE
    to raise an exception, possibly causing an application using JSSE to
    exit unexpectedly. (CVE-2015-0488)
    
    A flaw was discovered in the Beans component in OpenJDK. An untrusted
    Java application or applet could use this flaw to bypass certain Java
    sandbox restrictions. (CVE-2015-0477)
    
    A directory traversal flaw was found in the way the jar tool extracted
    JAR archive files. A specially crafted JAR archive could cause jar to
    overwrite arbitrary files writable by the user running jar when the
    archive was extracted. (CVE-2005-1080, CVE-2015-0480)
    
    It was found that the RSA implementation in the JCE component in
    OpenJDK did not follow recommended practices for implementing RSA
    signatures. (CVE-2015-0478)
    
    The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat
    Product Security.
    
    Note: If the web browser plug-in provided by the icedtea-web package
    was installed, the issues exposed via Java applets could have been
    exploited without user interaction if a user visited a malicious
    website.
    
    All users of java-1.7.0-openjdk are advised to upgrade to these
    updated packages, which resolve these issues. All running instances of
    OpenJDK Java must be restarted for the update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2015-April/021066.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9af97afb"
      );
      # https://lists.centos.org/pipermail/centos-announce/2015-April/021069.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a9212bd5"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1.7.0-openjdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0469");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x / 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6")) flag++;
    
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.el7_1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el7_1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el7_1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.el7_1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el7_1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el7_1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_7_0-OPENJDK-150419.NASL
    descriptionOpenJDK was updated to version 2.5.5 - OpenJDK 7u79 to fix security issues and bugs. The following vulnerabilities have been fixed : - Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0458) - 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0459) - Hotspot: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0460) - 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0469) - Beans: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols. (CVE-2015-0477) - JCE: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols. (CVE-2015-0478) - Tools: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols and cause a partial denial of service (partial DOS). (CVE-2015-0480) - JavaFX: unauthenticated remote attackers could read, update, insert or delete access some Java accessible data via multiple protocols and cause a partial denial of service (partial DOS). (CVE-2015-0484) - JSSE: unauthenticated remote attackers could cause a partial denial of service (partial DOS). (CVE-2015-0488) - 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0491) - JavaFX: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0492)
    last seen2020-06-01
    modified2020-06-02
    plugin id83287
    published2015-05-08
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83287
    titleSuSE 11.3 Security Update : java-1_7_0-openjdk (SAT Patch Number 10621)
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_APR_2015.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 45, 7 Update 79, 6 Update 95, or 5 Update 85. It is, therefore, affected by security vulnerabilities in the following components : - 2D - Beans - Deployment - Hotspot - JavaFX - JCE - JSSE - Tools
    last seen2020-06-01
    modified2020-06-02
    plugin id82820
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82820
    titleOracle Java SE Multiple Vulnerabilities (April 2015 CPU) (FREAK)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3316.NASL
    descriptionSeveral vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.
    last seen2020-06-01
    modified2020-06-02
    plugin id85031
    published2015-07-28
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85031
    titleDebian DSA-3316-1 : openjdk-7 - security update (Bar Mitzvah) (Logjam)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-332.NASL
    descriptionOpenJDK was updated to jdk8u45-b14 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0459: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0469: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0470: Hotspot: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols - CVE-2015-0477: Beans: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols - CVE-2015-0478: JCE: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols - CVE-2015-0480: Tools: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols and cause a partial denial of service (partial DOS) - CVE-2015-0484: JavaFX: unauthenticated remote attackers could read, update, insert or delete access some Java accessible data via multiple protocols and cause a partial denial of service (partial DOS). - CVE-2015-0486: Deployment: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols - CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a partial denial of service (partial DOS). - CVE-2015-0491: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute arbitrary code via multiple protocols.
    last seen2020-06-05
    modified2015-04-28
    plugin id83107
    published2015-04-28
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83107
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-332)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0808.NASL
    descriptionUpdated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82810
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82810
    titleRHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2015:0808)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-213.NASL
    descriptionSeveral vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. For Debian 6
    last seen2020-03-17
    modified2015-05-01
    plugin id83165
    published2015-05-01
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83165
    titleDebian DLA-213-1 : openjdk-6 security update
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150415_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL
    descriptionAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-03-18
    modified2015-04-16
    plugin id82813
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82813
    titleScientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/srpm/x86_64 (20150415)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2573-1.NASL
    descriptionSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480) Florian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478) A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this expose sensitive data over the network. (CVE-2015-0477) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2015-0488). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id82991
    published2015-04-22
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82991
    titleUbuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2573-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0808.NASL
    descriptionUpdated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82803
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82803
    titleCentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2015:0808)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0807.NASL
    descriptionUpdated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82802
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82802
    titleCentOS 5 : java-1.7.0-openjdk (CESA-2015:0807)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0807.NASL
    descriptionFrom Red Hat Security Advisory 2015:0807 : Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82808
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82808
    titleOracle Linux 5 : java-1.7.0-openjdk (ELSA-2015-0807)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0806.NASL
    descriptionUpdated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82809
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82809
    titleRHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2015:0806)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3235.NASL
    descriptionSeveral vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id83063
    published2015-04-27
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83063
    titleDebian DSA-3235-1 : openjdk-7 - security update
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150415_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL
    descriptionAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) Multiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-03-18
    modified2015-04-16
    plugin id82816
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82816
    titleScientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/srpm/x86_64 (20150415)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-517.NASL
    descriptionAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) Multiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-0477 , CVE-2015-0470) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080 , CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478)
    last seen2020-06-01
    modified2020-06-02
    plugin id83268
    published2015-05-07
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83268
    titleAmazon Linux AMI : java-1.8.0-openjdk (ALAS-2015-517)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0854.NASL
    descriptionUpdated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 45 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82897
    published2015-04-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82897
    titleRHEL 6 / 7 : java-1.8.0-oracle (RHSA-2015:0854)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201603-11.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201603-11 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities exist in both Oracle&rsquo;s JRE and JDK. Please review the referenced CVE&rsquo;s for additional information. Impact : Remote attackers could gain access to information, remotely execute arbitrary code, and cause Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id89904
    published2016-03-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89904
    titleGLSA-201603-11 : Oracle JRE/JDK: Multiple vulnerabilities (Logjam)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150415_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL
    descriptionAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-03-18
    modified2015-04-16
    plugin id82815
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82815
    titleScientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/srpm/x86_64 (20150415)
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_APR_2015_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 45, 7 Update 79, 6 Update 95, or 5 Update 85. It is, therefore, affected by security vulnerabilities in the following components : - 2D - Beans - Deployment - Hotspot - JavaFX - JCE - JSSE - Tools
    last seen2020-06-01
    modified2020-06-02
    plugin id82821
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82821
    titleOracle Java SE Multiple Vulnerabilities (April 2015 CPU) (Unix) (FREAK)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-331.NASL
    descriptionOpenJDK was updated to 2.5.5 - OpenJdk 7u79 to fix security issues and bugs : The following vulnerabilities were fixed : - CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0459: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0469: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0477: Beans: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols - CVE-2015-0478: JCE: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols - CVE-2015-0480: Tools: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols and cause a partial denial of service (partial DOS) - CVE-2015-0484: JavaFX: unauthenticated remote attackers could read, update, insert or delete access some Java accessible data via multiple protocols and cause a partial denial of service (partial DOS). - CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a partial denial of service (partial DOS). - CVE-2015-0491: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute arbitrary code via multiple protocols.
    last seen2020-06-05
    modified2015-04-28
    plugin id83106
    published2015-04-28
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83106
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-2015-331)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-516.NASL
    descriptionAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080 , CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478)
    last seen2020-06-01
    modified2020-06-02
    plugin id83059
    published2015-04-27
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83059
    titleAmazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-516)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3234.NASL
    descriptionSeveral vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id83062
    published2015-04-27
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83062
    titleDebian DSA-3234-1 : openjdk-6 - security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0806.NASL
    descriptionFrom Red Hat Security Advisory 2015:0806 : Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82787
    published2015-04-15
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82787
    titleOracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2015-0806)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0808.NASL
    descriptionFrom Red Hat Security Advisory 2015:0808 : Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82788
    published2015-04-15
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82788
    titleOracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2015-0808)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0858.NASL
    descriptionUpdated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 95 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82910
    published2015-04-21
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82910
    titleRHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2015:0858)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0809.NASL
    descriptionUpdated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) Multiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82804
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82804
    titleCentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:0809)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150415_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL
    descriptionAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-03-18
    modified2015-04-16
    plugin id82814
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82814
    titleScientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20150415)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0807.NASL
    descriptionUpdated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82791
    published2015-04-15
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82791
    titleRHEL 5 : java-1.7.0-openjdk (RHSA-2015:0807)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2574-1.NASL
    descriptionSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480) Florian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478) A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this expose sensitive data over the network. (CVE-2015-0477) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2015-0488). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id82992
    published2015-04-22
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82992
    titleUbuntu 14.04 LTS / 14.10 : openjdk-7 vulnerabilities (USN-2574-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0809.NASL
    descriptionUpdated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) Multiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82811
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82811
    titleRHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2015:0809)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-515.NASL
    descriptionAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080 , CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478)
    last seen2020-06-01
    modified2020-06-02
    plugin id83058
    published2015-04-27
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83058
    titleAmazon Linux AMI : java-1.6.0-openjdk (ALAS-2015-515)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0857.NASL
    descriptionUpdated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 79 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82909
    published2015-04-21
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82909
    titleRHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:0857)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0809.NASL
    descriptionFrom Red Hat Security Advisory 2015:0809 : Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) Multiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82789
    published2015-04-15
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82789
    titleOracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2015-0809)

Redhat

advisories
  • rhsa
    idRHSA-2015:0806
  • rhsa
    idRHSA-2015:0807
  • rhsa
    idRHSA-2015:0808
  • rhsa
    idRHSA-2015:0809
  • rhsa
    idRHSA-2015:0854
  • rhsa
    idRHSA-2015:0857
  • rhsa
    idRHSA-2015:0858
rpms
  • java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.el6_6
  • java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-accessibility-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-accessibility-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.79-2.5.5.1.el6_6
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-demo-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-demo-1:1.7.0.79-2.5.5.1.el6_6
  • java-1.7.0-openjdk-demo-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-devel-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-devel-1:1.7.0.79-2.5.5.1.el6_6
  • java-1.7.0-openjdk-devel-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-headless-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-headless-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-javadoc-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-javadoc-1:1.7.0.79-2.5.5.1.el6_6
  • java-1.7.0-openjdk-javadoc-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-src-1:1.7.0.79-2.5.5.1.ael7b_1
  • java-1.7.0-openjdk-src-1:1.7.0.79-2.5.5.1.el6_6
  • java-1.7.0-openjdk-src-1:1.7.0.79-2.5.5.1.el7_1
  • java-1.7.0-openjdk-1:1.7.0.79-2.5.5.2.el5_11
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.79-2.5.5.2.el5_11
  • java-1.7.0-openjdk-demo-1:1.7.0.79-2.5.5.2.el5_11
  • java-1.7.0-openjdk-devel-1:1.7.0.79-2.5.5.2.el5_11
  • java-1.7.0-openjdk-javadoc-1:1.7.0.79-2.5.5.2.el5_11
  • java-1.7.0-openjdk-src-1:1.7.0.79-2.5.5.2.el5_11
  • java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el5_11
  • java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el6_6
  • java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el7_1
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.35-1.13.7.1.el5_11
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.35-1.13.7.1.el6_6
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.35-1.13.7.1.el7_1
  • java-1.6.0-openjdk-demo-1:1.6.0.35-1.13.7.1.el5_11
  • java-1.6.0-openjdk-demo-1:1.6.0.35-1.13.7.1.el6_6
  • java-1.6.0-openjdk-demo-1:1.6.0.35-1.13.7.1.el7_1
  • java-1.6.0-openjdk-devel-1:1.6.0.35-1.13.7.1.el5_11
  • java-1.6.0-openjdk-devel-1:1.6.0.35-1.13.7.1.el6_6
  • java-1.6.0-openjdk-devel-1:1.6.0.35-1.13.7.1.el7_1
  • java-1.6.0-openjdk-javadoc-1:1.6.0.35-1.13.7.1.el5_11
  • java-1.6.0-openjdk-javadoc-1:1.6.0.35-1.13.7.1.el6_6
  • java-1.6.0-openjdk-javadoc-1:1.6.0.35-1.13.7.1.el7_1
  • java-1.6.0-openjdk-src-1:1.6.0.35-1.13.7.1.el5_11
  • java-1.6.0-openjdk-src-1:1.6.0.35-1.13.7.1.el6_6
  • java-1.6.0-openjdk-src-1:1.6.0.35-1.13.7.1.el7_1
  • java-1.8.0-openjdk-1:1.8.0.45-28.b13.el6_6
  • java-1.8.0-openjdk-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-openjdk-accessibility-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-accessibility-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.45-28.b13.el6_6
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-openjdk-demo-1:1.8.0.45-28.b13.el6_6
  • java-1.8.0-openjdk-demo-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-demo-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-openjdk-devel-1:1.8.0.45-28.b13.el6_6
  • java-1.8.0-openjdk-devel-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-devel-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-openjdk-headless-1:1.8.0.45-28.b13.el6_6
  • java-1.8.0-openjdk-headless-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-headless-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-openjdk-javadoc-1:1.8.0.45-28.b13.el6_6
  • java-1.8.0-openjdk-javadoc-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-javadoc-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-openjdk-src-1:1.8.0.45-28.b13.el6_6
  • java-1.8.0-openjdk-src-1:1.8.0.45-30.b13.ael7b_1
  • java-1.8.0-openjdk-src-1:1.8.0.45-30.b13.el7_1
  • java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el7_1
  • java-1.8.0-oracle-devel-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-devel-1:1.8.0.45-1jpp.2.el7_1
  • java-1.8.0-oracle-javafx-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-javafx-1:1.8.0.45-1jpp.2.el7_1
  • java-1.8.0-oracle-jdbc-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-jdbc-1:1.8.0.45-1jpp.2.el7_1
  • java-1.8.0-oracle-plugin-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-plugin-1:1.8.0.45-1jpp.2.el7_1
  • java-1.8.0-oracle-src-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-src-1:1.8.0.45-1jpp.2.el7_1
  • java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el7_1
  • java-1.7.0-oracle-devel-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-devel-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-devel-1:1.7.0.79-1jpp.1.el7_1
  • java-1.7.0-oracle-javafx-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-javafx-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-javafx-1:1.7.0.79-1jpp.1.el7_1
  • java-1.7.0-oracle-jdbc-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-jdbc-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-jdbc-1:1.7.0.79-1jpp.1.el7_1
  • java-1.7.0-oracle-plugin-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-plugin-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-plugin-1:1.7.0.79-1jpp.1.el7_1
  • java-1.7.0-oracle-src-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-src-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-src-1:1.7.0.79-1jpp.1.el7_1
  • java-1.6.0-sun-1:1.6.0.95-1jpp.3.el5_11
  • java-1.6.0-sun-1:1.6.0.95-1jpp.3.el6_6
  • java-1.6.0-sun-1:1.6.0.95-1jpp.3.el7_1
  • java-1.6.0-sun-demo-1:1.6.0.95-1jpp.3.el5_11
  • java-1.6.0-sun-demo-1:1.6.0.95-1jpp.3.el6_6
  • java-1.6.0-sun-demo-1:1.6.0.95-1jpp.3.el7_1
  • java-1.6.0-sun-devel-1:1.6.0.95-1jpp.3.el5_11
  • java-1.6.0-sun-devel-1:1.6.0.95-1jpp.3.el6_6
  • java-1.6.0-sun-devel-1:1.6.0.95-1jpp.3.el7_1
  • java-1.6.0-sun-jdbc-1:1.6.0.95-1jpp.3.el5_11
  • java-1.6.0-sun-jdbc-1:1.6.0.95-1jpp.3.el6_6
  • java-1.6.0-sun-jdbc-1:1.6.0.95-1jpp.3.el7_1
  • java-1.6.0-sun-plugin-1:1.6.0.95-1jpp.3.el5_11
  • java-1.6.0-sun-plugin-1:1.6.0.95-1jpp.3.el6_6
  • java-1.6.0-sun-plugin-1:1.6.0.95-1jpp.3.el7_1
  • java-1.6.0-sun-src-1:1.6.0.95-1jpp.3.el5_11
  • java-1.6.0-sun-src-1:1.6.0.95-1jpp.3.el6_6
  • java-1.6.0-sun-src-1:1.6.0.95-1jpp.3.el7_1