Vulnerabilities > CVE-2015-5006 - Information Exposure vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.

Vulnerable Configurations

Part Description Count
Application
Ibm
51
Application
Redhat
2
OS
Redhat
14
OS
Suse
8

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2268-1.NASL
    descriptionThis update for java-1_8_0-ibm fixes the following issues : - Version update to 8.0-2.0 (bsc#955131): CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir. - Provide %{name} instead of %{sdklnk} only in _jvmprivdir. (bsc#941939) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87405
    published2015-12-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87405
    titleSUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2015:2268-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:2268-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87405);
      script_version("2.7");
      script_cvs_date("Date: 2019/09/11 11:22:12");
    
      script_cve_id("CVE-2015-4734", "CVE-2015-4803", "CVE-2015-4805", "CVE-2015-4806", "CVE-2015-4810", "CVE-2015-4835", "CVE-2015-4840", "CVE-2015-4842", "CVE-2015-4843", "CVE-2015-4844", "CVE-2015-4860", "CVE-2015-4871", "CVE-2015-4872", "CVE-2015-4882", "CVE-2015-4883", "CVE-2015-4893", "CVE-2015-4902", "CVE-2015-4903", "CVE-2015-4911", "CVE-2015-5006");
    
      script_name(english:"SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2015:2268-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for java-1_8_0-ibm fixes the following issues :
    
      - Version update to 8.0-2.0 (bsc#955131): CVE-2015-4734
        CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810
        CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843
        CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872
        CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902
        CVE-2015-4903 CVE-2015-4911 CVE-2015-5006
    
      - Add backcompat symlinks for sdkdir.
    
      - Provide %{name} instead of %{sdklnk} only in
        _jvmprivdir. (bsc#941939)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=941939"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=955131"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4734/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4803/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4805/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4806/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4810/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4835/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4840/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4842/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4843/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4844/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4860/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4871/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4872/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4882/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4883/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4893/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4902/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4903/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4911/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-5006/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20152268-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6501e6ec"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP1 :
    
    zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-965=1
    
    SUSE Linux Enterprise Server 12-SP1 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-965=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/12/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"java-1_8_0-ibm-alsa-1.8.0_sr2.0-4.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"java-1_8_0-ibm-plugin-1.8.0_sr2.0-4.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_8_0-ibm-1.8.0_sr2.0-4.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_8_0-ibm");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-2506.NASL
    descriptionUpdated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR3-FP20 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id87047
    published2015-11-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87047
    titleRHEL 6 / 7 : java-1.7.1-ibm (RHSA-2015:2506)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:2506. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87047);
      script_version("1.11");
      script_cvs_date("Date: 2019/10/24 15:35:40");
    
      script_cve_id("CVE-2015-4734", "CVE-2015-4803", "CVE-2015-4805", "CVE-2015-4806", "CVE-2015-4810", "CVE-2015-4835", "CVE-2015-4840", "CVE-2015-4842", "CVE-2015-4843", "CVE-2015-4844", "CVE-2015-4860", "CVE-2015-4871", "CVE-2015-4872", "CVE-2015-4882", "CVE-2015-4883", "CVE-2015-4893", "CVE-2015-4902", "CVE-2015-4903", "CVE-2015-5006");
      script_xref(name:"RHSA", value:"2015:2506");
    
      script_name(english:"RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2015:2506)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.7.1-ibm packages that fix several security issues are
    now available for Red Hat Enterprise Linux 6 and 7 Supplementary.
    
    Red Hat Product Security has rated this update as having Critical
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    IBM Java SE version 7 Release 1 includes the IBM Java Runtime
    Environment and the IBM Java Software Development Kit.
    
    This update fixes several vulnerabilities in the IBM Java Runtime
    Environment and the IBM Java Software Development Kit. Further
    information about these flaws can be found on the IBM Java Security
    alerts page, listed in the References section. (CVE-2015-4734,
    CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810,
    CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843,
    CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872,
    CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902,
    CVE-2015-4903, CVE-2015-5006)
    
    Red Hat would like to thank Andrea Palazzo of Truel IT for reporting
    the CVE-2015-4806 issue.
    
    All users of java-1.7.1-ibm are advised to upgrade to these updated
    packages, containing the IBM Java SE 7R1 SR3-FP20 release. All running
    instances of IBM Java must be restarted for the update to take effect."
      );
      # http://www.ibm.com/developerworks/java/jdk/alerts/
      script_set_attribute(
        attribute:"see_also",
        value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:2506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4810"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4842"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4872"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4860"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4844"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4734"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4835"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4871"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-5006"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/11/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x / 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:2506";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-demo-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-demo-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-demo-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-devel-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-devel-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-devel-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-jdbc-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-jdbc-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-jdbc-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-plugin-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-plugin-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-src-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-src-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-src-1.7.1.3.20-1jpp.1.el6_7")) flag++;
    
    
      if (rpm_check(release:"RHEL7", reference:"java-1.7.1-ibm-1.7.1.3.20-1jpp.1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-demo-1.7.1.3.20-1jpp.1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-demo-1.7.1.3.20-1jpp.1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"java-1.7.1-ibm-devel-1.7.1.3.20-1jpp.1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-jdbc-1.7.1.3.20-1jpp.1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-jdbc-1.7.1.3.20-1jpp.1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-plugin-1.7.1.3.20-1jpp.1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-src-1.7.1.3.20-1jpp.1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-src-1.7.1.3.20-1jpp.1.el7")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.1-ibm / java-1.7.1-ibm-demo / java-1.7.1-ibm-devel / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2216-1.NASL
    descriptionThe java-1_7_0-ibm package was updated to version 7.0-9.20 to fix several security and non security issues : - bnc#955131: Version update to 7.0-9.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87277
    published2015-12-09
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87277
    titleSUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2015:2216-1) (FREAK)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-2508.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4835, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP15 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id87049
    published2015-11-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87049
    titleRHEL 5 / 6 : java-1.6.0-ibm (RHSA-2015:2508)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2168-2.NASL
    descriptionThe java-1_7_1-ibm package was updated to versioin 7.1-3.20 to fix several security and non security issues : - bnc#955131: Version update to 7.1-3.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87404
    published2015-12-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87404
    titleSUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2015:2168-2) (FREAK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2192-1.NASL
    descriptionThis update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.15 bsc#955131: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 - Add backcompat symlinks for sdkdir - Fix baselibs.conf policy symlinking - Fix bsc#941939 to provide %{name} instead of %{sdklnk} only in _jvmprivdir Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id119972
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119972
    titleSUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:2192-1) (Bar Mitzvah) (FREAK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2182-1.NASL
    descriptionThe java-1_7_1-ibm package was updated to version 7.1-3.20 to fix several security and non security issues : - bnc#955131: Version update to 7.1-3.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87200
    published2015-12-04
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87200
    titleSUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2015:2182-1) (FREAK)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-1430.NASL
    descriptionAn update for java-1.7.0-ibm and java-1.7.1-ibm is now available for Red Hat Satellite 5.7 and Red Hat Satellite 5.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3-FP40. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id92400
    published2016-07-19
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92400
    titleRHEL 5 / 6 : java-1.7.0-ibm and java-1.7.1-ibm (RHSA-2016:1430) (SLOTH)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-2507.NASL
    descriptionUpdated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR9-FP20 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id87048
    published2015-11-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87048
    titleRHEL 5 : java-1.7.0-ibm (RHSA-2015:2507)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-2509.NASL
    descriptionUpdated java-1.8.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. All users of java-1.8.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 8 SR2 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id87050
    published2015-11-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87050
    titleRHEL 7 : java-1.8.0-ibm (RHSA-2015:2509)
  • NASL familyAIX Local Security Checks
    NASL idAIX_JAVA_OCT2015_ADVISORY.NASL
    descriptionThe version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following components : - 2D - CORBA - Deployment - JAXP - JGSS - Libraries - RMI - Security - Serialization
    last seen2020-06-01
    modified2020-06-02
    plugin id87374
    published2015-12-15
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/87374
    titleAIX Java Advisory : java_oct2015_advisory.asc (October 2015 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0113-1.NASL
    descriptionThis version update for java-1_6_0-ibm to version 6.0.16.15 fixes the following issues : CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 For more information please visit: <a href=
    last seen2020-06-01
    modified2020-06-02
    plugin id87914
    published2016-01-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87914
    titleSUSE SLES10 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0113-1) (Bar Mitzvah) (FREAK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2168-1.NASL
    descriptionThe java-1_7_1-ibm package was updated to versioin 7.1-3.20 to fix several security and non security issues : - bnc#955131: Version update to 7.1-3.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87181
    published2015-12-03
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87181
    titleSUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2015:2168-1) (FREAK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2166-1.NASL
    descriptionThis update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.15 bsc#955131: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87180
    published2015-12-03
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87180
    titleSUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2015:2166-1) (Bar Mitzvah) (FREAK)

Redhat

advisories
  • rhsa
    idRHSA-2015:2506
  • rhsa
    idRHSA-2015:2507
  • rhsa
    idRHSA-2015:2508
  • rhsa
    idRHSA-2015:2509
  • rhsa
    idRHSA-2016:1430
rpms
  • java-1.7.1-ibm-1:1.7.1.3.20-1jpp.1.el6_7
  • java-1.7.1-ibm-1:1.7.1.3.20-1jpp.1.el7
  • java-1.7.1-ibm-demo-1:1.7.1.3.20-1jpp.1.el6_7
  • java-1.7.1-ibm-demo-1:1.7.1.3.20-1jpp.1.el7
  • java-1.7.1-ibm-devel-1:1.7.1.3.20-1jpp.1.el6_7
  • java-1.7.1-ibm-devel-1:1.7.1.3.20-1jpp.1.el7
  • java-1.7.1-ibm-jdbc-1:1.7.1.3.20-1jpp.1.el6_7
  • java-1.7.1-ibm-jdbc-1:1.7.1.3.20-1jpp.1.el7
  • java-1.7.1-ibm-plugin-1:1.7.1.3.20-1jpp.1.el6_7
  • java-1.7.1-ibm-plugin-1:1.7.1.3.20-1jpp.1.el7
  • java-1.7.1-ibm-src-1:1.7.1.3.20-1jpp.1.el6_7
  • java-1.7.1-ibm-src-1:1.7.1.3.20-1jpp.1.el7
  • java-1.7.0-ibm-1:1.7.0.9.20-1jpp.1.el5
  • java-1.7.0-ibm-demo-1:1.7.0.9.20-1jpp.1.el5
  • java-1.7.0-ibm-devel-1:1.7.0.9.20-1jpp.1.el5
  • java-1.7.0-ibm-jdbc-1:1.7.0.9.20-1jpp.1.el5
  • java-1.7.0-ibm-plugin-1:1.7.0.9.20-1jpp.1.el5
  • java-1.7.0-ibm-src-1:1.7.0.9.20-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.16.15-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.16.15-1jpp.1.el6_7
  • java-1.6.0-ibm-accessibility-1:1.6.0.16.15-1jpp.1.el5
  • java-1.6.0-ibm-demo-1:1.6.0.16.15-1jpp.1.el5
  • java-1.6.0-ibm-demo-1:1.6.0.16.15-1jpp.1.el6_7
  • java-1.6.0-ibm-devel-1:1.6.0.16.15-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.16.15-1jpp.1.el6_7
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.15-1jpp.1.el5
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.15-1jpp.1.el6_7
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.15-1jpp.1.el5
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.15-1jpp.1.el6_7
  • java-1.6.0-ibm-plugin-1:1.6.0.16.15-1jpp.1.el5
  • java-1.6.0-ibm-plugin-1:1.6.0.16.15-1jpp.1.el6_7
  • java-1.6.0-ibm-src-1:1.6.0.16.15-1jpp.1.el5
  • java-1.6.0-ibm-src-1:1.6.0.16.15-1jpp.1.el6_7
  • java-1.8.0-ibm-1:1.8.0.2.0-1jpp.1.el7
  • java-1.8.0-ibm-demo-1:1.8.0.2.0-1jpp.1.el7
  • java-1.8.0-ibm-devel-1:1.8.0.2.0-1jpp.1.el7
  • java-1.8.0-ibm-jdbc-1:1.8.0.2.0-1jpp.1.el7
  • java-1.8.0-ibm-plugin-1:1.8.0.2.0-1jpp.1.el7
  • java-1.8.0-ibm-src-1:1.8.0.2.0-1jpp.1.el7
  • java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5
  • java-1.7.0-ibm-devel-1:1.7.0.9.40-1jpp.1.el5
  • java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7
  • java-1.7.1-ibm-devel-1:1.7.1.3.40-1jpp.1.el6_7
  • spacewalk-java-0:2.0.2-109.el5sat
  • spacewalk-java-0:2.0.2-109.el6sat
  • spacewalk-java-0:2.3.8-146.el6sat
  • spacewalk-java-config-0:2.0.2-109.el5sat
  • spacewalk-java-config-0:2.0.2-109.el6sat
  • spacewalk-java-config-0:2.3.8-146.el6sat
  • spacewalk-java-lib-0:2.0.2-109.el5sat
  • spacewalk-java-lib-0:2.0.2-109.el6sat
  • spacewalk-java-lib-0:2.3.8-146.el6sat
  • spacewalk-java-oracle-0:2.0.2-109.el5sat
  • spacewalk-java-oracle-0:2.0.2-109.el6sat
  • spacewalk-java-oracle-0:2.3.8-146.el6sat
  • spacewalk-java-postgresql-0:2.0.2-109.el5sat
  • spacewalk-java-postgresql-0:2.0.2-109.el6sat
  • spacewalk-java-postgresql-0:2.3.8-146.el6sat
  • spacewalk-taskomatic-0:2.0.2-109.el5sat
  • spacewalk-taskomatic-0:2.0.2-109.el6sat
  • spacewalk-taskomatic-0:2.3.8-146.el6sat

References