Vulnerabilities > CVE-2015-2808 - Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Http Server 11.1.1.9.0 Oracle Http Server 12.2.1.2.0 Oracle Http Server 12.1.3.0.0 Oracle Http Server 11.1.1.7.0 Oracle Http Server 12.2.1.1.0 Oracle Communications Application Session Controller 3.0.0 Oracle Communications Application Session Controller 3.6.0 Oracle Communications Application Session Controller 3.7.0 Oracle Communications Application Session Controller 3.7.1 Oracle Communications Application Session Controller 3.8.0 Oracle Communications Application Session Controller 3.8M0 Oracle Communications Application Session Controller 3.9.0 Oracle Communications Policy Management 8.0.5 Oracle Communications Policy Management 8.0.6 Oracle Communications Policy Management 9.1.5 Oracle Communications Policy Management 9.1.6 Oracle Communications Policy Management 9.1.7 Oracle Communications Policy Management 9.1.8 Oracle Communications Policy Management 9.1.9 Oracle Communications Policy Management 9.1.10 Oracle Communications Policy Management 9.4 Oracle Communications Policy Management 9.7 Oracle Communications Policy Management 9.7.2 Oracle Communications Policy Management 9.7.3 Oracle Communications Policy Management 9.7.4 Oracle Communications Policy Management 9.8 Oracle Communications Policy Management 9.9 Oracle Communications Policy Management 9.9.1	28
Application	Redhat Redhat Satellite 5.7 Redhat Satellite 5.6	2
Application	Suse Suse Linux Enterprise Debuginfo 11 Suse Manager 1.7	3
Application	Huawei Huawei Policy Center V100R003C10 Huawei Policy Center V100R003C00 Huawei Smc2.0 V100R002C01 Huawei Smc2.0 V100R002C02 Huawei Smc2.0 V100R002C03 Huawei Smc2.0 V100R002C04 Huawei Ultravr V100R003C00 Huawei Oceanstor Replicationdirector V100R003C00	8
Application	Ibm IBM Cognos Metrics Manager 10.2.1 IBM Cognos Metrics Manager 10.2 IBM Cognos Metrics Manager 10.1.1 IBM Cognos Metrics Manager 10.1 IBM Cognos Metrics Manager 10.2.2	5
OS	Oracle Oracle Integrated Lights OUT Manager Firmware 4.0.0 Oracle Integrated Lights OUT Manager Firmware 4.0.1 Oracle Integrated Lights OUT Manager Firmware 4.0.2 Oracle Integrated Lights OUT Manager Firmware 4.0.3 Oracle Integrated Lights OUT Manager Firmware 4.0.4 Oracle Integrated Lights OUT Manager Firmware 3.0.0 Oracle Integrated Lights OUT Manager Firmware 3.0.3 Oracle Integrated Lights OUT Manager Firmware 3.0.4 Oracle Integrated Lights OUT Manager Firmware 3.0.6 Oracle Integrated Lights OUT Manager Firmware 3.0.8 Oracle Integrated Lights OUT Manager Firmware 3.0.9 Oracle Integrated Lights OUT Manager Firmware 3.0.10 Oracle Integrated Lights OUT Manager Firmware 3.0.12 Oracle Integrated Lights OUT Manager Firmware 3.0.14 Oracle Integrated Lights OUT Manager Firmware 3.0.16 Oracle Integrated Lights OUT Manager Firmware 3.1 Oracle Integrated Lights OUT Manager Firmware 3.1.0 Oracle Integrated Lights OUT Manager Firmware 3.1.1 Oracle Integrated Lights OUT Manager Firmware 3.1.2 Oracle Integrated Lights OUT Manager Firmware 3.2 Oracle Integrated Lights OUT Manager Firmware 3.2.0 Oracle Integrated Lights OUT Manager Firmware 3.2.1 Oracle Integrated Lights OUT Manager Firmware 3.2.2 Oracle Integrated Lights OUT Manager Firmware 3.2.3 Oracle Integrated Lights OUT Manager Firmware 3.2.4 Oracle Integrated Lights OUT Manager Firmware 3.2.5 Oracle Integrated Lights OUT Manager Firmware 3.2.6 Oracle Integrated Lights OUT Manager Firmware 3.2.7 Oracle Integrated Lights OUT Manager Firmware 3.2.8 Oracle Integrated Lights OUT Manager Firmware 3.2.9 Oracle Integrated Lights OUT Manager Firmware 3.2.10 Oracle Integrated Lights OUT Manager Firmware 3.2.11	32
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 7.0	2
OS	Redhat Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Desktop 6.0 Redhat Enterprise Linux Desktop 5.0 Redhat Enterprise Linux Server 5.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Workstation 5.0 Redhat Enterprise Linux Workstation 6.0 Redhat Enterprise Linux Server AUS 6.6 Redhat Enterprise Linux Server AUS 7.3 Redhat Enterprise Linux Server AUS 7.4 Redhat Enterprise Linux Server AUS 7.6 Redhat Enterprise Linux Server AUS 7.7 Redhat Enterprise Linux EUS 7.1 Redhat Enterprise Linux EUS 6.6 Redhat Enterprise Linux EUS 7.3 Redhat Enterprise Linux EUS 7.4 Redhat Enterprise Linux EUS 7.5 Redhat Enterprise Linux EUS 7.6 Redhat Enterprise Linux EUS 7.2 Redhat Enterprise Linux EUS 7.7 Redhat Enterprise Linux Server TUS 7.3 Redhat Enterprise Linux Server TUS 7.6 Redhat Enterprise Linux Server TUS 7.7 Redhat Enterprise Linux 5.0 Redhat Enterprise Linux 6.0	27
OS	Suse Suse Linux Enterprise Server 11 Suse Linux Enterprise Server 10 Suse Linux Enterprise Server 12 Suse Linux Enterprise Desktop 11 Suse Linux Enterprise Desktop 12 Suse Linux Enterprise Software Development KIT 11 Suse Linux Enterprise Software Development KIT 12	11
OS	Opensuse Opensuse Opensuse 13.1 Opensuse Opensuse 13.2	2
OS	Canonical Canonical Ubuntu Linux 15.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 14.04	3
OS	Fujitsu Fujitsu Sparc Enterprise M3000 Firmware Xcp Fujitsu Sparc Enterprise M4000 Firmware Xcp Fujitsu Sparc Enterprise M5000 Firmware Xcp Fujitsu Sparc Enterprise M8000 Firmware Xcp Fujitsu Sparc Enterprise M9000 Firmware Xcp	5
OS	Huawei Huawei E6000 Firmware - Huawei E9000 Firmware - Huawei Oceanstor 18500 Firmware - Huawei Oceanstor 18800 Firmware - Huawei Oceanstor 18800F Firmware - Huawei Oceanstor 9000 Firmware - Huawei Oceanstor CSE Firmware - Huawei Oceanstor Hvs85T Firmware - Huawei Oceanstor S2600T Firmware - Huawei Oceanstor S5500T Firmware - Huawei Oceanstor S5600T Firmware - Huawei Oceanstor S5800T Firmware - Huawei Oceanstor S6800T Firmware - Huawei Oceanstor Vis6600T Firmware - Huawei Quidway S9300 Firmware - Huawei S7700 Firmware - Huawei 9700 Firmware - Huawei S12700 Firmware - Huawei S2700 Firmware - Huawei S3700 Firmware - Huawei S5700Ei Firmware - Huawei S5700Hi Firmware - Huawei S5700Si Firmware - Huawei S5710Ei Firmware - Huawei S5710Hi Firmware - Huawei S6700 Firmware - Huawei S2750 Firmware - Huawei S5700Li Firmware - Huawei S5700S LI Firmware - Huawei S5720Hi Firmware - Huawei S5720Ei Firmware - Huawei Te60 Firmware -	32
Hardware	Fujitsu Fujitsu Sparc Enterprise M3000 - Fujitsu Sparc Enterprise M4000 - Fujitsu Sparc Enterprise M5000 - Fujitsu Sparc Enterprise M8000 - Fujitsu Sparc Enterprise M9000 -	5
Hardware	Huawei Huawei E6000 - Huawei E9000 - Huawei Oceanstor 18500 - Huawei Oceanstor 18800 - Huawei Oceanstor 18800F - Huawei Oceanstor 9000 - Huawei Oceanstor CSE - Huawei Oceanstor Hvs85T - Huawei Oceanstor S2600T - Huawei Oceanstor S5500T - Huawei Oceanstor S5600T - Huawei Oceanstor S5800T - Huawei Oceanstor S6800T - Huawei Oceanstor Vis6600T - Huawei Quidway S9300 - Huawei S7700 - Huawei 9700 - Huawei S12700 - Huawei S2700 - Huawei S3700 - Huawei S5700Ei - Huawei S5700Hi - Huawei S5700Si - Huawei S5710Ei - Huawei S5710Hi - Huawei S6700 - Huawei S2750 - Huawei S5700Li - Huawei S5700S LI - Huawei S5720Hi - Huawei S5720Ei - Huawei Te60 -	32

Common Weakness Enumeration (CWE)

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Common Attack Pattern Enumeration and Classification (CAPEC)

Encryption Brute Forcing
An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.
Creating a Rogue Certificate Authority Certificate
An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .
Signature Spoof
An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
Cryptanalysis
Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: 1. Total Break - Finding the secret key 2. Global Deduction - Finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key. 3. Information Deduction - Gaining some information about plaintexts or ciphertexts that was not previously known 4. Distinguishing Algorithm - The attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits The goal of the attacker performing cryptanalysis will depend on the specific needs of the attacker in a given attack context. In most cases, if cryptanalysis is successful at all, an attacker will not be able to go past being able to deduce some information about the plaintext (goal 3). However, that may be sufficient for an attacker, depending on the context.

Nessus

NASL family	F5 Networks Local Security Checks
NASL id	F5_BIGIP_SOL16864.NASL
description	The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the
last seen	2020-06-01
modified	2020-06-02
plugin id	86010
published	2015-09-18
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86010
title	F5 Networks BIG-IP : SSL/TLS RC4 vulnerability (K16864) (Bar Mitzvah)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1086-2.NASL
description	IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs. Tabulated information can be found on: <a href=
last seen	2020-06-01
modified	2020-06-02
plugin id	84337
published	2015-06-23
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84337
title	SUSE SLES11 Security Update : IBM Java (SUSE-SU-2015:1086-2) (Bar Mitzvah) (FREAK)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2015-1526.NASL
description	From Red Hat Security Advisory 2015:1526 : Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	85137
published	2015-07-31
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85137
title	Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2015-1526) (Bar Mitzvah) (Logjam)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20150715_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL
description	Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) It was discovered that the GCM (Galois Counter Mode) implementation in the Security component of OpenJDK failed to properly perform a null check. This could cause the Java Virtual Machine to crash when an application performed encryption using a block cipher in the GCM mode. (CVE-2015-2659) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. Note: This issue was originally fixed as CVE-2015-0383, but the fix was regressed in the SLSA-2015:0809 advisory. (CVE-2015-3149) All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-03-18
modified	2015-07-16
plugin id	84793
published	2015-07-16
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84793
title	Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20150715) (Bar Mitzvah) (Logjam)

NASL family	Windows
NASL id	ORACLE_JROCKIT_CPU_JUL_2015.NASL
description	The version of Oracle JRockit installed on the remote Windows host is R28 prior to R28.3.7. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the JCE component that allows a remote attacker to gain access to sensitive information. (CVE-2015-2601) - An unspecified flaw exists in the JSSE component when handling the SSL/TLS protocol. A remote attacker can exploit this to gain access to sensitive information. (CVE-2015-2625) - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000) - An unspecified flaw exists in the Security component when handling the Online Certificate Status Protocol (OCSP). A remote attacker can exploit this to execute arbitrary code. (CVE-2015-4748) - An unspecified flaw exists in the JNDI component that allows a remote attacker to cause a denial of service. (CVE-2015-4749)
last seen	2020-06-01
modified	2020-06-02
plugin id	84808
published	2015-07-16
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84808
title	Oracle JRockit R28 < R28.3.7 Multiple Vulnerabilities (July 2015 CPU) (Bar Mitzvah) (Logjam)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2015-571.NASL
description	Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760 , CVE-2015-2628 , CVE-2015-4731 , CVE-2015-2590 , CVE-2015-4732 , CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) It was discovered that the GCM (Galois Counter Mode) implementation in the Security component of OpenJDK failed to properly perform a null check. This could cause the Java Virtual Machine to crash when an application performed encryption using a block cipher in the GCM mode. (CVE-2015-2659) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Please note that with this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Please note that this update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621 , CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack.
last seen	2020-06-01
modified	2020-06-02
plugin id	84931
published	2015-07-23
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84931
title	Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2015-571) (Bar Mitzvah) (Logjam)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-512.NASL
description	OpenJDK was updated to 2.6.1 - OpenJDK 8u51 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2597: Easily exploitable vulnerability in the Install component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. - CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2627: Very difficult to exploit vulnerability in the Install component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2628: Easily exploitable vulnerability in the CORBA component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2659: Easily exploitable vulnerability in the Security component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). - CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. - CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. - CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. - CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4736: Difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). - CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
last seen	2020-06-05
modified	2015-07-27
plugin id	85002
published	2015-07-27
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85002
title	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-512) (Bar Mitzvah) (Logjam)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1242.NASL
description	Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-2590, CVE-2015-2596, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760) Note: With this update, Oracle JDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. Note: This update forces the TLS/SSL client implementation in Oracle JDK to reject DH key sizes below 768 bits to address the CVE-2015-4000 issue. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 85 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	84872
published	2015-07-20
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84872
title	RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:1242) (Bar Mitzvah) (Logjam)

NASL family	Web Servers
NASL id	ORACLE_HTTP_SERVER_CPU_OCT_2015.NASL
description	The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities : - (CVE-2003-1418) - A denial of service vulnerability exists in libxml2, related to the xmlParserHandlePEReference() function in file parser.c, due to loading external parameter entities without regard to entity substitution or validation being enabled, as in the case of entity substitution in the doctype prolog. An unauthenticated, remote attacker can exploit this, via specially crafted XML content, to exhaust the system CPU, memory, or file descriptor resources. (CVE-2014-0191) - An unspecified vulnerability exists in the Web Listener component that allows an unauthenticated, remote attacker to impact availability. (CVE-2015-1829) - (CVE-2015-2808) - An unspecified vulnerability exists in the OSSL Module that allows an unauthenticated, remote attacker to impact confidentiality. (CVE-2015-4812) - An unspecified vulnerability exists in the Web Listener component that allows an authenticated, remote attacker to impact confidentiality. (CVE-2015-4914) - (CVE-2016-2183)
last seen	2020-03-18
modified	2015-10-23
plugin id	86569
published	2015-10-23
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86569
title	Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (October 2015 CPU)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1138-1.NASL
description	IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs. Tabulated information can be found on: <a href=
last seen	2020-06-01
modified	2020-06-02
plugin id	84425
published	2015-06-26
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84425
title	SUSE SLES10 Security Update : IBM Java (SUSE-SU-2015:1138-1) (Bar Mitzvah) (FREAK)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1091.NASL
description	Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Satellite 5.6 and 5.7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to from the References section, for additional details about this change. Users of Red Hat Satellite 5.6 and 5.7 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16-FP4 release. For this update to take effect, Red Hat Satellite must be restarted (
last seen	2020-06-01
modified	2020-06-02
plugin id	84143
published	2015-06-12
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84143
title	RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:1091) (Bar Mitzvah)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1228.NASL
description	Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) It was discovered that the GCM (Galois Counter Mode) implementation in the Security component of OpenJDK failed to properly perform a null check. This could cause the Java Virtual Machine to crash when an application performed encryption using a block cipher in the GCM mode. (CVE-2015-2659) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. Note: This issue was originally fixed as CVE-2015-0383, but the fix was regressed in the RHSA-2015:0809 advisory. (CVE-2015-3149) All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	84787
published	2015-07-16
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84787
title	RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2015:1228) (Bar Mitzvah) (Logjam)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1375-1.NASL
description	java-1_7_0-ibm was updated to fix 21 security issues. These security issues were fixed : - CVE-2015-4729: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allowed remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment (bsc#938895). - CVE-2015-4748: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security (bsc#938895). - CVE-2015-2664: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bsc#938895). - CVE-2015-0192: Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allowed remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine (bsc#938895). - CVE-2015-2613: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via vectors related to JCE (bsc#938895). - CVE-2015-4731: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX (bsc#938895). - CVE-2015-2637: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#938895). - CVE-2015-4733: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI (bsc#938895). - CVE-2015-4732: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590 (bsc#938895). - CVE-2015-2621: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allowed remote attackers to affect confidentiality via vectors related to JMX (bsc#938895). - CVE-2015-2619: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#938895). - CVE-2015-2590: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732 (bsc#938895). - CVE-2015-2638: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#938895). - CVE-2015-2625: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via vectors related to JSSE (bsc#938895). - CVE-2015-2632: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#938895). - CVE-2015-1931: Unspecified vulnerability (bsc#938895). - CVE-2015-4760: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#938895). - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the
last seen	2020-06-01
modified	2020-06-02
plugin id	85379
published	2015-08-13
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85379
title	SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1375-1) (Bar Mitzvah) (Logjam)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3316.NASL
description	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.
last seen	2020-06-01
modified	2020-06-02
plugin id	85031
published	2015-07-28
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85031
title	Debian DSA-3316-1 : openjdk-7 - security update (Bar Mitzvah) (Logjam)

NASL family	Misc.
NASL id	IBM_STORWIZE_CVE_2015_2808.NASL
description	According to its self-reported version number, the IBM Storwize server running on the remote host is affected by a security feature bypass vulnerability, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	91633
published	2016-06-16
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91633
title	IBM Storwize SSL/TLS RC4 Stream Cipher Key Invariance (Bar Mitzvah)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20150730_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL
description	Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000) It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-03-18
modified	2015-08-04
plugin id	85212
published	2015-08-04
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85212
title	Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20150730) (Bar Mitzvah) (Logjam)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-511.NASL
description	OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2596: Difficult to exploit vulnerability in the Hotspot component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data. - CVE-2015-2597: Easily exploitable vulnerability in the Install component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. - CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2627: Very difficult to exploit vulnerability in the Install component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2628: Easily exploitable vulnerability in the CORBA component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. - CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. - CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. - CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4736: Difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). - CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
last seen	2020-06-05
modified	2015-07-27
plugin id	85001
published	2015-07-27
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85001
title	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2015-511) (Bar Mitzvah) (Logjam)

NASL family	Web Servers
NASL id	WEBSPHERE_8_5_5_6.NASL
description	The IBM WebSphere Application Server running on the remote host is version 7.0 prior to 7.0.0.39, 8.0 prior to 8.0.0.11, or 8.5 prior to 8.5.5.6. It is, therefore, potentially affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists in the IBM Global Security Kit (GSKit) due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0138) - An information disclosure vulnerability exists due to a flaw in the Bleichenbacher countermeasure implementation in Apache WSS4J. A remote attacker can exploit this, via a crafted message, to determine where an encryption failure to place, allowing the attacker to gain access to the plaintext symmetric key. (CVE-2015-0226) - An XML External Entity (XXE) vulnerability exists due to an incorrectly configured XML parser that accepts XML external entities from an untrusted source. A remote attacker can exploit this, via specially crafted XML data, to gain access to arbitrary files. (CVE-2015-0250) - A privilege escalation vulnerability exists due to a flaw that occurs in
last seen	2020-06-01
modified	2020-06-02
plugin id	84639
published	2015-07-09
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84639
title	IBM WebSphere Application Server 7.0 < 7.0.0.39 (FP39) / 8.0 < 8.0.0.11 (FP11) / 8.5 < 8.5.5.6 (FP6) Multiple Vulnerabilities (Bar Mitzvah) (FREAK)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1006.NASL
description	Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to from the References section, for additional details about this change. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP4 release. All running instances of IBM Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	83432
published	2015-05-13
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83432
title	RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2015:1006) (Bar Mitzvah)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1345-1.NASL
description	IBM Java was updated to 6.0-16.7 to fix several security issues. The following vulnerabilities were fixed : - CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. - CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. - CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. - CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). - CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-24
modified	2019-01-02
plugin id	119969
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119969
title	SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:1345-1) (Bar Mitzvah) (Logjam)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1241.NASL
description	Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2659, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760) Note: With this update, Oracle JDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. Note: This update forces the TLS/SSL client implementation in Oracle JDK to reject DH key sizes below 768 bits to address the CVE-2015-4000 issue. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 51 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	84871
published	2015-07-20
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84871
title	RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2015:1241) (Bar Mitzvah) (Logjam)

NASL family	Web Servers
NASL id	ORACLE_HTTP_SERVER_CPU_JUL_2016.NASL
description	The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities as noted in the July 2016 CPU advisory.
last seen	2020-03-18
modified	2016-07-25
plugin id	92542
published	2016-07-25
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92542
title	Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (July 2016 CPU)

NASL family	CISCO
NASL id	CISCO_TELEPRESENCE_VCS_MULTIPLE_880.NASL
description	According to its self-reported version, the Cisco TelePresence Video Communication Server (VCS) / Expressway running on the remote host is 8.x prior to 8.8. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808) - A flaw exists in the web framework of TelePresence Video Communication Server (VCS) Expressway due to missing authorization checks on certain administrative pages. An authenticated, remote attacker can exploit this to bypass read-only restrictions and install Tandberg Linux Packages (TLPs) without proper authorization. (CVE-2015-6413) - A flaw exists in certificate management and validation for the Mobile and Remote Access (MRA) component due to improper input validation of a trusted certificate. An unauthenticated, remote attacker can exploit this, using a trusted certificate, to bypass authentication and gain access to internal HTTP system resources. (CVE-2016-1444) - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - Multiple flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. (CVE-2016-2107) - A remote code execution vulnerability exists in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108) - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109) - An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN.1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory. (CVE-2016-2176) - An information disclosure vulnerability exists in the file system permissions due to certain files having overly permissive permissions. An unauthenticated, local attacker can exploit this to disclose sensitive information. (Cisco bug ID CSCuw55636) Note that Cisco bug ID CSCuw55636 and CVE-2015-6413 only affect versions 8.6.x prior to 8.8.
last seen	2020-06-01
modified	2020-06-02
plugin id	92045
published	2016-07-14
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92045
title	Cisco TelePresence VCS / Expressway 8.x < 8.8 Multiple Vulnerabilities (Bar Mitzvah)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1086-4.NASL
description	IBM Java 1.7.0 was updated to SR9 fixing security issues and bugs. Tabulated information can be found on: <a href=
last seen	2020-06-01
modified	2020-06-02
plugin id	84441
published	2015-06-29
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84441
title	SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1086-4) (Bar Mitzvah) (FREAK)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2015-1228.NASL
description	Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) It was discovered that the GCM (Galois Counter Mode) implementation in the Security component of OpenJDK failed to properly perform a null check. This could cause the Java Virtual Machine to crash when an application performed encryption using a block cipher in the GCM mode. (CVE-2015-2659) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. Note: This issue was originally fixed as CVE-2015-0383, but the fix was regressed in the RHSA-2015:0809 advisory. (CVE-2015-3149) All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	84770
published	2015-07-16
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84770
title	CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:1228) (Bar Mitzvah) (Logjam)

NASL family	Web Servers
NASL id	ORACLE_HTTP_SERVER_CPU_JAN_2015.NASL
description	The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities in the Web Listener subcomponent : - An integer overflow condition exists in libxml2 within file xpath.c, related to XPath expressions when adding a new namespace note. An unauthenticated, remote attacker can exploit this, via a crafted XML file, to cause a denial of service condition or the execution of arbitary code. (CVE-2011-1944) - An integer overflow condition exists in the HTTP server, specifically in the ap_pregsub() function within file server/util.c, when the mod_setenvif module is enabled. A local attacker can exploit this to gain elevated privileges by using an .htaccess file with a crafted combination of SetEnvIf directives and HTTP request headers. (CVE-2011-3607) - A flaw exists in libxml2, known as the
last seen	2020-03-18
modified	2015-01-27
plugin id	81002
published	2015-01-27
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/81002
title	Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2015 CPU)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-2192-1.NASL
description	This update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.15 bsc#955131: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 - Add backcompat symlinks for sdkdir - Fix baselibs.conf policy symlinking - Fix bsc#941939 to provide %{name} instead of %{sdklnk} only in _jvmprivdir Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-24
modified	2019-01-02
plugin id	119972
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119972
title	SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:2192-1) (Bar Mitzvah) (FREAK)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1161-1.NASL
description	IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs. Tabulated information can be found on: [http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Updat e_May _2015](http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security _Upda te_May_2015) CVEs addressed: CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 Additional bugs fixed : - Fix javaws/plugin stuff should slave plugin update-alternatives (bnc#912434) - Changed Java to use the system root CA certificates (bnc#912447) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-24
modified	2019-01-02
plugin id	119967
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119967
title	SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:1161-1) (Bar Mitzvah) (FREAK)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2706-1.NASL
description	Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-2590, CVE-2015-2628, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4760, CVE-2015-4748) Several vulnerabilities were discovered in the cryptographic components of the OpenJDK JRE. An attacker could exploit these to expose sensitive data over the network. (CVE-2015-2601, CVE-2015-2808, CVE-2015-4000, CVE-2015-2625, CVE-2015-2613) As a security improvement, this update modifies OpenJDK behavior to disable RC4 TLS/SSL cipher suites by default. As a security improvement, this update modifies OpenJDK behavior to reject DH key sizes below 768 bits by default, preventing a possible downgrade attack. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2015-2621, CVE-2015-2632) A vulnerability was discovered with how the JNDI component of the OpenJDK JRE handles DNS resolutions. A remote attacker could exploit this to cause a denial of service. (CVE-2015-4749). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	85265
published	2015-08-07
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85265
title	Ubuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-2706-1) (Bar Mitzvah) (Logjam)

NASL family	AIX Local Security Checks
NASL id	AIX_U863668.NASL
description	The remote host is missing AIX PTF U863668, which is related to the security of the package bos.net.tcp.server. Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.
last seen	2020-06-01
modified	2020-06-02
plugin id	87185
published	2015-12-04
reporter	This script is Copyright (C) 2015 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/87185
title	AIX 6.1 TL 9 : bos.net.tcp.server (U863668) (Bar Mitzvah)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1021.NASL
description	Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. IBM Java SDK and JRE 5.0 will not receive software updates after September 2015. This date is referred to as the End of Service (EOS) date. Customers are advised to migrate to current versions of IBM Java at this time. IBM Java SDK and JRE versions 6 and 7 are available via the Red Hat Enterprise Linux 5 and 6 Supplementary content sets and will continue to receive updates based on IBM
last seen	2020-06-01
modified	2020-06-02
plugin id	83754
published	2015-05-21
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83754
title	RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:1021) (Bar Mitzvah)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1086-3.NASL
description	IBM Java 1.7.0 was updated to SR9 fixing security issues and bugs. Tabulated information can be found on: <a href=
last seen	2020-06-01
modified	2020-06-02
plugin id	84423
published	2015-06-26
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84423
title	SUSE SLES11 Security Update : Java (SUSE-SU-2015:1086-3) (Bar Mitzvah) (FREAK)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20150715_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL
description	Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-03-18
modified	2015-07-16
plugin id	84791
published	2015-07-16
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84791
title	Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20150715) (Bar Mitzvah) (Logjam)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2696-1.NASL
description	Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-2590, CVE-2015-2628, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4760, CVE-2015-4748) Several vulnerabilities were discovered in the cryptographic components of the OpenJDK JRE. An attacker could exploit these to expose sensitive data over the network. (CVE-2015-2601, CVE-2015-2808, CVE-2015-4000, CVE-2015-2625, CVE-2015-2613) As a security improvement, this update modifies OpenJDK behavior to disable RC4 TLS/SSL cipher suites by default. As a security improvement, this update modifies OpenJDK behavior to reject DH key sizes below 768 bits by default, preventing a possible downgrade attack. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2015-2621, CVE-2015-2632) A vulnerability was discovered with how the JNDI component of the OpenJDK JRE handles DNS resolutions. A remote attacker could exploit this to cause a denial of service. (CVE-2015-4749). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	85154
published	2015-07-31
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85154
title	Ubuntu 14.04 LTS / 15.04 : openjdk-7 vulnerabilities (USN-2696-1) (Bar Mitzvah) (Logjam)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2015-1230.NASL
description	From Red Hat Security Advisory 2015:1230 : Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	84817
published	2015-07-17
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84817
title	Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2015-1230) (Bar Mitzvah) (Logjam)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2015-1229.NASL
description	Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	84771
published	2015-07-16
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84771
title	CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2015:1229) (Bar Mitzvah) (Logjam)

NASL family	Misc.
NASL id	HP_DATA_PROTECTOR_HPSBGN03580.NASL
description	The version of HP Data Protector installed on the remote host is 7.0x prior to 7.03 build 108, 8.1x prior to 8.15, or 9.0x prior to 9.06. It is, therefore, affected by the following vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808) - A flaw exists due to a failure to authenticate users, even with Encrypted Control Communications enabled. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-2004) - Multiple overflow conditions exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, via specially crafted
last seen	2020-06-01
modified	2020-06-02
plugin id	90796
published	2016-04-29
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90796
title	HP Data Protector 7.0x < 7.03 build 108 / 8.1x < 8.15 / 9.0x < 9.06 Multiple Vulnerabilities (HPSBGN03580) (Bar Mitzvah)

NASL family	AIX Local Security Checks
NASL id	AIX_JAVA_APRIL2015_ADVISORY.NASL
description	The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities : - The Global Security Kit (GSKit) contains a flaw due to improper restrictions of TLS state transitions. A man-in-the-middle attacker can exploit this to downgrade the security of a session to use EXPORT_RSA ciphers. This allows the attacker to more easily break the encryption and monitor or tamper with the encrypted stream. (CVE-2015-0138) - An unspecified flaw exists that allows an attacker to execute code running under a security manager with elevated privileges.(CVE-2015-0192) - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204) - Multiple unspecified vulnerabilities exist in multiple Java subcomponents including 2D, Beans, Deployment, JCE, JSSE, and tools. (CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491) - An unspecified flaw exists that allows a remote attacker to bypass permission checks and gain access to sensitive information. (CVE-2015-1914) - An unspecified flaw exists due to the Socket Extension Provider
last seen	2020-06-01
modified	2020-06-02
plugin id	84087
published	2015-06-10
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84087
title	AIX Java Advisory : java_april2015_advisory.asc (Bar Mitzvah) (FREAK)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2015-570.NASL
description	Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760 , CVE-2015-2628 , CVE-2015-4731 , CVE-2015-2590 , CVE-2015-4732 , CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Please note that with this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Please note that this update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621 , CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625)
last seen	2020-06-01
modified	2020-06-02
plugin id	84930
published	2015-07-23
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84930
title	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-570) (Bar Mitzvah) (Logjam)

NASL family	CGI abuses
NASL id	JIRA_6_4_10.NASL
description	According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 6.4.10 or 7.0.0-OD-02. It is, therefore, potentially affected by a security feature bypass vulnerability, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-04-30
modified	2015-12-07
plugin id	87218
published	2015-12-07
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87218
title	Atlassian JIRA < 6.4.10 / 7.0.0-OD-02 MitM Plaintext Disclosure (Bar Mitzvah)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1331-1.NASL
description	IBM Java was updated to 7.1-3.10 to fix several security issues. The following vulnerabilities were fixed : - CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. - CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. - CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. - CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. - CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. - CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). - CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	85214
published	2015-08-04
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85214
title	SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2015:1331-1) (Bar Mitzvah) (Logjam)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1509-1.NASL
description	IBM Java was updated to version 6 SR16 FP7 (6.0-16.7) to fix several security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. - CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. - CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. (bnc#935540) - CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). - CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	85869
published	2015-09-09
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85869
title	SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2015:1509-1) (Bar Mitzvah) (Logjam)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2015-1526.NASL
description	Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	85127
published	2015-07-31
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85127
title	CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2015:1526) (Bar Mitzvah) (Logjam)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2015-1229.NASL
description	From Red Hat Security Advisory 2015:1229 : Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	84785
published	2015-07-16
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84785
title	Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2015-1229) (Bar Mitzvah) (Logjam)

NASL family	Firewalls
NASL id	CHECK_POINT_GAIA_SK106499.NASL
description	The remote host is running a version of Gaia OS which is affected by multiple vulnerabilities: - An out of bounds read denial of service vulnerability in OpenSSL (CVE-2015-1789) - An information disclosure weakness in the RC4 algorithm as used in SSL/TLS (CVE-2015-2808)
last seen	2020-06-01
modified	2020-06-02
plugin id	105000
published	2017-12-04
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/105000
title	Check Point Gaia Operating System Multiple Vulnerabilities (sk106499)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1319-1.NASL
description	OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2596: Difficult to exploit vulnerability in the Hotspot component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data. - CVE-2015-2597: Easily exploitable vulnerability in the Install component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. - CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2627: Very difficult to exploit vulnerability in the Install component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2628: Easily exploitable vulnerability in the CORBA component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. - CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. - CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. - CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4736: Difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). - CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	85152
published	2015-07-31
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85152
title	SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:1319-1) (Bar Mitzvah) (Logjam)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2015-1230.NASL
description	Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	84772
published	2015-07-16
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84772
title	CentOS 5 : java-1.7.0-openjdk (CESA-2015:1230) (Bar Mitzvah) (Logjam)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1229.NASL
description	Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	84788
published	2015-07-16
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84788
title	RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2015:1229) (Bar Mitzvah) (Logjam)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1243.NASL
description	Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760) Note: With this update, Oracle JDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. Note: This update forces the TLS/SSL client implementation in Oracle JDK to reject DH key sizes below 768 bits to address the CVE-2015-4000 issue. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 101 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	84873
published	2015-07-20
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84873
title	RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2015:1243) (Bar Mitzvah) (Logjam)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2015-1228.NASL
description	From Red Hat Security Advisory 2015:1228 : Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) It was discovered that the GCM (Galois Counter Mode) implementation in the Security component of OpenJDK failed to properly perform a null check. This could cause the Java Virtual Machine to crash when an application performed encryption using a block cipher in the GCM mode. (CVE-2015-2659) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. Note: This issue was originally fixed as CVE-2015-0383, but the fix was regressed in the RHSA-2015:0809 advisory. (CVE-2015-3149) All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	84784
published	2015-07-16
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84784
title	Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2015-1228) (Bar Mitzvah) (Logjam)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-303.NASL
description	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography. For Debian 6
last seen	2020-03-17
modified	2015-08-31
plugin id	85695
published	2015-08-31
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85695
title	Debian DLA-303-1 : openjdk-6 security update (Bar Mitzvah) (Logjam)

NASL family	Databases
NASL id	DB2_105FP7_NIX.NASL
description	According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 7. It is, therefore, affected by the following vulnerabilities : - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204) - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A privilege escalation vulnerability exists due to an untrusted search path flaw. A local attacker can exploit this, via a specially crafted library that is loaded by a setuid or setgid process, to gain elevated privileges on the system. (CVE-2015-1947) - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000) Note that several of these vulnerabilities are due to the bundled GSKit component and the embedded FCM 4.1 libraries.
last seen	2020-06-01
modified	2020-06-02
plugin id	87764
published	2016-01-06
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87764
title	IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities (Linux) (Bar Mitzvah) (FREAK) (Logjam)

NASL family	Databases
NASL id	DB2_105FP6.NASL
description	According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 6. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the IBM Global Security Kit (GSKit) when handling RSA temporary keys in a non-export RSA key exchange ciphersuite. A man-in-the-middle attacker can exploit this to downgrade the session security to use weaker EXPORT_RSA ciphers, thus allowing the attacker to more easily monitor or tamper with the encrypted stream. (CVE-2015-0138) - An unspecified flaw in the General Parallel File System (GPFS) allows a local attacker to gain root privileges. (CVE-2015-0197) - A flaw exists in the General Parallel File System (GPFS), related to certain cipherList configurations, that allows a remote attacker, using specially crafted data, to bypass authentication and execute arbitrary programs with root privileges. (CVE-2015-0198) - A denial of service vulnerability exists in the General Parallel File System (GPFS) that allows a local attacker to corrupt kernel memory by sending crafted ioctl character device calls to the mmfslinux kernel module. (CVE-2015-0199) - An information disclosure vulnerability exists in the automated maintenance feature. An attacker with elevated privileges can exploit this issue by manipulating a stored procedure, resulting in the disclosure of arbitrary files owned by the DB2 fenced ID on UNIX/Linux or the administrator on Windows. (CVE-2015-1883) - A flaw exists in the Data Movement feature when handling specially crafted queries. An authenticated, remote attacker can exploit this to delete database rows from a table without having the appropriate privileges. (CVE-2015-1922) - An unspecified flaw exists when handling SQL statements with LUW Scaler functions. An authenticated, remote attacker can exploit this to run arbitrary code, under the privileges of the DB2 instance owner, or to cause a denial of service. (CVE-2015-1935) - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808) - An information disclosure vulnerability exists due to improper block cipher padding by TLSv1 when using Cipher Block Chaining (CBC) mode. A remote attacker, via an
last seen	2020-06-01
modified	2020-06-02
plugin id	86002
published	2015-09-18
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86002
title	IBM DB2 10.5 < Fix Pack 6 Multiple Vulnerabilities (Bar Mitzvah)

NASL family	General
NASL id	SSL_RC4_SUPPORTED_CIPHERS.NASL
description	The remote host supports the use of RC4 in one or more cipher suites. The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness. If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
last seen	2020-03-18
modified	2013-04-05
plugin id	65821
published	2013-04-05
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65821
title	SSL RC4 Cipher Suites Supported (Bar Mitzvah)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2015-586.NASL
description	Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760 , CVE-2015-2628 , CVE-2015-4731 , CVE-2015-2590 , CVE-2015-4732 , CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000) It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621 , CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625)
last seen	2020-06-01
modified	2020-06-02
plugin id	85631
published	2015-08-26
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85631
title	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2015-586) (Bar Mitzvah) (Logjam)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1320-1.NASL
description	OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2596: Difficult to exploit vulnerability in the Hotspot component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data. - CVE-2015-2597: Easily exploitable vulnerability in the Install component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. - CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2627: Very difficult to exploit vulnerability in the Install component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2628: Easily exploitable vulnerability in the CORBA component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. - CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. - CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. - CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4736: Difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). - CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	85153
published	2015-07-31
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85153
title	SUSE SLED11 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:1320-1) (Bar Mitzvah) (Logjam)

NASL family	Windows
NASL id	DB2_105FP7_WIN.NASL
description	According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 7. It is, therefore, affected by the following vulnerabilities : - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204) - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A privilege escalation vulnerability exists due to an untrusted search path flaw. A local attacker can exploit this, via a specially crafted library that is loaded by a setuid or setgid process, to gain elevated privileges on the system. (CVE-2015-1947) - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000) Note that several of these vulnerabilities are due to the bundled GSKit component and the embedded FCM 4.1 libraries.
last seen	2020-06-01
modified	2020-06-02
plugin id	87765
published	2016-01-06
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87765
title	IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (Logjam)

NASL family	Web Servers
NASL id	IBM_HTTP_SERVER_BAR_MITZVAH.NASL
description	According to its banner, the version of IBM HTTP Server running on the remote host is affected by a security feature bypass vulnerability, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	87538
published	2015-12-21
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87538
title	IBM HTTP Server SSL/TLS RC4 Stream Cipher Key Invariance (Bar Mitzvah)

NASL family	Junos Local Security Checks
NASL id	JUNIPER_SPACE_JSA10727.NASL
description	According to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R2. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the JCE component in the Oracle Java runtime due to various cryptographic operations using non-constant time comparisons. An unauthenticated, remote attacker can exploit this, via timing attacks, to disclose potentially sensitive information. (CVE-2015-2601) - A flaw exists in the JCE component in the Oracle Java runtime, within the ECDH_Derive() function, due to missing EC parameter validation when performing ECDH key derivation. A remote attacker can exploit this to disclose potentially sensitive information. (CVE-2015-2613) - A flaw exists in the JSSE component in the Oracle Java runtime, related to performing X.509 certificate identity checks, that allows a remote attacker to disclose potentially sensitive information. (CVE-2015-2625) - A NULL pointer dereference flaw exists in the Security component in the Oracle Java runtime, which is related to the GCM (Galois Counter Mode) implementation when performing encryption using a block cipher in GCM mode. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2015-2659) - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000) - A flaw exists in the Security component in the Oracle Java runtime when handling Online Certificate Status Protocol (OCSP) responses with no
last seen	2020-06-01
modified	2020-06-02
plugin id	91779
published	2016-06-23
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/91779
title	Juniper Junos Space < 15.1R2 Multiple Vulnerabilities (JSA10727) (Bar Mitzvah) (Logjam)

NASL family	AIX Local Security Checks
NASL id	AIX_U867669.NASL
description	The remote host is missing AIX PTF U867669, which is related to the security of the package bos.net.tcp.server. Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.
last seen	2020-06-01
modified	2020-06-02
plugin id	88993
published	2016-02-29
reporter	This script is Copyright (C) 2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88993
title	AIX 7.1 TL 3 : bos.net.tcp.server (U867669) (Bar Mitzvah)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201512-10.NASL
description	The remote host is affected by the vulnerability described in GLSA-201512-10 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	87710
published	2016-01-04
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87710
title	GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1230.NASL
description	Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	84789
published	2015-07-16
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84789
title	RHEL 5 : java-1.7.0-openjdk (RHSA-2015:1230) (Bar Mitzvah) (Logjam)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3339.NASL
description	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.
last seen	2020-06-01
modified	2020-06-02
plugin id	85588
published	2015-08-24
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85588
title	Debian DSA-3339-1 : openjdk-6 - security update (Bar Mitzvah) (Logjam)

NASL family	Windows
NASL id	ORACLE_JAVA_CPU_JUL_2015.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 51, 7 Update 85, or 6 Update 101. It is, therefore, affected by security vulnerabilities in the following components : - 2D - CORBA - Deployment - Hotspot - Install - JCE - JMX - JNDI - JSSE - Libraries - RMI - Security
last seen	2020-06-01
modified	2020-06-02
plugin id	84824
published	2015-07-17
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84824
title	Oracle Java SE Multiple Vulnerabilities (July 2015 CPU) (Bar Mitzvah)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1526.NASL
description	Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	85149
published	2015-07-31
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85149
title	RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2015:1526) (Bar Mitzvah) (Logjam)

NASL family	AIX Local Security Checks
NASL id	AIX_JAVA_APR2015_ADVISORY.NASL
description	The version of Java SDK installed on the remote host is affected by multiple vulnerabilities : - A man-in-the-middle information disclosure vulnerability exists due to a TLS security downgrade flaw. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0138) - A flaw exists in the RC4 algorithm implementation due to improper combination of state data with key data during the initialization phase. A man-in-the-middle attacker can exploit this to conduct plaintext-recovery attacks. (CVE-2015-2808)
last seen	2020-06-01
modified	2020-06-02
plugin id	83135
published	2015-04-30
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/83135
title	AIX Java Advisory : Multiple Vulnerabilities (Bar Mitzvah)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-0113-1.NASL
description	This version update for java-1_6_0-ibm to version 6.0.16.15 fixes the following issues : CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 For more information please visit: <a href=
last seen	2020-06-01
modified	2020-06-02
plugin id	87914
published	2016-01-14
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87914
title	SUSE SLES10 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0113-1) (Bar Mitzvah) (FREAK)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1329-1.NASL
description	IBM Java was updated to 7.1-3.10 to fix several security issues. The following vulnerabilities were fixed : - CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. - CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. - CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. - CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. - CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. - CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. - CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. - CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). - CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	85213
published	2015-08-04
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85213
title	SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2015:1329-1) (Bar Mitzvah) (Logjam)

NASL family	Misc.
NASL id	ORACLE_JAVA_CPU_JUL_2015_UNIX.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 51, 7 Update 85, or 6 Update 101. It is, therefore, affected by security vulnerabilities in the following components : - 2D - CORBA - Deployment - Hotspot - Install - JCE - JMX - JNDI - JSSE - Libraries - RMI - Security
last seen	2020-06-01
modified	2020-06-02
plugin id	84825
published	2015-07-17
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84825
title	Oracle Java SE Multiple Vulnerabilities (July 2015 CPU) (Unix) (Bar Mitzvah)

NASL family	Databases
NASL id	DB2_97FP10_MULTI_VULN.NASL
description	According to its version, the installation of IBM DB2 9.7 running on the remote host is prior to Fix Pack 11. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the monitoring and audit features that occurs when handling a specially crafted command. An authenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2014-0919) - A flaw exists that is triggered during the handling of a specially crafted ALTER TABLE statement on an identity column. An authenticated, remote attacker can exploit this to cause the server to terminate, resulting in a denial of service condition. (CVE-2014-6209) - A flaw exists that is triggered during the handling of multiple ALTER TABLE statements on the same column. An authenticated, remote attacker can exploit this to cause the server to terminate, resulting in a denial of service condition. (CVE-2014-6210) - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the TLS server not verifying block cipher padding when using a cipher suite that employs a block cipher such as AES and DES. The lack of padding checking can allow encrypted TLS traffic to be decrypted. This vulnerability could allow for the decryption of HTTPS traffic by an unauthorized third party. (CVE-2014-8730) - A flaw exists that is triggered when handling a specially crafted XML query. An authenticated, remote attacker can exploit this to cause excessive consumption of CPU resources, resulting in a denial of service condition. (CVE-2014-8901) - An unspecified error exists during the handling of SELECT statements with XML/XSLT functions that allows a remote attacker to gain access to arbitrary files. (CVE-2014-8910) - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists in the IBM Global Security Kit (GSKit) due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0138) - A flaw exists in the LUW component when handling SQL statements with unspecified Scaler functions. A remote, authenticated attacker can exploit this to cause a denial of service. (CVE-2015-0157) - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - An information disclosure vulnerability exists in the automated maintenance feature. An attacker with elevated privileges, by manipulating a stored procedure, can exploit this issue to disclose arbitrary files owned by the DB2 fenced ID on UNIX/Linux or the administrator on Windows. (CVE-2015-1883) - A flaw exists in the Data Movement feature when handling specially crafted queries. An authenticated, remote attacker can exploit this to delete database rows from a table without having the appropriate privileges. (CVE-2015-1922) - A flaw exists when handling SQL statements having unspecified LUW Scaler functions. An authenticated, remote attacker can exploit this to run arbitrary code, under the privileges of the DB2 instance owner, or to cause a denial of service. (CVE-2015-1935) - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808) - A denial of service vulnerability exists in the query compiler QGM due to improper handling of duplicate reloc entry queries. An authenticated, remote attacker can exploit this to crash the database. - A denial of service vulnerability exists in the SQLEX_FIND_GROUP() function due to improper handling of group name results. An authenticated, remote attacker can exploit this to crash the database. - A denial of service vulnerability exists in the query compiler QGM due to improper handling of DBCLOB column types. An authenticated, remote attacker can exploit this to crash the database. - A denial of service vulnerability exists in the Relational Data Services component in the SQLRA_GET_SECT_INFO_BY_CURSOR_NAME() function due to improper handling of stored procedures. An authenticated, remote attacker can exploit this to crash the database.
last seen	2020-06-01
modified	2020-06-02
plugin id	84828
published	2015-07-18
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84828
title	IBM DB2 9.7 < Fix Pack 11 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (TLS POODLE)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1073-1.NASL
description	This update fixes the following security issues : - Version bump to 7.1-3.0 release bnc#930365 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 - Fix removeing links before update-alternatives run. bnc#931702 - Fix bnc#912434, javaws/plugin stuff should slave plugin update-alternatives - Fix bnc#912447, use system cacerts - Update to 7.1.2.10 for sec issues bnc#916266 and bnc#916265 CVE-2014-8892 CVE-2014-8891 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	84260
published	2015-06-18
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84260
title	SUSE SLES12 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1073-1) (Bar Mitzvah)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1086-1.NASL
description	IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs. Tabulated information can be found on: <a href=
last seen	2020-06-01
modified	2020-06-02
plugin id	84286
published	2015-06-19
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84286
title	SUSE SLES11 Security Update : IBM Java (SUSE-SU-2015:1086-1) (Bar Mitzvah) (FREAK)

NASL family	General
NASL id	PCI_RC4_SUPPORTED.NASL
description	At least one of the SSL or TLS services on the remote host supports the use of RC4 for encryption. RC4 does not meet the PCI definition of strong cryptography as defined by NIST Special Publication 800-57 Part 1. The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness. If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
last seen	2020-04-30
modified	2018-01-29
plugin id	106458
published	2018-01-29
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/106458
title	SSL/TLS Services Support RC4 (PCI DSS)

NASL family	Databases
NASL id	DB2_101FP5.NASL
description	According to its version, the installation of IBM DB2 10.1 running on the remote host is prior to Fix Pack 5. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the monitoring or audit facility due to passwords being stored when handling specially crafted commands. A remote, authenticated attacker can exploit this to access sensitive information. (CVE-2014-0919) - A stack-based buffer overflow condition exists due to improper validation of user-supplied input when handling crafted ALTER MODULE statements. A remote, authenticated attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-3094) - A flaw exists when handling a crafted UNION clause in a subquery of a SELECT statement. A remote, authenticated attacker can exploit this to cause a denial of service. (CVE-2014-3095) - A denial of service vulnerability exists when immediate AUTO_REVAL is enabled. A remote, authenticated attacker can exploit this, via a crafted ALTER TABLE statement, to crash the server. (CVE-2014-6159) - A denial of service vulnerability exists when handling an identity column within a crafted ALTER TABLE statement. A remote, authenticated attacker can exploit this vulnerability to crash the server. (CVE-2014-6209) - A denial of service vulnerability exists when handling multiple ALTER TABLE statements specifying the same column. A remote, authenticated attacker can exploit this vulnerability to crash the server. (CVE-2014-6210) - A flaw exists that is triggered when handling specially crafted XML queries. A remote, authenticated attacker can exploit this to cause a consumption of resources, resulting in a denial of service. (CVE-2014-8901) - An unspecified error exists during the handling of SELECT statements with XML/XSLT functions that allows a remote attacker to gain access to arbitrary files. (CVE-2014-8910) - A flaw exists in the IBM Global Security Kit (GSKit) when handling RSA temporary keys in a non-export RSA key exchange ciphersuite. A man-in-the-middle attacker can exploit this to downgrade the session security to use weaker EXPORT_RSA ciphers, thus allowing the attacker to more easily monitor or tamper with the encrypted stream. (CVE-2015-0138) - A flaw exists in the LUW component when handling SQL statements with unspecified Scaler functions. A remote, authenticated attacker can exploit this to cause a denial of service. (CVE-2015-0157) - An unspecified flaw in the General Parallel File System (GPFS) allows a local attacker to gain root privileges. (CVE-2015-0197) - A flaw exists in the General Parallel File System (GPFS), related to certain cipherList configurations, that allows a remote attacker, using specially crafted data, to bypass authentication and execute arbitrary programs with root privileges. (CVE-2015-0198) - A denial of service vulnerability exists in the General Parallel File System (GPFS) that allows a local attacker to corrupt kernel memory by sending crafted ioctl character device calls to the mmfslinux kernel module. (CVE-2015-0199) - An information disclosure vulnerability exists in the automated maintenance feature. An attacker with elevated privileges can exploit this issue by manipulating a stored procedure, resulting in the disclosure of arbitrary files owned by the DB2 fenced ID on UNIX/Linux or the administrator on Windows. (CVE-2015-1883) - A flaw exists in the Data Movement feature when handling specially crafted queries. An authenticated, remote attacker can exploit this to delete database rows from a table without having the appropriate privileges. (CVE-2015-1922) - An unspecified flaw exists when handling SQL statements with LUW Scaler functions. An authenticated, remote attacker can exploit this to run arbitrary code, under the privileges of the DB2 instance owner, or to cause a denial of service. (CVE-2015-1935) - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808) - A flaw exists when handling
last seen	2020-06-01
modified	2020-06-02
plugin id	84826
published	2015-07-18
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84826
title	IBM DB2 10.1 < Fix Pack 5 Multiple Vulnerabilities (Bar Mitzvah)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-2166-1.NASL
description	This update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.15 bsc#955131: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87180
published	2015-12-03
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87180
title	SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2015:2166-1) (Bar Mitzvah) (FREAK)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1020.NASL
description	Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR3 release. All running instances of IBM Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	83753
published	2015-05-21
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83753
title	RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2015:1020) (Bar Mitzvah)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1085-1.NASL
description	IBM Java 1.5.0 was updated to SR16-FP10 fixing security issues and bugs. Tabulated information can be found on: <a href=
last seen	2020-06-01
modified	2020-06-02
plugin id	84285
published	2015-06-19
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84285
title	SUSE SLES10 Security Update : IBM Java (SUSE-SU-2015:1085-1) (Bar Mitzvah) (FREAK)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1007.NASL
description	Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to from the References section, for additional details about this change. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR9 release. All running instances of IBM Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	83433
published	2015-05-13
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83433
title	RHEL 5 : java-1.7.0-ibm (RHSA-2015:1007) (Bar Mitzvah)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20150715_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL
description	Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-03-18
modified	2015-07-16
plugin id	84792
published	2015-07-16
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84792
title	Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20150715) (Bar Mitzvah) (Logjam)

Redhat

advisories

rhsa
id RHSA-2015:1006
rhsa
id RHSA-2015:1007
rhsa
id RHSA-2015:1020
rhsa
id RHSA-2015:1021
rhsa
id RHSA-2015:1091
rhsa
id RHSA-2015:1228
rhsa
id RHSA-2015:1229
rhsa
id RHSA-2015:1230
rhsa
id RHSA-2015:1241
rhsa
id RHSA-2015:1242
rhsa
id RHSA-2015:1243
rhsa
id RHSA-2015:1526

rpms

java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6
java-1.6.0-ibm-accessibility-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-demo-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-demo-1:1.6.0.16.4-1jpp.1.el6_6
java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6
java-1.6.0-ibm-javacomm-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-javacomm-1:1.6.0.16.4-1jpp.1.el6_6
java-1.6.0-ibm-jdbc-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-jdbc-1:1.6.0.16.4-1jpp.1.el6_6
java-1.6.0-ibm-plugin-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-plugin-1:1.6.0.16.4-1jpp.1.el6_6
java-1.6.0-ibm-src-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-src-1:1.6.0.16.4-1jpp.1.el6_6
java-1.7.0-ibm-1:1.7.0.9.0-1jpp.1.el5
java-1.7.0-ibm-demo-1:1.7.0.9.0-1jpp.1.el5
java-1.7.0-ibm-devel-1:1.7.0.9.0-1jpp.1.el5
java-1.7.0-ibm-jdbc-1:1.7.0.9.0-1jpp.1.el5
java-1.7.0-ibm-plugin-1:1.7.0.9.0-1jpp.1.el5
java-1.7.0-ibm-src-1:1.7.0.9.0-1jpp.1.el5
java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.ael7b_1
java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el6_6
java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el7_1
java-1.7.1-ibm-demo-1:1.7.1.3.0-1jpp.2.ael7b_1
java-1.7.1-ibm-demo-1:1.7.1.3.0-1jpp.2.el6_6
java-1.7.1-ibm-demo-1:1.7.1.3.0-1jpp.2.el7_1
java-1.7.1-ibm-devel-1:1.7.1.3.0-1jpp.2.ael7b_1
java-1.7.1-ibm-devel-1:1.7.1.3.0-1jpp.2.el6_6
java-1.7.1-ibm-devel-1:1.7.1.3.0-1jpp.2.el7_1
java-1.7.1-ibm-jdbc-1:1.7.1.3.0-1jpp.2.ael7b_1
java-1.7.1-ibm-jdbc-1:1.7.1.3.0-1jpp.2.el6_6
java-1.7.1-ibm-jdbc-1:1.7.1.3.0-1jpp.2.el7_1
java-1.7.1-ibm-plugin-1:1.7.1.3.0-1jpp.2.el6_6
java-1.7.1-ibm-plugin-1:1.7.1.3.0-1jpp.2.el7_1
java-1.7.1-ibm-src-1:1.7.1.3.0-1jpp.2.ael7b_1
java-1.7.1-ibm-src-1:1.7.1.3.0-1jpp.2.el6_6
java-1.7.1-ibm-src-1:1.7.1.3.0-1jpp.2.el7_1
java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el6_6
java-1.5.0-ibm-accessibility-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-demo-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-demo-1:1.5.0.16.10-1jpp.1.el6_6
java-1.5.0-ibm-devel-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-devel-1:1.5.0.16.10-1jpp.1.el6_6
java-1.5.0-ibm-javacomm-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-javacomm-1:1.5.0.16.10-1jpp.1.el6_6
java-1.5.0-ibm-jdbc-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-jdbc-1:1.5.0.16.10-1jpp.1.el6_6
java-1.5.0-ibm-plugin-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-plugin-1:1.5.0.16.10-1jpp.1.el6_6
java-1.5.0-ibm-src-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-src-1:1.5.0.16.10-1jpp.1.el6_6
java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6
java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6
java-1.8.0-openjdk-1:1.8.0.51-0.b16.el6_6
java-1.8.0-openjdk-1:1.8.0.51-1.b16.ael7b_1
java-1.8.0-openjdk-1:1.8.0.51-1.b16.el7_1
java-1.8.0-openjdk-accessibility-1:1.8.0.51-1.b16.ael7b_1
java-1.8.0-openjdk-accessibility-1:1.8.0.51-1.b16.el7_1
java-1.8.0-openjdk-debuginfo-1:1.8.0.51-0.b16.el6_6
java-1.8.0-openjdk-debuginfo-1:1.8.0.51-1.b16.ael7b_1
java-1.8.0-openjdk-debuginfo-1:1.8.0.51-1.b16.el7_1
java-1.8.0-openjdk-demo-1:1.8.0.51-0.b16.el6_6
java-1.8.0-openjdk-demo-1:1.8.0.51-1.b16.ael7b_1
java-1.8.0-openjdk-demo-1:1.8.0.51-1.b16.el7_1
java-1.8.0-openjdk-devel-1:1.8.0.51-0.b16.el6_6
java-1.8.0-openjdk-devel-1:1.8.0.51-1.b16.ael7b_1
java-1.8.0-openjdk-devel-1:1.8.0.51-1.b16.el7_1
java-1.8.0-openjdk-headless-1:1.8.0.51-0.b16.el6_6
java-1.8.0-openjdk-headless-1:1.8.0.51-1.b16.ael7b_1
java-1.8.0-openjdk-headless-1:1.8.0.51-1.b16.el7_1
java-1.8.0-openjdk-javadoc-1:1.8.0.51-0.b16.el6_6
java-1.8.0-openjdk-javadoc-1:1.8.0.51-1.b16.ael7b_1
java-1.8.0-openjdk-javadoc-1:1.8.0.51-1.b16.el7_1
java-1.8.0-openjdk-src-1:1.8.0.51-0.b16.el6_6
java-1.8.0-openjdk-src-1:1.8.0.51-1.b16.ael7b_1
java-1.8.0-openjdk-src-1:1.8.0.51-1.b16.el7_1
java-1.7.0-openjdk-1:1.7.0.85-2.6.1.2.ael7b_1
java-1.7.0-openjdk-1:1.7.0.85-2.6.1.2.el7_1
java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el6_6
java-1.7.0-openjdk-accessibility-1:1.7.0.85-2.6.1.2.ael7b_1
java-1.7.0-openjdk-accessibility-1:1.7.0.85-2.6.1.2.el7_1
java-1.7.0-openjdk-debuginfo-1:1.7.0.85-2.6.1.2.ael7b_1
java-1.7.0-openjdk-debuginfo-1:1.7.0.85-2.6.1.2.el7_1
java-1.7.0-openjdk-debuginfo-1:1.7.0.85-2.6.1.3.el6_6
java-1.7.0-openjdk-demo-1:1.7.0.85-2.6.1.2.ael7b_1
java-1.7.0-openjdk-demo-1:1.7.0.85-2.6.1.2.el7_1
java-1.7.0-openjdk-demo-1:1.7.0.85-2.6.1.3.el6_6
java-1.7.0-openjdk-devel-1:1.7.0.85-2.6.1.2.ael7b_1
java-1.7.0-openjdk-devel-1:1.7.0.85-2.6.1.2.el7_1
java-1.7.0-openjdk-devel-1:1.7.0.85-2.6.1.3.el6_6
java-1.7.0-openjdk-headless-1:1.7.0.85-2.6.1.2.ael7b_1
java-1.7.0-openjdk-headless-1:1.7.0.85-2.6.1.2.el7_1
java-1.7.0-openjdk-javadoc-1:1.7.0.85-2.6.1.2.ael7b_1
java-1.7.0-openjdk-javadoc-1:1.7.0.85-2.6.1.2.el7_1
java-1.7.0-openjdk-javadoc-1:1.7.0.85-2.6.1.3.el6_6
java-1.7.0-openjdk-src-1:1.7.0.85-2.6.1.2.ael7b_1
java-1.7.0-openjdk-src-1:1.7.0.85-2.6.1.2.el7_1
java-1.7.0-openjdk-src-1:1.7.0.85-2.6.1.3.el6_6
java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el5_11
java-1.7.0-openjdk-debuginfo-1:1.7.0.85-2.6.1.3.el5_11
java-1.7.0-openjdk-demo-1:1.7.0.85-2.6.1.3.el5_11
java-1.7.0-openjdk-devel-1:1.7.0.85-2.6.1.3.el5_11
java-1.7.0-openjdk-javadoc-1:1.7.0.85-2.6.1.3.el5_11
java-1.7.0-openjdk-src-1:1.7.0.85-2.6.1.3.el5_11
java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el6_6
java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el7_1
java-1.8.0-oracle-devel-1:1.8.0.51-1jpp.2.el6_6
java-1.8.0-oracle-devel-1:1.8.0.51-1jpp.2.el7_1
java-1.8.0-oracle-javafx-1:1.8.0.51-1jpp.2.el6_6
java-1.8.0-oracle-javafx-1:1.8.0.51-1jpp.2.el7_1
java-1.8.0-oracle-jdbc-1:1.8.0.51-1jpp.2.el6_6
java-1.8.0-oracle-jdbc-1:1.8.0.51-1jpp.2.el7_1
java-1.8.0-oracle-plugin-1:1.8.0.51-1jpp.2.el6_6
java-1.8.0-oracle-plugin-1:1.8.0.51-1jpp.2.el7_1
java-1.8.0-oracle-src-1:1.8.0.51-1jpp.2.el6_6
java-1.8.0-oracle-src-1:1.8.0.51-1jpp.2.el7_1
java-1.7.0-oracle-1:1.7.0.85-1jpp.1.el5_11
java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el6_6
java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el7_1
java-1.7.0-oracle-devel-1:1.7.0.85-1jpp.1.el5_11
java-1.7.0-oracle-devel-1:1.7.0.85-1jpp.2.el6_6
java-1.7.0-oracle-devel-1:1.7.0.85-1jpp.2.el7_1
java-1.7.0-oracle-javafx-1:1.7.0.85-1jpp.1.el5_11
java-1.7.0-oracle-javafx-1:1.7.0.85-1jpp.2.el6_6
java-1.7.0-oracle-javafx-1:1.7.0.85-1jpp.2.el7_1
java-1.7.0-oracle-jdbc-1:1.7.0.85-1jpp.1.el5_11
java-1.7.0-oracle-jdbc-1:1.7.0.85-1jpp.2.el6_6
java-1.7.0-oracle-jdbc-1:1.7.0.85-1jpp.2.el7_1
java-1.7.0-oracle-plugin-1:1.7.0.85-1jpp.1.el5_11
java-1.7.0-oracle-plugin-1:1.7.0.85-1jpp.2.el6_6
java-1.7.0-oracle-plugin-1:1.7.0.85-1jpp.2.el7_1
java-1.7.0-oracle-src-1:1.7.0.85-1jpp.1.el5_11
java-1.7.0-oracle-src-1:1.7.0.85-1jpp.2.el6_6
java-1.7.0-oracle-src-1:1.7.0.85-1jpp.2.el7_1
java-1.6.0-sun-1:1.6.0.101-1jpp.1.el5_11
java-1.6.0-sun-1:1.6.0.101-1jpp.1.el6_6
java-1.6.0-sun-1:1.6.0.101-1jpp.1.el7_1
java-1.6.0-sun-demo-1:1.6.0.101-1jpp.1.el5_11
java-1.6.0-sun-demo-1:1.6.0.101-1jpp.1.el6_6
java-1.6.0-sun-demo-1:1.6.0.101-1jpp.1.el7_1
java-1.6.0-sun-devel-1:1.6.0.101-1jpp.1.el5_11
java-1.6.0-sun-devel-1:1.6.0.101-1jpp.1.el6_6
java-1.6.0-sun-devel-1:1.6.0.101-1jpp.1.el7_1
java-1.6.0-sun-jdbc-1:1.6.0.101-1jpp.1.el5_11
java-1.6.0-sun-jdbc-1:1.6.0.101-1jpp.1.el6_6
java-1.6.0-sun-jdbc-1:1.6.0.101-1jpp.1.el7_1
java-1.6.0-sun-plugin-1:1.6.0.101-1jpp.1.el5_11
java-1.6.0-sun-plugin-1:1.6.0.101-1jpp.1.el6_6
java-1.6.0-sun-plugin-1:1.6.0.101-1jpp.1.el7_1
java-1.6.0-sun-src-1:1.6.0.101-1jpp.1.el5_11
java-1.6.0-sun-src-1:1.6.0.101-1jpp.1.el6_6
java-1.6.0-sun-src-1:1.6.0.101-1jpp.1.el7_1
java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el5_11
java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7
java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el7_1
java-1.6.0-openjdk-debuginfo-1:1.6.0.36-1.13.8.1.el5_11
java-1.6.0-openjdk-debuginfo-1:1.6.0.36-1.13.8.1.el6_7
java-1.6.0-openjdk-debuginfo-1:1.6.0.36-1.13.8.1.el7_1
java-1.6.0-openjdk-demo-1:1.6.0.36-1.13.8.1.el5_11
java-1.6.0-openjdk-demo-1:1.6.0.36-1.13.8.1.el6_7
java-1.6.0-openjdk-demo-1:1.6.0.36-1.13.8.1.el7_1
java-1.6.0-openjdk-devel-1:1.6.0.36-1.13.8.1.el5_11
java-1.6.0-openjdk-devel-1:1.6.0.36-1.13.8.1.el6_7
java-1.6.0-openjdk-devel-1:1.6.0.36-1.13.8.1.el7_1
java-1.6.0-openjdk-javadoc-1:1.6.0.36-1.13.8.1.el5_11
java-1.6.0-openjdk-javadoc-1:1.6.0.36-1.13.8.1.el6_7
java-1.6.0-openjdk-javadoc-1:1.6.0.36-1.13.8.1.el7_1
java-1.6.0-openjdk-src-1:1.6.0.36-1.13.8.1.el5_11
java-1.6.0-openjdk-src-1:1.6.0.36-1.13.8.1.el6_7
java-1.6.0-openjdk-src-1:1.6.0.36-1.13.8.1.el7_1

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References