Vulnerabilities > CVE-2015-7575 - Data Processing Errors vulnerability in multiple products

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

nessus

NVD

Published: 2016-01-09

Updated: 2024-10-22

Summary

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Network Security Services - Mozilla Network Security Services 3.1 Mozilla Network Security Services 3.1.1 Mozilla Network Security Services 3.2 Mozilla Network Security Services 3.2.1 Mozilla Network Security Services 3.3 Mozilla Network Security Services 3.3.1 Mozilla Network Security Services 3.3.2 Mozilla Network Security Services 3.4 Mozilla Network Security Services 3.4.1 Mozilla Network Security Services 3.4.2 Mozilla Network Security Services 3.4.3 Mozilla Network Security Services 3.5 Mozilla Network Security Services 3.6 Mozilla Network Security Services 3.6.1 Mozilla Network Security Services 3.7 Mozilla Network Security Services 3.7.1 Mozilla Network Security Services 3.7.2 Mozilla Network Security Services 3.7.3 Mozilla Network Security Services 3.7.5 Mozilla Network Security Services 3.7.7 Mozilla Network Security Services 3.8 Mozilla Network Security Services 3.9 Mozilla Network Security Services 3.9.1 Mozilla Network Security Services 3.9.2 Mozilla Network Security Services 3.9.3 Mozilla Network Security Services 3.9.4 Mozilla Network Security Services 3.9.5 Mozilla Network Security Services 3.10 Mozilla Network Security Services 3.10.1 Mozilla Network Security Services 3.10.2 Mozilla Network Security Services 3.11 Mozilla Network Security Services 3.11.1 Mozilla Network Security Services 3.11.2 Mozilla Network Security Services 3.11.3 Mozilla Network Security Services 3.11.4 Mozilla Network Security Services 3.11.5 Mozilla Network Security Services 3.11.6 Mozilla Network Security Services 3.11.7 Mozilla Network Security Services 3.11.8 Mozilla Network Security Services 3.11.9 Mozilla Network Security Services 3.11.10 Mozilla Network Security Services 3.12 Mozilla Network Security Services 3.12.1 Mozilla Network Security Services 3.12.2 Mozilla Network Security Services 3.12.3 Mozilla Network Security Services 3.12.3.1 Mozilla Network Security Services 3.12.3.2 Mozilla Network Security Services 3.12.4 Mozilla Network Security Services 3.12.5 Mozilla Network Security Services 3.12.6 Mozilla Network Security Services 3.12.7 Mozilla Network Security Services 3.12.8 Mozilla Network Security Services 3.12.9 Mozilla Network Security Services 3.12.10 Mozilla Network Security Services 3.12.11 Mozilla Network Security Services 3.14 Mozilla Network Security Services 3.14.1 Mozilla Network Security Services 3.14.2 Mozilla Network Security Services 3.14.3 Mozilla Network Security Services 3.14.4 Mozilla Network Security Services 3.14.5 Mozilla Network Security Services 3.15 Mozilla Network Security Services 3.15.1 Mozilla Network Security Services 3.15.2 Mozilla Network Security Services 3.15.3 Mozilla Network Security Services 3.15.3.1 Mozilla Network Security Services 3.15.4 Mozilla Network Security Services 3.15.5 Mozilla Network Security Services 3.16 Mozilla Network Security Services 3.16.1 Mozilla Network Security Services 3.16.2 Mozilla Network Security Services 3.16.2.1 Mozilla Network Security Services 3.16.2.2 Mozilla Network Security Services 3.16.2.3 Mozilla Network Security Services 3.16.3 Mozilla Network Security Services 3.16.4 Mozilla Network Security Services 3.16.5 Mozilla Network Security Services 3.16.6 Mozilla Network Security Services 3.17 Mozilla Network Security Services 3.17.1 Mozilla Network Security Services 3.17.2 Mozilla Network Security Services 3.17.3 Mozilla Network Security Services 3.17.4 Mozilla Network Security Services 3.18 Mozilla Network Security Services 3.18.1 Mozilla Network Security Services 3.19 Mozilla Network Security Services 3.19.1 Mozilla Network Security Services 3.19.2 Mozilla Network Security Services 3.19.2.0 Mozilla Network Security Services 3.19.3 Mozilla Network Security Services 3.20 Mozilla Network Security Services 3.20.0 Mozilla Network Security Services 3.20.1 Mozilla Firefox 38.0 Mozilla Firefox 38.5.1 Mozilla Firefox 38.5.0 Mozilla Firefox 38.2.1 Mozilla Firefox 38.1.0 Mozilla Firefox 38.2.0 Mozilla Firefox 38.3.0 Mozilla Firefox 38.4.0 Mozilla Firefox 38.0.1 Mozilla Firefox 38.0.5 Mozilla Firefox 38.1.1 Mozilla Firefox - Mozilla Firefox 0.1 Mozilla Firefox 0.2 Mozilla Firefox 0.3 Mozilla Firefox 0.4 Mozilla Firefox 0.5 Mozilla Firefox 0.6 Mozilla Firefox 0.6.1 Mozilla Firefox 0.7 Mozilla Firefox 0.7.1 Mozilla Firefox 0.8 Mozilla Firefox 0.9 Mozilla Firefox 0.9.1 Mozilla Firefox 0.9.2 Mozilla Firefox 0.9.3 Mozilla Firefox 0.10 Mozilla Firefox 0.10.1 Mozilla Firefox 1.0 Mozilla Firefox 1.0.1 Mozilla Firefox 1.0.2 Mozilla Firefox 1.0.3 Mozilla Firefox 1.0.4 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.6 Mozilla Firefox 1.0.7 Mozilla Firefox 1.0.8 Mozilla Firefox 1.4.1 Mozilla Firefox 1.5 Mozilla Firefox 1.5.0.1 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.3 Mozilla Firefox 1.5.0.4 Mozilla Firefox 1.5.0.5 Mozilla Firefox 1.5.0.6 Mozilla Firefox 1.5.0.7 Mozilla Firefox 1.5.0.8 Mozilla Firefox 1.5.0.9 Mozilla Firefox 1.5.0.10 Mozilla Firefox 1.5.0.11 Mozilla Firefox 1.5.0.12 Mozilla Firefox 1.5.1 Mozilla Firefox 1.5.2 Mozilla Firefox 1.5.3 Mozilla Firefox 1.5.4 Mozilla Firefox 1.5.5 Mozilla Firefox 1.5.6 Mozilla Firefox 1.5.7 Mozilla Firefox 1.5.8 Mozilla Firefox 1.8 Mozilla Firefox 2.0 Mozilla Firefox 2.0.0.1 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0.0.3 Mozilla Firefox 2.0.0.4 Mozilla Firefox 2.0.0.5 Mozilla Firefox 2.0.0.6 Mozilla Firefox 2.0.0.7 Mozilla Firefox 2.0.0.8 Mozilla Firefox 2.0.0.9 Mozilla Firefox 2.0.0.10 Mozilla Firefox 2.0.0.11 Mozilla Firefox 2.0.0.12 Mozilla Firefox 2.0.0.13 Mozilla Firefox 2.0.0.14 Mozilla Firefox 2.0.0.15 Mozilla Firefox 2.0.0.16 Mozilla Firefox 2.0.0.17 Mozilla Firefox 2.0.0.18 Mozilla Firefox 2.0.0.19 Mozilla Firefox 2.0.0.20 Mozilla Firefox 3.0 Mozilla Firefox 3.0.1 Mozilla Firefox 3.0.2 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.4 Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.6 Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.8 Mozilla Firefox 3.0.9 Mozilla Firefox 3.0.10 Mozilla Firefox 3.0.11 Mozilla Firefox 3.0.12 Mozilla Firefox 3.0.13 Mozilla Firefox 3.0.14 Mozilla Firefox 3.0.15 Mozilla Firefox 3.0.16 Mozilla Firefox 3.0.17 Mozilla Firefox 3.0.18 Mozilla Firefox 3.0.19 Mozilla Firefox 3.1 Mozilla Firefox 3.5 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.3 Mozilla Firefox 3.5.4 Mozilla Firefox 3.5.5 Mozilla Firefox 3.5.6 Mozilla Firefox 3.5.7 Mozilla Firefox 3.5.8 Mozilla Firefox 3.5.9 Mozilla Firefox 3.5.10 Mozilla Firefox 3.5.11 Mozilla Firefox 3.5.12 Mozilla Firefox 3.5.13 Mozilla Firefox 3.5.14 Mozilla Firefox 3.5.15 Mozilla Firefox 3.5.16 Mozilla Firefox 3.5.17 Mozilla Firefox 3.5.18 Mozilla Firefox 3.5.19 Mozilla Firefox 3.6 Mozilla Firefox 3.6.2 Mozilla Firefox 3.6.3 Mozilla Firefox 3.6.4 Mozilla Firefox 3.6.6 Mozilla Firefox 3.6.7 Mozilla Firefox 3.6.8 Mozilla Firefox 3.6.9 Mozilla Firefox 3.6.10 Mozilla Firefox 3.6.11 Mozilla Firefox 3.6.12 Mozilla Firefox 3.6.13 Mozilla Firefox 3.6.14 Mozilla Firefox 3.6.15 Mozilla Firefox 3.6.16 Mozilla Firefox 3.6.17 Mozilla Firefox 3.6.18 Mozilla Firefox 3.6.19 Mozilla Firefox 3.6.20 Mozilla Firefox 3.6.21 Mozilla Firefox 3.6.22 Mozilla Firefox 3.6.23 Mozilla Firefox 3.6.24 Mozilla Firefox 3.6.25 Mozilla Firefox 3.6.26 Mozilla Firefox 3.6.27 Mozilla Firefox 3.6.28 Mozilla Firefox 3.7 Mozilla Firefox 4.0 Mozilla Firefox 4.0.1 Mozilla Firefox 5.0 Mozilla Firefox 5.0.1 Mozilla Firefox 6.0 Mozilla Firefox 6.0.1 Mozilla Firefox 6.0.2 Mozilla Firefox 7.0 Mozilla Firefox 7.0.1 Mozilla Firefox 8.0 Mozilla Firefox 8.0.1 Mozilla Firefox 9.0 Mozilla Firefox 9.0.1 Mozilla Firefox 10.0 Mozilla Firefox 10.0.1 Mozilla Firefox 10.0.2 Mozilla Firefox 10.0.3 Mozilla Firefox 10.0.4 Mozilla Firefox 10.0.5 Mozilla Firefox 10.0.6 Mozilla Firefox 10.0.7 Mozilla Firefox 10.0.8 Mozilla Firefox 10.0.9 Mozilla Firefox 10.0.10 Mozilla Firefox 10.0.11 Mozilla Firefox 10.0.12 Mozilla Firefox 11.0 Mozilla Firefox 12.0 Mozilla Firefox 13.0 Mozilla Firefox 13.0.1 Mozilla Firefox 14.0 Mozilla Firefox 14.0.1 Mozilla Firefox 15.0 Mozilla Firefox 15.0.1 Mozilla Firefox 15.1 Mozilla Firefox 16.0 Mozilla Firefox 16.0.1 Mozilla Firefox 16.0.2 Mozilla Firefox 16.1 Mozilla Firefox 16.2 Mozilla Firefox 17.0 Mozilla Firefox 17.0.1 Mozilla Firefox 17.0.2 Mozilla Firefox 17.0.3 Mozilla Firefox 17.0.4 Mozilla Firefox 17.0.5 Mozilla Firefox 17.0.6 Mozilla Firefox 17.0.7 Mozilla Firefox 17.0.8 Mozilla Firefox 17.0.9 Mozilla Firefox 17.0.10 Mozilla Firefox 17.0.11 Mozilla Firefox 17.1 Mozilla Firefox 17.2 Mozilla Firefox 17.3 Mozilla Firefox 18.0 Mozilla Firefox 18.0.1 Mozilla Firefox 18.0.2 Mozilla Firefox 18.1 Mozilla Firefox 18.2 Mozilla Firefox 19.0 Mozilla Firefox 19.0.1 Mozilla Firefox 19.0.2 Mozilla Firefox 19.1 Mozilla Firefox 20.0 Mozilla Firefox 20.0.1 Mozilla Firefox 20.1 Mozilla Firefox 20.2 Mozilla Firefox 21.0 Mozilla Firefox 22.0 Mozilla Firefox 23.0 Mozilla Firefox 23.0.1 Mozilla Firefox 24.0 Mozilla Firefox 24.1 Mozilla Firefox 24.1.0 Mozilla Firefox 24.1.1 Mozilla Firefox 24.2.0 Mozilla Firefox 24.3.0 Mozilla Firefox 24.4.0 Mozilla Firefox 24.5.0 Mozilla Firefox 24.6.0 Mozilla Firefox 24.7.0 Mozilla Firefox 24.8.0 Mozilla Firefox 24.8.1 Mozilla Firefox 25.0 Mozilla Firefox 25.0.1 Mozilla Firefox 25.1 Mozilla Firefox 26.0 Mozilla Firefox 27.0 Mozilla Firefox 27.0.1 Mozilla Firefox 28.0 Mozilla Firefox 29.0 Mozilla Firefox 29.0.1 Mozilla Firefox 30.0 Mozilla Firefox 31.0 Mozilla Firefox 31.1.0 Mozilla Firefox 31.1.1 Mozilla Firefox 31.2.0 Mozilla Firefox 31.3.0 Mozilla Firefox 31.4.0 Mozilla Firefox 31.5.0 Mozilla Firefox 31.5.1 Mozilla Firefox 31.5.2 Mozilla Firefox 31.5.3 Mozilla Firefox 31.6.0 Mozilla Firefox 31.7.0 Mozilla Firefox 31.8.0 Mozilla Firefox 32.0 Mozilla Firefox 32.0.1 Mozilla Firefox 32.0.2 Mozilla Firefox 32.0.3 Mozilla Firefox 33.0 Mozilla Firefox 33.0.1 Mozilla Firefox 33.0.2 Mozilla Firefox 33.0.3 Mozilla Firefox 33.1 Mozilla Firefox 33.1.1 Mozilla Firefox 34.0 Mozilla Firefox 34.0.5 Mozilla Firefox 35.0 Mozilla Firefox 35.0.1 Mozilla Firefox 36.0 Mozilla Firefox 36.0.1 Mozilla Firefox 36.0.3 Mozilla Firefox 36.0.4 Mozilla Firefox 37.0 Mozilla Firefox 37.0.1 Mozilla Firefox 37.0.2 Mozilla Firefox 38.5.2 Mozilla Firefox 38.6.0 Mozilla Firefox 38.6.1 Mozilla Firefox 38.7.0 Mozilla Firefox 38.7.1 Mozilla Firefox 38.8.0 Mozilla Firefox 39.0 Mozilla Firefox 39.0.3 Mozilla Firefox 40.0 Mozilla Firefox 40.0.2 Mozilla Firefox 40.0.3 Mozilla Firefox 41.0 Mozilla Firefox 41.0.1 Mozilla Firefox 41.0.2 Mozilla Firefox 42.0 Mozilla Firefox 43.0 Mozilla Firefox 43.0.1	512
OS	Opensuse Opensuse Leap 42.1 Opensuse Opensuse 13.1 Opensuse Opensuse 13.2	3
OS	Canonical Canonical Ubuntu Linux 15.10 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 15.04	3

Common Weakness Enumeration (CWE)

CWE-19 - Data Processing Errors

Common Attack Pattern Enumeration and Classification (CAPEC)

Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
XML Nested Payloads
Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
XML Oversized Payloads
Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
XML Client-Side Attack
Client applications such as web browsers that process HTML data often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.484.1]
XML Parser Attack
Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-0584-1.NASL
description	This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues : Firefox 38.6.1 ESR (bsc#967087) The following vulnerabilities were fixed : - CVE-2016-1523: Fixed denial of service in Graphite 2 library (MFSA 2016-14/bmo#1246093) Firefox 38.6.0 ESR + Mozilla NSS 3.20.2. (bsc#963520) The following vulnerabilities were fixed : - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) The following improvements were added : - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	89021
published	2016-02-29
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/89021
title	SUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-SLES-for-VMware, mozilla-nss (SUSE-SU-2016:0584-1) (SLOTH)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:0584-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(89021); script_version("2.13"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2015-7575", "CVE-2016-1523", "CVE-2016-1930", "CVE-2016-1935", "CVE-2016-1938"); script_name(english:"SUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-SLES-for-VMware, mozilla-nss (SUSE-SU-2016:0584-1) (SLOTH)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues : Firefox 38.6.1 ESR (bsc#967087) The following vulnerabilities were fixed : - CVE-2016-1523: Fixed denial of service in Graphite 2 library (MFSA 2016-14/bmo#1246093) Firefox 38.6.0 ESR + Mozilla NSS 3.20.2. (bsc#963520) The following vulnerabilities were fixed : - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) The following improvements were added : - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=954447" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=959888" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=963520" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=963632" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=963635" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=963731" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=967087" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-7575/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-1523/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-1930/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-1935/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-1938/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20160584-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?63210051" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP2-LTSS : zypper in -t patch slessp2-mozilla-12419=1 SUSE Linux Enterprise Debuginfo 11-SP2 : zypper in -t patch dbgsp2-mozilla-12419=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLED"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/09"); script_set_attribute(attribute:"patch_publication_date", value:"2016/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/29"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP2", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"libfreebl3-32bit-3.20.2-17.5")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"mozilla-nss-32bit-3.20.2-17.5")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"libfreebl3-32bit-3.20.2-17.5")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"mozilla-nss-32bit-3.20.2-17.5")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"MozillaFirefox-38.6.1esr-33.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"MozillaFirefox-branding-SLED-38-15.58")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"MozillaFirefox-translations-38.6.1esr-33.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"libfreebl3-3.20.2-17.5")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"mozilla-nss-3.20.2-17.5")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"mozilla-nss-devel-3.20.2-17.5")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"mozilla-nss-tools-3.20.2-17.5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-SLED / MozillaFirefox-branding-SLES-for-VMware / mozilla-nss"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2884-1.NASL
description	Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0483, CVE-2016-0494) A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. (CVE-2016-0402) It was discovered that OpenJDK 7 incorrectly allowed MD5 to be used for TLS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to expose sensitive information. (CVE-2015-7575) A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2016-0448) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2016-0466). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	88516
published	2016-02-02
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88516
title	Ubuntu 14.04 LTS / 15.04 / 15.10 : openjdk-7 vulnerabilities (USN-2884-1) (SLOTH)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2884-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(88516); script_version("2.10"); script_cvs_date("Date: 2019/09/18 12:31:45"); script_cve_id("CVE-2015-7575", "CVE-2016-0402", "CVE-2016-0448", "CVE-2016-0466", "CVE-2016-0483", "CVE-2016-0494"); script_xref(name:"USN", value:"2884-1"); script_name(english:"Ubuntu 14.04 LTS / 15.04 / 15.10 : openjdk-7 vulnerabilities (USN-2884-1) (SLOTH)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0483, CVE-2016-0494) A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. (CVE-2016-0402) It was discovered that OpenJDK 7 incorrectly allowed MD5 to be used for TLS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to expose sensitive information. (CVE-2015-7575) A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2016-0448) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2016-0466). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2884-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/09"); script_set_attribute(attribute:"patch_publication_date", value:"2016/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/02"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04\|15\.04\|15\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 15.04 / 15.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"icedtea-7-jre-jamvm", pkgver:"7u95-2.6.4-0ubuntu0.14.04.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"openjdk-7-jre", pkgver:"7u95-2.6.4-0ubuntu0.14.04.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"openjdk-7-jre-headless", pkgver:"7u95-2.6.4-0ubuntu0.14.04.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"openjdk-7-jre-lib", pkgver:"7u95-2.6.4-0ubuntu0.14.04.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"openjdk-7-jre-zero", pkgver:"7u95-2.6.4-0ubuntu0.14.04.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"icedtea-7-jre-jamvm", pkgver:"7u95-2.6.4-0ubuntu0.15.04.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"openjdk-7-jre", pkgver:"7u95-2.6.4-0ubuntu0.15.04.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"openjdk-7-jre-headless", pkgver:"7u95-2.6.4-0ubuntu0.15.04.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"openjdk-7-jre-lib", pkgver:"7u95-2.6.4-0ubuntu0.15.04.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"openjdk-7-jre-zero", pkgver:"7u95-2.6.4-0ubuntu0.15.04.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"icedtea-7-jre-jamvm", pkgver:"7u95-2.6.4-0ubuntu0.15.10.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"openjdk-7-jre", pkgver:"7u95-2.6.4-0ubuntu0.15.10.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"openjdk-7-jre-headless", pkgver:"7u95-2.6.4-0ubuntu0.15.10.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"openjdk-7-jre-lib", pkgver:"7u95-2.6.4-0ubuntu0.15.10.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"openjdk-7-jre-zero", pkgver:"7u95-2.6.4-0ubuntu0.15.10.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "icedtea-7-jre-jamvm / openjdk-7-jre / openjdk-7-jre-headless / etc"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-0012.NASL
description	From Red Hat Security Advisory 2016:0012 : Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.
last seen	2020-06-01
modified	2020-06-02
plugin id	87799
published	2016-01-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87799
title	Oracle Linux 6 / 7 : gnutls (ELSA-2016-0012) (SLOTH)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:0012 and # Oracle Linux Security Advisory ELSA-2016-0012 respectively. # include("compat.inc"); if (description) { script_id(87799); script_version("2.11"); script_cvs_date("Date: 2019/09/27 13:00:36"); script_cve_id("CVE-2015-7575"); script_xref(name:"RHSA", value:"2016:0012"); script_name(english:"Oracle Linux 6 / 7 : gnutls (ELSA-2016-0012) (SLOTH)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2016:0012 : Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2016-January/005670.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2016-January/005671.html" ); script_set_attribute( attribute:"solution", value:"Update the affected gnutls packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls-c++"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls-dane"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls-guile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/09"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/08"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(6\|7)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"gnutls-2.8.5-19.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"gnutls-devel-2.8.5-19.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"gnutls-guile-2.8.5-19.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"gnutls-utils-2.8.5-19.el6_7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"gnutls-3.3.8-14.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"gnutls-c++-3.3.8-14.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"gnutls-dane-3.3.8-14.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"gnutls-devel-3.3.8-14.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"gnutls-utils-3.3.8-14.el7_2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls / gnutls-c++ / gnutls-dane / gnutls-devel / gnutls-guile / etc"); }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20160107_OPENSSL_ON_SL6_X.NASL
description	A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
last seen	2020-03-18
modified	2016-01-11
plugin id	87841
published	2016-01-11
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87841
title	Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20160107) (SLOTH)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(87841); script_version("2.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2015-7575"); script_name(english:"Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20160107) (SLOTH)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1601&L=scientific-linux-errata&F=&S=&P=1160 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1c3e35c5" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-static"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/09"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/11"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"openssl-1.0.1e-42.el6_7.2")) flag++; if (rpm_check(release:"SL6", reference:"openssl-debuginfo-1.0.1e-42.el6_7.2")) flag++; if (rpm_check(release:"SL6", reference:"openssl-devel-1.0.1e-42.el6_7.2")) flag++; if (rpm_check(release:"SL6", reference:"openssl-perl-1.0.1e-42.el6_7.2")) flag++; if (rpm_check(release:"SL6", reference:"openssl-static-1.0.1e-42.el6_7.2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openssl-1.0.1e-51.el7_2.2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openssl-debuginfo-1.0.1e-51.el7_2.2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openssl-devel-1.0.1e-51.el7_2.2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openssl-libs-1.0.1e-51.el7_2.2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openssl-perl-1.0.1e-51.el7_2.2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openssl-static-1.0.1e-51.el7_2.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc"); }

NASL family	F5 Networks Local Security Checks
NASL id	F5_BIGIP_SOL02201365.NASL
description	A flaw was found in the way TLS 1.2 uses RSA+MD5 signatures with Client Authentication and ServerKeyExchange messages during a TLS 1.2 handshakes. An attacker with a Man-in-the-Middle network position and the ability to force / observe the use of RSA+MD5 during a TLS Handshake, may be able to successfully generate a hash collision and impersonate a TLS client or server. The vulnerability of CVE-2015-7575 is relevant to cryptography software which supports TLS 1.2 only as earlier versions of TLS used different hash functionality in those protocols. (CVE-2015-7575)
last seen	2020-06-01
modified	2020-06-02
plugin id	88703
published	2016-02-12
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88703
title	F5 Networks BIG-IP : SLOTH: TLS 1.2 handshake vulnerability (K02201365) (SLOTH)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution K02201365. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(88703); script_version("1.11"); script_cvs_date("Date: 2019/01/04 10:03:40"); script_cve_id("CVE-2015-7575"); script_name(english:"F5 Networks BIG-IP : SLOTH: TLS 1.2 handshake vulnerability (K02201365) (SLOTH)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "A flaw was found in the way TLS 1.2 uses RSA+MD5 signatures with Client Authentication and ServerKeyExchange messages during a TLS 1.2 handshakes. An attacker with a Man-in-the-Middle network position and the ability to force / observe the use of RSA+MD5 during a TLS Handshake, may be able to successfully generate a hash collision and impersonate a TLS client or server. The vulnerability of CVE-2015-7575 is relevant to cryptography software which supports TLS 1.2 only as earlier versions of TLS used different hash functionality in those protocols. (CVE-2015-7575)" ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K02201365" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution K02201365." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/22"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "K02201365"; vmatrix = make_array(); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("11.5.1-11.5.1HF2","11.5.0-11.5.0HF3"); vmatrix["AFM"]["unaffected"] = make_list("12.0.0-12.1.0","11.5.1HF3-11.6.0","11.5.0HF4-11.5.0HF7","11.3.0-11.4.1"); # AM vmatrix["AM"] = make_array(); vmatrix["AM"]["affected" ] = make_list("11.5.1-11.5.1HF2","11.5.0-11.5.0HF3"); vmatrix["AM"]["unaffected"] = make_list("12.0.0-12.1.0","11.5.1HF3-11.6.0","11.5.0HF4-11.5.0HF7","11.4.0-11.4.1"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("11.5.1-11.5.1HF2","11.5.0-11.5.0HF3"); vmatrix["APM"]["unaffected"] = make_list("12.0.0-12.1.0","11.5.1HF3-11.6.0","11.5.0HF4-11.5.0HF7","11.0.0-11.4.1","10.1.0-10.2.4"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("11.5.1-11.5.1HF2","11.5.0-11.5.0HF3"); vmatrix["ASM"]["unaffected"] = make_list("12.0.0-12.1.0","11.5.1HF3-11.6.0","11.5.0HF4-11.5.0HF7","11.0.0-11.4.1","10.1.0-10.2.4"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("11.5.1-11.5.1HF2","11.5.0-11.5.0HF3"); vmatrix["AVR"]["unaffected"] = make_list("12.0.0-12.1.0","11.5.1HF3-11.6.0","11.5.0HF4-11.5.0HF7","11.0.0-11.4.1"); # GTM vmatrix["GTM"] = make_array(); vmatrix["GTM"]["affected" ] = make_list("11.5.1-11.5.1HF2","11.5.0-11.5.0HF3"); vmatrix["GTM"]["unaffected"] = make_list("11.5.1HF3-11.6.0","11.5.0HF4-11.5.0HF7","11.0.0-11.4.1","10.1.0-10.2.4"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("11.5.1-11.5.1HF2","11.5.0-11.5.0HF3"); vmatrix["LC"]["unaffected"] = make_list("12.0.0-12.1.0","11.5.1HF3-11.6.0","11.5.0HF4-11.5.0HF7","11.0.0-11.4.1","10.1.0-10.2.4"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("11.5.1-11.5.1HF2","11.5.0-11.5.0HF3"); vmatrix["LTM"]["unaffected"] = make_list("12.0.0-12.1.0","11.5.1HF3-11.6.0","11.5.0HF4-11.5.0HF7","11.0.0-11.4.1","10.1.0-10.2.4"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("11.5.1-11.5.1HF2","11.5.0-11.5.0HF3"); vmatrix["PEM"]["unaffected"] = make_list("12.0.0-12.1.0","11.5.1HF3-11.6.0","11.5.0HF4-11.5.0HF7","11.3.0-11.4.1"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get()); else security_warning(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0099.NASL
description	Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR3-FP30 release. All running instances of IBM Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88555
published	2016-02-03
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88555
title	RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2016:0099) (SLOTH)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:0099. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(88555); script_version("2.15"); script_cvs_date("Date: 2019/10/24 15:35:41"); script_cve_id("CVE-2015-5041", "CVE-2015-7575", "CVE-2015-7981", "CVE-2015-8126", "CVE-2015-8472", "CVE-2015-8540", "CVE-2016-0402", "CVE-2016-0448", "CVE-2016-0466", "CVE-2016-0483", "CVE-2016-0494"); script_xref(name:"RHSA", value:"2016:0099"); script_name(english:"RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2016:0099) (SLOTH)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR3-FP30 release. All running instances of IBM Java must be restarted for the update to take effect." ); # http://www.ibm.com/developerworks/java/jdk/alerts/ script_set_attribute( attribute:"see_also", value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:0099" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-7981" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-8472" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-8126" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-7575" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-0448" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-0483" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-0494" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-0402" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-0466" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-5041" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-8540" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/02/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/03"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(6\|7)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x / 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2016:0099"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7")) flag++; if (rpm_check(release:"RHEL7", reference:"java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.1-ibm / java-1.7.1-ibm-demo / java-1.7.1-ibm-devel / etc"); } }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3458.NASL
description	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosur, denial of service and insecure cryptography.
last seen	2020-06-01
modified	2020-06-02
plugin id	88427
published	2016-01-28
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88427
title	Debian DSA-3458-1 : openjdk-7 - security update (SLOTH)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3458. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(88427); script_version("1.8"); script_cvs_date("Date: 2018/11/10 11:49:37"); script_cve_id("CVE-2015-7575", "CVE-2016-0402", "CVE-2016-0448", "CVE-2016-0466", "CVE-2016-0483", "CVE-2016-0494"); script_xref(name:"DSA", value:"3458"); script_name(english:"Debian DSA-3458-1 : openjdk-7 - security update (SLOTH)"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosur, denial of service and insecure cryptography." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/openjdk-7" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/openjdk-7" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2016/dsa-3458" ); script_set_attribute( attribute:"solution", value: "Upgrade the openjdk-7 packages. For the oldstable distribution (wheezy), these problems have been fixed in version 7u95-2.6.4-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 7u95-2.6.4-1~deb8u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/27"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"icedtea-7-jre-cacao", reference:"7u95-2.6.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"icedtea-7-jre-jamvm", reference:"7u95-2.6.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-dbg", reference:"7u95-2.6.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-demo", reference:"7u95-2.6.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-doc", reference:"7u95-2.6.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-jdk", reference:"7u95-2.6.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-jre", reference:"7u95-2.6.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-jre-headless", reference:"7u95-2.6.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-jre-lib", reference:"7u95-2.6.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-jre-zero", reference:"7u95-2.6.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-source", reference:"7u95-2.6.4-1~deb7u1")) flag++; if (deb_check(release:"8.0", prefix:"icedtea-7-jre-jamvm", reference:"7u95-2.6.4-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"openjdk-7-dbg", reference:"7u95-2.6.4-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"openjdk-7-demo", reference:"7u95-2.6.4-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"openjdk-7-doc", reference:"7u95-2.6.4-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"openjdk-7-jdk", reference:"7u95-2.6.4-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"openjdk-7-jre", reference:"7u95-2.6.4-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"openjdk-7-jre-headless", reference:"7u95-2.6.4-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"openjdk-7-jre-lib", reference:"7u95-2.6.4-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"openjdk-7-jre-zero", reference:"7u95-2.6.4-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"openjdk-7-source", reference:"7u95-2.6.4-1~deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-115.NASL
description	java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions The following bugs were fixed : - bsc#939523: java-1_7_0-openjdk-headless had X dependencies, move libjavagtk to full package This update was imported from the SUSE:SLE-12:Update update project.
last seen	2020-06-05
modified	2016-02-03
plugin id	88541
published	2016-02-03
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88541
title	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-115) (SLOTH)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-0012.NASL
description	Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.
last seen	2020-06-01
modified	2020-06-02
plugin id	87785
published	2016-01-08
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87785
title	CentOS 6 / 7 : gnutls (CESA-2016:0012) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-0149-1.NASL
description	This update contains mozilla-nss 3.19.2.2 and fixes the following security issue : - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87988
published	2016-01-19
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87988
title	SUSE SLED12 / SLES12 Security Update : mozilla-nss (SUSE-SU-2016:0149-1) (SLOTH)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-0008.NASL
description	From Red Hat Security Advisory 2016:0008 : Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
last seen	2020-06-01
modified	2020-06-02
plugin id	87795
published	2016-01-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87795
title	Oracle Linux 6 / 7 : openssl (ELSA-2016-0008) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV86132.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	92565
published	2016-07-27
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92565
title	AIX 7.2 TL 0 : nettcp (IV86132) (SLOTH)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2016-0001.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint
last seen	2020-06-01
modified	2020-06-02
plugin id	87800
published	2016-01-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87800
title	OracleVM 3.3 : openssl (OVMSA-2016-0001) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-0269-1.NASL
description	java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	88486
published	2016-01-29
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88486
title	SUSE SLED11 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0269-1) (SLOTH)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0049.NASL
description	Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88035
published	2016-01-21
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88035
title	RHEL 7 : java-1.8.0-openjdk (RHSA-2016:0049) (SLOTH)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3436.NASL
description	Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. More information can be found at https://www.mitls.org/pages/attacks/SLOTH
last seen	2020-06-01
modified	2020-06-02
plugin id	87827
published	2016-01-11
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87827
title	Debian DSA-3436-1 : openssl - security update (SLOTH)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2865-1.NASL
description	Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87845
published	2016-01-11
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87845
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : gnutls26, gnutls28 vulnerability (USN-2865-1) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV86119.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	92563
published	2016-07-27
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92563
title	AIX 7.2 TL 0 : nettcp (IV86119) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV82327.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	94174
published	2016-10-21
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94174
title	AIX 7.1 TL 3 : nettcp (IV82327) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-0390-1.NASL
description	This update for java-1_8_0-ibm fixes the following security issues by updating to 8.0-2.10 (bsc#963937) : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0475: An unspecified vulnerability related to the Libraries component has partial confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	88692
published	2016-02-11
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88692
title	SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:0390-1) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-129.NASL
description	This update for SeaMonkey fixes the following issues : - update to SeaMonkey 2.40 (bnc#959277) - requires NSS 3.20.2 to fix MFSA 2015-150/CVE-2015-7575 (bmo#1158489) MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature - MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards - MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with JavaScript variable assignment with unboxed objects - MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using perfomance.getEntries and history navigation - MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows for control characters to be set in cookies - MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free in WebRTC when datachannel is used after being destroyed - MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer overflow allocating extremely large textures - MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin information leak through web workers error events - MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data URI is incorrectly parsed - MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) DOS due to malformed frames in HTTP/2 - MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) Linux file chooser crashes on malformed images due to flaws in Jasper library - MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 (bmo#1201183, bmo#1178033, bmo#1199400)
last seen	2020-06-05
modified	2016-02-03
plugin id	88550
published	2016-02-03
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88550
title	openSUSE Security Update : SeaMonkey (openSUSE-2016-129) (SLOTH)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0056.NASL
description	Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 95 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88075
published	2016-01-22
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88075
title	RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2016:0056) (SLOTH)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-0054.NASL
description	From Red Hat Security Advisory 2016:0054 : Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88071
published	2016-01-22
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88071
title	Oracle Linux 5 / 7 : java-1.7.0-openjdk (ELSA-2016-0054) (SLOTH)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3457.NASL
description	Multiple security issues have been found in Iceweasel, Debian
last seen	2020-06-01
modified	2020-06-02
plugin id	88426
published	2016-01-28
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88426
title	Debian DSA-3457-1 : iceweasel - security update (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-107.NASL
description	java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions The following bugs were fixed : - bsc#939523: java-1_7_0-openjdk-headless had X dependencies, move libjavagtk to full package
last seen	2020-06-05
modified	2016-02-03
plugin id	88538
published	2016-02-03
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88538
title	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-107) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-282.NASL
description	This update to bouncycastle 1.54 fixes the following issues : - CVE-2015-7575: add validation that signature algorithm received in DigitallySigned structures is actually one of those offered (boo#967521)
last seen	2020-06-05
modified	2016-02-29
plugin id	89018
published	2016-02-29
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/89018
title	openSUSE Security Update : bouncycastle (openSUSE-2016-282) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV88957.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques. This plugin has been deprecated to better accommodate iFix supersedence with a forthcoming replacement plugin.
last seen	2017-10-29
modified	2017-10-11
plugin id	94179
published	2016-10-21
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=94179
title	AIX 5.3 TL 12 : nettcp (IV88957) (SLOTH) (deprecated)

NASL family	AIX Local Security Checks
NASL id	AIX_IV79071.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques. This plugin has been deprecated to better accommodate iFix supersedence with a forthcoming replacement plugin.
last seen	2017-10-29
modified	2017-10-11
plugin id	94172
published	2016-10-21
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=94172
title	AIX 6.1 TL 9 : nettcp (IV79071) (SLOTH) (deprecated)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-0433-1.NASL
description	This update for java-1_7_0-ibm fixes the following issues by updating to 7.0-9.30 (bsc#963937) : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	88710
published	2016-02-12
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88710
title	SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:0433-1) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-0189-1.NASL
description	This update contains mozilla-nss 3.19.2.2 and fixes the following security issue : - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	88082
published	2016-01-22
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88082
title	SUSE SLED11 / SLES11 Security Update : mozilla-nss (SUSE-SU-2016:0189-1) (SLOTH)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2864-1.NASL
description	Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87816
published	2016-01-08
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87816
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : nss vulnerability (USN-2864-1) (SLOTH)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-0007.NASL
description	From Red Hat Security Advisory 2016:0007 : Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All nss users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the NSS library must be restarted, or the system rebooted.
last seen	2020-06-01
modified	2020-06-02
plugin id	87794
published	2016-01-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87794
title	Oracle Linux 6 / 7 : nss (ELSA-2016-0007) (SLOTH)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-0049.NASL
description	From Red Hat Security Advisory 2016:0049 : Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88031
published	2016-01-21
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88031
title	Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2016-0049) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV82412.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	94178
published	2016-10-21
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94178
title	AIX 7.1 TL 3 : nettcp (IV82412) (SLOTH)

NASL family	Windows
NASL id	ORACLE_JROCKIT_CPU_JAN_2016.NASL
description	The version of Oracle JRockit installed on the remote Windows host is R28 prior to R28.3.9. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Security subcomponent due to a failure to reject MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange messages. A man-in-the-middle attacker, by triggering collisions, can exploit this issue to spoof servers. (CVE-2015-7575) - A memory corruption issue exists in the AWT subcomponent when decoding JPEG files. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-0483) - A collision-based forgery vulnerability, known as SLOTH (Security Losses from Obsolete and Truncated Transcript Hashes), exists in the TLS protocol due to accepting RSA-MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange messages during a TLS handshake. A man-in-the-middle attacker can exploit this, via a transcript collision attack, to impersonate a TLS server. (CVE-2015-7575) (CVE-2016-0475) - A denial of service vulnerability exists in the JAXP subcomponent during the handling of expanded general entities. A remote attacker can exploit this to bypass the
last seen	2020-06-01
modified	2020-06-02
plugin id	88041
published	2016-01-21
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88041
title	Oracle JRockit R28 < R28.3.9 Multiple Vulnerabilities (January 2016 CPU) (SLOTH)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3491.NASL
description	Multiple security issues have been found in Icedove, Debian
last seen	2020-06-01
modified	2020-06-02
plugin id	88943
published	2016-02-25
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88943
title	Debian DSA-3491-1 : icedove - security update (SLOTH)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3688.NASL
description	Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. - CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data encrypted with Transport Layer Security (TLS). - CVE-2015-7181 CVE-2015-7182 CVE-2016-1950 Tyson Smith, David Keeler, and Francis Gabriel discovered heap-based buffer overflows in the ASN.1 DER parser, potentially leading to arbitrary code execution. - CVE-2015-7575 Karthikeyan Bhargavan discovered that TLS client implementation accepted MD5-based signatures for TLS 1.2 connections with forward secrecy, weakening the intended security strength of TLS connections. - CVE-2016-1938 Hanno Boeck discovered that NSS miscomputed the result of integer division for certain inputs. This could weaken the cryptographic protections provided by NSS. However, NSS implements RSA-CRT leak hardening, so RSA private keys are not directly disclosed by this issue. - CVE-2016-1978 Eric Rescorla discovered a use-after-free vulnerability in the implementation of ECDH-based TLS handshakes, with unknown consequences. - CVE-2016-1979 Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER processing, with application-specific impact. - CVE-2016-2834 Tyson Smith and Jed Davis discovered unspecified memory-safety bugs in NSS. In addition, the NSS library did not ignore environment variables in processes which underwent a SUID/SGID/AT_SECURE transition at process start. In certain system configurations, this allowed local users to escalate their privileges. This update contains further correctness and stability fixes without immediate security impact.
last seen	2020-06-01
modified	2020-06-02
plugin id	93871
published	2016-10-06
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93871
title	Debian DSA-3688-1 : nss - security update (Logjam) (SLOTH)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-0049.NASL
description	Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88060
published	2016-01-22
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88060
title	CentOS 7 : java-1.8.0-openjdk (CESA-2016:0049) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-60.NASL
description	This update for polarssl fixes the following issues : - CVE-2015-7575: Disables by default MD5 handshake signatures in TLS 1.2 to prevent the SLOTH attack on TLS 1.2 server authentication (boo#961284) - boo#961290: potential double free during certificate generation
last seen	2020-06-05
modified	2016-01-25
plugin id	88132
published	2016-01-25
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88132
title	openSUSE Security Update : polarssl (openSUSE-2016-60) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-59.NASL
description	This update to mbedtls 1.3.16 fixes the following security issues : - CVE-2015-7575: Disables by default MD5 handshake signatures in TLS 1.2 to prevent the SLOTH attack on TLS 1.2 server authentication (boo#961284) - boo#961290: potential double free during certificate generation
last seen	2020-06-05
modified	2016-01-25
plugin id	88131
published	2016-01-25
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88131
title	openSUSE Security Update : mbedtls (openSUSE-2016-59) (SLOTH)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201706-18.NASL
description	The remote host is affected by the vulnerability described in GLSA-201706-18 (mbed TLS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in mbed TLS. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	100944
published	2017-06-21
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/100944
title	GLSA-201706-18 : mbed TLS: Multiple vulnerabilities (SLOTH)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20160121_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL
description	An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-03-18
modified	2016-01-22
plugin id	88079
published	2016-01-22
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88079
title	Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL7.x i386/x86_64 (20160121) (SLOTH)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-0008.NASL
description	Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
last seen	2020-06-01
modified	2020-06-02
plugin id	87781
published	2016-01-08
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87781
title	CentOS 6 / 7 : openssl (CESA-2016:0008) (SLOTH)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2863-1.NASL
description	Karthikeyan Bhargavan and Gaetan Leurent discovered that OpenSSL incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87815
published	2016-01-08
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87815
title	Ubuntu 12.04 LTS : openssl vulnerability (USN-2863-1) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV78624.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	94169
published	2016-10-21
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94169
title	AIX 6.1 TL 9 : nettcp (IV78624) (SLOTH)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0101.NASL
description	Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP20 release. All running instances of IBM Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88557
published	2016-02-03
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88557
title	RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2016:0101) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_JAVA_JAN2016_ADVISORY.NASL
description	The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following components : - 2D - AWT - IBM J9 JVM - JAXP - JMX - Libraries - Networking - Security
last seen	2020-06-01
modified	2020-06-02
plugin id	89053
published	2016-03-01
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/89053
title	AIX Java Advisory : java_jan2016_advisory.asc (January 2016 CPU) (SLOTH)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-0053.NASL
description	Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88062
published	2016-01-22
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88062
title	CentOS 6 : java-1.7.0-openjdk (CESA-2016:0053) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-106.NASL
description	java-1_8_0-openjdk was updated to version 7u95 to fix several security issues. (bsc#962743) The following vulnerabilities were fixed : - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions Includes the following fixes from the October 2015 update: (bsc#951376) - CVE-2015-4734: A remote user can exploit a flaw in the Embedded JGSS component to partially access data - CVE-2015-4803: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4805: A remote user can exploit a flaw in the Embedded Serialization component to gain elevated privileges - CVE-2015-4806: A remote user can exploit a flaw in the Java SE Embedded Libraries component to partially access and partially modify data - CVE-2015-4835: A remote user can exploit a flaw in the Embedded CORBA component to gain elevated privileges - CVE-2015-4842: A remote user can exploit a flaw in the Embedded JAXP component to partially access data - CVE-2015-4843: A remote user can exploit a flaw in the Java SE Embedded Libraries component to gain elevated privileges - CVE-2015-4844: A remote user can exploit a flaw in the Embedded 2D component to gain elevated privileges - CVE-2015-4860: A remote user can exploit a flaw in the Embedded RMI component to gain elevated privileges - CVE-2015-4872: A remote user can exploit a flaw in the JRockit Security component to partially modify data []. - CVE-2015-4881: A remote user can exploit a flaw in the Embedded CORBA component to gain elevated privileges - CVE-2015-4882: A remote user can exploit a flaw in the Embedded CORBA component to cause partial denial of service conditions - CVE-2015-4883: A remote user can exploit a flaw in the Embedded RMI component to gain elevated privileges - CVE-2015-4893: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4902: A remote user can exploit a flaw in the Java SE Deployment component to partially modify data - CVE-2015-4903: A remote user can exploit a flaw in the Embedded RMI component to partially access data - CVE-2015-4911: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4810: A local user can exploit a flaw in the Java SE Deployment component to gain elevated privileges - CVE-2015-4840: A remote user can exploit a flaw in the Embedded 2D component to partially access data - CVE-2015-4868: A remote user can exploit a flaw in the Java SE Embedded Libraries component to gain elevated privileges - CVE-2015-4901: A remote user can exploit a flaw in the JavaFX component to gain elevated privileges - CVE-2015-4906: A remote user can exploit a flaw in the JavaFX component to partially access data - CVE-2015-4908: A remote user can exploit a flaw in the JavaFX component to partially access data - CVE-2015-4916: A remote user can exploit a flaw in the JavaFX component to partially access data
last seen	2020-06-05
modified	2016-02-03
plugin id	88537
published	2016-02-03
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88537
title	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-106) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV86118.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	92562
published	2016-07-27
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92562
title	AIX 7.1 TL 4 : nettcp (IV86118) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV82331.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques. This plugin has been deprecated to better accommodate iFix supersedence with a forthcoming replacement plugin.
last seen	2017-10-29
modified	2017-10-11
plugin id	94177
published	2016-10-21
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=94177
title	AIX 7.1 TL 3 : nettcp (IV82331) (SLOTH) (deprecated)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-978.NASL
description	This update to mozilla-nss 3.20.2 fixes the following issues : - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (boo#952810)
last seen	2020-06-05
modified	2016-01-04
plugin id	87717
published	2016-01-04
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/87717
title	openSUSE Security Update : mozilla-nss (openSUSE-2015-978) (SLOTH)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3437.NASL
description	Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. More information can be found at https://www.mitls.org/pages/attacks/SLOTH
last seen	2020-06-01
modified	2020-06-02
plugin id	87828
published	2016-01-11
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87828
title	Debian DSA-3437-1 : gnutls26 - security update (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV79070.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	94171
published	2016-10-21
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94171
title	AIX 6.1 TL 9 : nettcp (IV79070) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-0431-1.NASL
description	This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	88709
published	2016-02-12
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88709
title	SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0431-1) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-0428-1.NASL
description	This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-24
modified	2019-01-02
plugin id	119974
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119974
title	SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0428-1) (SLOTH)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0098.NASL
description	Updated java-1.8.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 8 SR2-FP10 release. All running instances of IBM Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88554
published	2016-02-03
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88554
title	RHEL 7 : java-1.8.0-ibm (RHSA-2016:0098) (SLOTH)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-0053.NASL
description	From Red Hat Security Advisory 2016:0053 : Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88070
published	2016-01-22
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88070
title	Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2016-0053) (SLOTH)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-0007.NASL
description	Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All nss users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the NSS library must be restarted, or the system rebooted.
last seen	2020-06-01
modified	2020-06-02
plugin id	87780
published	2016-01-08
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87780
title	CentOS 6 / 7 : nss (CESA-2016:0007) (SLOTH)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201605-06.NASL
description	The remote host is affected by the vulnerability described in GLSA-201605-06 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	91379
published	2016-05-31
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91379
title	GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV82328.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	94175
published	2016-10-21
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94175
title	AIX 7.1 TL 3 : nettcp (IV82328) (SLOTH)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-1430.NASL
description	An update for java-1.7.0-ibm and java-1.7.1-ibm is now available for Red Hat Satellite 5.7 and Red Hat Satellite 5.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3-FP40. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	92400
published	2016-07-19
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92400
title	RHEL 5 / 6 : java-1.7.0-ibm and java-1.7.1-ibm (RHSA-2016:1430) (SLOTH)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2016-0049.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) - fix high-precision timestamps in timestamping authority - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint
last seen	2020-06-01
modified	2020-06-02
plugin id	91154
published	2016-05-16
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91154
title	OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-110.NASL
description	Update OpenJDK to 7u95 / IcedTea 2.6.4 including the following fixes : - Security fixes - S8059054, CVE-2016-0402: Better URL processing - S8130710, CVE-2016-0448: Better attributes processing - S8132210: Reinforce JMX collector internals - S8132988: Better printing dialogues - S8133962, CVE-2016-0466: More general limits - S8137060: JMX memory management improvements - S8139012: Better font substitutions - S8139017, CVE-2016-0483: More stable image decoding - S8140543, CVE-2016-0494: Arrange font actions - S8143185: Cleanup for handling proxies - S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays - S8144773, CVE-2015-7575: Further reduce use of MD5 (SLOTH) - S8142882, CVE-2015-4871: rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - Import of OpenJDK 7 u95 build 0 - S7167988: PKIX CertPathBuilder in reverse mode doesn
last seen	2020-06-05
modified	2016-02-03
plugin id	88540
published	2016-02-03
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88540
title	openSUSE Security Update : Java7 (openSUSE-2016-110) (SLOTH)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0053.NASL
description	Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88072
published	2016-01-22
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88072
title	RHEL 6 : java-1.7.0-openjdk (RHSA-2016:0053) (SLOTH)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_10F7BC7603354A88B3910B05B3A8CE1C.NASL
description	The Mozilla Project reports : Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This issues exposes NSS based clients such as Firefox to theoretical collision-based forgery attacks.
last seen	2020-06-01
modified	2020-06-02
plugin id	87609
published	2015-12-29
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87609
title	FreeBSD : NSS -- MD5 downgrade in TLS 1.2 signatures (10f7bc76-0335-4a88-b391-0b05b3a8ce1c) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-6.NASL
description	This update to MozillaFirefox 43.0.3 fixes the following issues : - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature, in combination wit NSS 3.20.2 [boo#959888] Further fixes : - workaround Youtube user agent detection issue (bmo#1233970) - fix file download regression for multi user systems
last seen	2020-06-05
modified	2016-01-04
plugin id	87719
published	2016-01-04
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/87719
title	openSUSE Security Update : MozillaFirefox (openSUSE-2016-6) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_BIND_NETTCP_ADVISORY2.NASL
description	The version of bind installed on the remote AIX host is affected by the following vulnerabilities : - The TLS protocol allows weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker can exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. (CVE-2015-7575) - IBM AIX does not require the newest version of TLS by default which allows a remote attacker to obtain sensitive information using man in the middle techniques. (CVE-2016-0266)
last seen	2020-06-01
modified	2020-06-02
plugin id	104123
published	2017-10-24
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/104123
title	AIX bind Advisory : nettcp_advisory2.asc (IV86116) (IV86117) (IV86118) (IV86119) (IV86120) (IV86132)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0100.NASL
description	Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR9-FP30 release. All running instances of IBM Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88556
published	2016-02-03
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88556
title	RHEL 5 : java-1.7.0-ibm (RHSA-2016:0100) (SLOTH)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201701-46.NASL
description	The remote host is affected by the vulnerability described in GLSA-201701-46 (Mozilla Network Security Service (NSS): Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers and technical papers referenced below for details. Impact : Remote attackers could conduct man-in-the-middle attacks, obtain access to private key information, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	96643
published	2017-01-20
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96643
title	GLSA-201701-46 : Mozilla Network Security Service (NSS): Multiple vulnerabilities (Logjam) (SLOTH)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-0054.NASL
description	Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88063
published	2016-01-22
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88063
title	CentOS 5 / 7 : java-1.7.0-openjdk (CESA-2016:0054) (SLOTH)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0055.NASL
description	Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 71 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88074
published	2016-01-22
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88074
title	RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:0055) (SLOTH)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3465.NASL
description	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosure, denial of service and insecure cryptography.
last seen	2020-06-01
modified	2020-06-02
plugin id	88568
published	2016-02-04
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88568
title	Debian DSA-3465-1 : openjdk-6 - security update (SLOTH)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20160107_GNUTLS_ON_SL6_X.NASL
description	A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) For the update to take effect, all applications linked to the GnuTLS library must be restarted.
last seen	2020-03-18
modified	2016-01-11
plugin id	87838
published	2016-01-11
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87838
title	Scientific Linux Security Update : gnutls on SL6.x, SL7.x i386/x86_64 (20160107) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_OPENSSL_ADVISORY16.NASL
description	The remote AIX host has a version of OpenSSL installed that is affected by a collision-based forgery vulnerability, known as SLOTH (Security Losses from Obsolete and Truncated Transcript Hashes), in the TLS protocol due to accepting RSA-MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange messages during a TLS handshake. A man-in-the-middle attacker can exploit this, via a transcript collision attack, to impersonate a TLS server.
last seen	2020-06-01
modified	2020-06-02
plugin id	88591
published	2016-02-05
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88591
title	AIX OpenSSL Advisory : openssl_advisory16.asc (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-225.NASL
description	This update to 38.6.0 fixes the following issues : - MFSA 2016-01/CVE-2016-1930 Miscellaneous memory safety hazards - MFSA 2016-03/CVE-2016-1935 (bmo#1220450) Buffer overflow in WebGL after out of memory allocation
last seen	2020-06-05
modified	2016-02-18
plugin id	88830
published	2016-02-18
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88830
title	openSUSE Security Update : Thunderbird (openSUSE-2016-225) (SLOTH)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2904-1.NASL
description	Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2015-7575) Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitary code with the privileges of the user invoking Thunderbird. (CVE-2016-1523) Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1930) Aki Helin discovered a buffer overflow when rendering WebGL content in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1935). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	89776
published	2016-03-09
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/89776
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : thunderbird vulnerabilities (USN-2904-1) (SLOTH)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0054.NASL
description	Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88073
published	2016-01-22
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88073
title	RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0054) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-0776-1.NASL
description	IBM Java was updated to version 6.0-16.20, fixing various security issues. More information can be found on <a href=
last seen	2020-06-01
modified	2020-06-02
plugin id	89989
published	2016-03-17
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/89989
title	SUSE SLES10 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0776-1) (SLOTH)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0050.NASL
description	Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88036
published	2016-01-21
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88036
title	RHEL 6 : java-1.8.0-openjdk (RHSA-2016:0050) (SLOTH)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0007.NASL
description	Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All nss users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the NSS library must be restarted, or the system rebooted.
last seen	2020-06-01
modified	2020-06-02
plugin id	87807
published	2016-01-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87807
title	RHEL 6 / 7 : nss (RHSA-2016:0007) (SLOTH)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2866-1.NASL
description	Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87846
published	2016-01-11
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87846
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : firefox vulnerability (USN-2866-1) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-126.NASL
description	SeaMonkey was updated to 2.40 (boo#959277) to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature - CVE-2015-7201/CVE-2015-7202: Miscellaneous memory safety hazards - CVE-2015-7204: Crash with JavaScript variable assignment with unboxed objects - CVE-2015-7207: Same-origin policy violation using perfomance.getEntries and history navigation - CVE-2015-7208: Firefox allows for control characters to be set in cookies - CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed - CVE-2015-7212: Integer overflow allocating extremely large textures - CVE-2015-7215: Cross-origin information leak through web workers error events - CVE-2015-7211: Hash in data URI is incorrectly parsed - CVE-2015-7218/CVE-2015-7219: DOS due to malformed frames in HTTP/2 - CVE-2015-7216/CVE-2015-7217: Linux file chooser crashes on malformed images due to flaws in Jasper library - CVE-2015-7203/CVE-2015-7220/CVE-2015-7221: Buffer overflows found through code inspection - CVE-2015-7205: Underflow through code inspection - CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions - CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright - CVE-2015-7223: Privilege escalation vulnerabilities in WebExtension APIs - CVE-2015-7214: Cross-site reading attack through data and view-source URIs
last seen	2020-06-05
modified	2016-02-03
plugin id	88547
published	2016-02-03
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88547
title	openSUSE Security Update : seamonkey (openSUSE-2016-126) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV86116.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	92560
published	2016-07-27
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/92560
title	AIX 6.1 TL 9 : nettcp (IV86116) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV86117.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	92561
published	2016-07-27
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/92561
title	AIX 7.1 TL 3 : nettcp (IV86117) (SLOTH)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20160121_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL
description	An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-03-18
modified	2016-01-22
plugin id	88080
published	2016-01-22
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88080
title	Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20160121) (SLOTH)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-0050.NASL
description	From Red Hat Security Advisory 2016:0050 : Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88069
published	2016-01-22
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88069
title	Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2016-0050) (SLOTH)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2016-647.NASL
description	An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Integer signedness issues were discovered in IndicRearrangementProcessor and IndicRearrangementProcessor2 in the ICU Layout Engine. A specially crafted font file could cause an application using ICU to parse untrusted fonts to crash and, possibly, execute arbitrary code. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) A flaw was found in the deserialization of the URL class in the Networking component of OpenJDK. Deserialization of the specially crafted data could result in creation of the URL object with an inconsistent state. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-0402) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) It was discovered that the RMIConnector and RMIConnectionImpl classes in the JMX component of OpenJDK could log sensitive information such as user passwords in its debug log, possibly leading the exposure of the information. (CVE-2016-0448)
last seen	2020-06-01
modified	2020-06-02
plugin id	88659
published	2016-02-10
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88659
title	Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-647) (SLOTH)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-410.NASL
description	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosure, denial of service and insecure cryptography. CVE-2015-7575 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. CVE-2015-8126 Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. CVE-2015-8472 Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. CVE-2016-0402 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking. CVE-2016-0448 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX. CVE-2016-0466 It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. CVE-2016-0483 Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. CVE-2016-0494 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. For Debian 6
last seen	2020-03-17
modified	2016-02-05
plugin id	88580
published	2016-02-05
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88580
title	Debian DLA-410-1 : openjdk-6 security update (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-0256-1.NASL
description	java-1_8_0-openjdk was updated to version 7u95 to fix several security issues. (bsc#962743) The following vulnerabilities were fixed : - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	88453
published	2016-01-28
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88453
title	SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:0256-1) (SLOTH)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20160120_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL
description	An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-03-18
modified	2016-01-22
plugin id	88078
published	2016-01-22
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88078
title	Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20160120) (SLOTH)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20160107_NSS_ON_SL6_X.NASL
description	A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) For the update to take effect, all services linked to the NSS library must be restarted, or the system rebooted.
last seen	2020-03-18
modified	2016-01-11
plugin id	87840
published	2016-01-11
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87840
title	Scientific Linux Security Update : nss on SL6.x, SL7.x i386/x86_64 (20160107) (SLOTH)

NASL family	Misc.
NASL id	ORACLE_JAVA_CPU_JAN_2016_UNIX.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 71, 7 Update 95, or 6 Update 111. It is, therefore, affected by security vulnerabilities in the following components : - 2D - AWT - JAXP - JMX - Libraries - Networking - Security
last seen	2020-06-01
modified	2020-06-02
plugin id	88046
published	2016-01-21
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88046
title	Oracle Java SE Multiple Vulnerabilities (January 2016 CPU) (SLOTH) (Unix)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-105.NASL
description	java-1_8_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions
last seen	2020-06-05
modified	2016-02-03
plugin id	88536
published	2016-02-03
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88536
title	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-105) (SLOTH)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20160120_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL
description	An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-03-18
modified	2016-01-21
plugin id	88037
published	2016-01-21
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88037
title	Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20160120) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-0265-1.NASL
description	java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions The following bugs were fixed : - bsc#939523: java-1_7_0-openjdk-headless had X dependencies, move libjavagtk to full package Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	88485
published	2016-01-29
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88485
title	SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0265-1) (SLOTH)

NASL family	Windows
NASL id	ORACLE_JAVA_CPU_JAN_2016.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 71, 7 Update 95, or 6 Update 111. It is, therefore, affected by security vulnerabilities in the following components : - 2D - AWT - JAXP - JMX - Libraries - Networking - Security
last seen	2020-06-01
modified	2020-06-02
plugin id	88045
published	2016-01-21
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88045
title	Oracle Java SE Multiple Vulnerabilities (January 2016 CPU) (SLOTH)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-0050.NASL
description	Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	88061
published	2016-01-22
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88061
title	CentOS 6 : java-1.8.0-openjdk (CESA-2016:0050) (SLOTH)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0012.NASL
description	Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.
last seen	2020-06-01
modified	2020-06-02
plugin id	87812
published	2016-01-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87812
title	RHEL 6 / 7 : gnutls (RHSA-2016:0012) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV86120.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	92564
published	2016-07-27
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/92564
title	AIX 5.3 TL 12 : nettcp (IV86120) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV88959.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	94180
published	2016-10-21
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94180
title	AIX 5.3 TL 12 : nettcp (IV88959) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-0636-1.NASL
description	This update for java-1_7_0-ibm fixes the following issues by updating to 7.0-9.30 (bsc#963937) : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	89657
published	2016-03-04
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/89657
title	SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:0636-1) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-0770-1.NASL
description	This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	89961
published	2016-03-16
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/89961
title	SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0770-1) (SLOTH)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2016-643.NASL
description	An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871 , CVE-2016-0402 , CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file.
last seen	2020-06-01
modified	2020-06-02
plugin id	88655
published	2016-02-10
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88655
title	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-643) (SLOTH)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2016-645.NASL
description	A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)
last seen	2020-06-01
modified	2020-06-02
plugin id	88657
published	2016-02-10
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88657
title	Amazon Linux AMI : nss (ALAS-2016-645) (SLOTH)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3500.NASL
description	Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. - CVE-2016-0702 Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. This could allow local attackers to recover RSA private keys. - CVE-2016-0705 Adam Langley from Google discovered a double free bug when parsing malformed DSA private keys. This could allow remote attackers to cause a denial of service or memory corruption in applications parsing DSA private keys received from untrusted sources. - CVE-2016-0797 Guido Vranken discovered an integer overflow in the BN_hex2bn and BN_dec2bn functions that can lead to a NULL pointer dereference and heap corruption. This could allow remote attackers to cause a denial of service or memory corruption in applications processing hex or dec data received from untrusted sources. - CVE-2016-0798 Emilia Kasper of the OpenSSL development team discovered a memory leak in the SRP database lookup code. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to the SRP_VBASE_get1_by_user function. - CVE-2016-0799, CVE-2016-2842 Guido Vranken discovered an integer overflow in the BIO_printf functions that could lead to an OOB read when printing very long strings. Additionally the internal doapr_outch function can attempt to write to an arbitrary memory location in the event of a memory allocation failure. These issues will only occur on platforms where sizeof(size_t) > sizeof(int) like many 64 bit systems. This could allow remote attackers to cause a denial of service or memory corruption in applications that pass large amounts of untrusted data to the BIO_printf functions. Additionally the EXPORT and LOW ciphers were disabled since thay could be used as part of the DROWN (CVE-2016-0800 ) and SLOTH (CVE-2015-7575 ) attacks, but note that the oldstable (wheezy) and stable (jessie) distributions are not affected by those attacks since the SSLv2 protocol has already been dropped in the openssl package version 1.0.0c-2.
last seen	2020-06-01
modified	2020-06-02
plugin id	89061
published	2016-03-02
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/89061
title	Debian DSA-3500-1 : openssl - security update

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2016-651.NASL
description	A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)
last seen	2020-06-01
modified	2020-06-02
plugin id	88663
published	2016-02-10
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88663
title	Amazon Linux AMI : gnutls (ALAS-2016-651) (SLOTH)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201801-15.NASL
description	The remote host is affected by the vulnerability described in GLSA-201801-15 (PolarSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PolarSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might be able to execute arbitrary code, cause Denial of Service condition or obtain sensitive information. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	106039
published	2018-01-15
reporter	This script is Copyright (C) 2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/106039
title	GLSA-201801-15 : PolarSSL: Multiple vulnerabilities (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV82330.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	94176
published	2016-10-21
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94176
title	AIX 7.1 TL 3 : nettcp (IV82330) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV78625.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	94170
published	2016-10-21
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94170
title	AIX 6.1 TL 9 : nettcp (IV78625) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV88960.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	94181
published	2016-10-21
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94181
title	AIX 5.3 TL 12 : nettcp (IV88960) (SLOTH)

NASL family	AIX Local Security Checks
NASL id	AIX_IV79072.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
last seen	2020-06-01
modified	2020-06-02
plugin id	94173
published	2016-10-21
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94173
title	AIX 6.1 TL 9 : nettcp (IV79072) (SLOTH)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1388.NASL
description	According to the versions of the gnutls packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.(CVE-2018-10845) - It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.(CVE-2018-10844) - A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client.(CVE-2015-7575) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	124891
published	2019-05-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124891
title	EulerOS Virtualization for ARM 64 3.0.1.0 : gnutls (EulerOS-SA-2019-1388)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2016-661.NASL
description	A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN (CVE-2016-0800). Prior to this advisory, SSLv2 has been disabled by default in OpenSSL on the Amazon Linux AMI. However, application configurations may still re-enable SSLv2. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575 , Medium) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197 , Low) A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim
last seen	2020-06-01
modified	2020-06-02
plugin id	89842
published	2016-03-11
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/89842
title	Amazon Linux AMI : openssl (ALAS-2016-661) (DROWN) (SLOTH)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0008.NASL
description	Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
last seen	2020-06-01
modified	2020-06-02
plugin id	87808
published	2016-01-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87808
title	RHEL 6 / 7 : openssl (RHSA-2016:0008) (SLOTH)

Redhat

advisories

bugzilla

id	1289841
title	CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment nss is earlier than 0:3.19.1-8.el6_7
oval oval:com.redhat.rhsa:tst:20160007001
comment nss is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364010
AND
comment nss-tools is earlier than 0:3.19.1-8.el6_7
oval oval:com.redhat.rhsa:tst:20160007003
comment nss-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364012
AND
comment nss-sysinit is earlier than 0:3.19.1-8.el6_7
oval oval:com.redhat.rhsa:tst:20160007005
comment nss-sysinit is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364008
AND
comment nss-devel is earlier than 0:3.19.1-8.el6_7
oval oval:com.redhat.rhsa:tst:20160007007
comment nss-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364014

AND

comment nss-pkcs11-devel is earlier than 0:3.19.1-8.el6_7
oval oval:com.redhat.rhsa:tst:20160007009
comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364006

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment nss-devel is earlier than 0:3.19.1-19.el7_2
oval oval:com.redhat.rhsa:tst:20160007012
comment nss-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364014

AND

comment nss-pkcs11-devel is earlier than 0:3.19.1-19.el7_2
oval oval:com.redhat.rhsa:tst:20160007013
comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364006

AND
comment nss is earlier than 0:3.19.1-19.el7_2
oval oval:com.redhat.rhsa:tst:20160007014
comment nss is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364010
AND
comment nss-sysinit is earlier than 0:3.19.1-19.el7_2
oval oval:com.redhat.rhsa:tst:20160007015
comment nss-sysinit is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364008
AND
comment nss-tools is earlier than 0:3.19.1-19.el7_2
oval oval:com.redhat.rhsa:tst:20160007016
comment nss-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364012

rhsa

id	RHSA-2016:0007
released	2016-01-07
severity	Moderate
title	RHSA-2016:0007: nss security update (Moderate)

bugzilla

id	1289841
title	CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment openssl is earlier than 0:1.0.1e-42.el6_7.2
oval oval:com.redhat.rhsa:tst:20160008001
comment openssl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929008

AND

comment openssl-devel is earlier than 0:1.0.1e-42.el6_7.2
oval oval:com.redhat.rhsa:tst:20160008003
comment openssl-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929002

AND
comment openssl-perl is earlier than 0:1.0.1e-42.el6_7.2
oval oval:com.redhat.rhsa:tst:20160008005
comment openssl-perl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929004

AND

comment openssl-static is earlier than 0:1.0.1e-42.el6_7.2
oval oval:com.redhat.rhsa:tst:20160008007
comment openssl-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929006

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment openssl-static is earlier than 1:1.0.1e-51.el7_2.2
oval oval:com.redhat.rhsa:tst:20160008010
comment openssl-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929006

AND
comment openssl-perl is earlier than 1:1.0.1e-51.el7_2.2
oval oval:com.redhat.rhsa:tst:20160008011
comment openssl-perl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929004
AND
comment openssl is earlier than 1:1.0.1e-51.el7_2.2
oval oval:com.redhat.rhsa:tst:20160008012
comment openssl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929008
AND
comment openssl-libs is earlier than 1:1.0.1e-51.el7_2.2
oval oval:com.redhat.rhsa:tst:20160008013
comment openssl-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929010

AND

comment openssl-devel is earlier than 1:1.0.1e-51.el7_2.2
oval oval:com.redhat.rhsa:tst:20160008015
comment openssl-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929002

rhsa

id	RHSA-2016:0008
released	2016-01-08
severity	Moderate
title	RHSA-2016:0008: openssl security update (Moderate)

bugzilla

id	1289841
title	CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment gnutls-utils is earlier than 0:2.8.5-19.el6_7
oval oval:com.redhat.rhsa:tst:20160012001
comment gnutls-utils is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120429004
AND
comment gnutls is earlier than 0:2.8.5-19.el6_7
oval oval:com.redhat.rhsa:tst:20160012003
comment gnutls is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120429002
AND
comment gnutls-devel is earlier than 0:2.8.5-19.el6_7
oval oval:com.redhat.rhsa:tst:20160012005
comment gnutls-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120429008
AND
comment gnutls-guile is earlier than 0:2.8.5-19.el6_7
oval oval:com.redhat.rhsa:tst:20160012007
comment gnutls-guile is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120429006

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment gnutls-c++ is earlier than 0:3.3.8-14.el7_2
oval oval:com.redhat.rhsa:tst:20160012010
comment gnutls-c++ is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140684002
AND
comment gnutls-devel is earlier than 0:3.3.8-14.el7_2
oval oval:com.redhat.rhsa:tst:20160012012
comment gnutls-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120429008
AND
comment gnutls-utils is earlier than 0:3.3.8-14.el7_2
oval oval:com.redhat.rhsa:tst:20160012013
comment gnutls-utils is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120429004
AND
comment gnutls-dane is earlier than 0:3.3.8-14.el7_2
oval oval:com.redhat.rhsa:tst:20160012014
comment gnutls-dane is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140684004
AND
comment gnutls is earlier than 0:3.3.8-14.el7_2
oval oval:com.redhat.rhsa:tst:20160012016
comment gnutls is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120429002

rhsa

id	RHSA-2016:0012
released	2016-01-08
severity	Moderate
title	RHSA-2016:0012: gnutls security update (Moderate)

rhsa
id RHSA-2016:0049
rhsa
id RHSA-2016:0050
rhsa
id RHSA-2016:0053
rhsa
id RHSA-2016:0054
rhsa
id RHSA-2016:0055
rhsa
id RHSA-2016:0056
rhsa
id RHSA-2016:1430

rpms

nss-0:3.19.1-19.el7_2
nss-0:3.19.1-8.el6_7
nss-debuginfo-0:3.19.1-19.el7_2
nss-debuginfo-0:3.19.1-8.el6_7
nss-devel-0:3.19.1-19.el7_2
nss-devel-0:3.19.1-8.el6_7
nss-pkcs11-devel-0:3.19.1-19.el7_2
nss-pkcs11-devel-0:3.19.1-8.el6_7
nss-sysinit-0:3.19.1-19.el7_2
nss-sysinit-0:3.19.1-8.el6_7
nss-tools-0:3.19.1-19.el7_2
nss-tools-0:3.19.1-8.el6_7
openssl-0:1.0.1e-42.el6_7.2
openssl-1:1.0.1e-51.el7_2.2
openssl-debuginfo-0:1.0.1e-42.el6_7.2
openssl-debuginfo-1:1.0.1e-51.el7_2.2
openssl-devel-0:1.0.1e-42.el6_7.2
openssl-devel-1:1.0.1e-51.el7_2.2
openssl-libs-1:1.0.1e-51.el7_2.2
openssl-perl-0:1.0.1e-42.el6_7.2
openssl-perl-1:1.0.1e-51.el7_2.2
openssl-static-0:1.0.1e-42.el6_7.2
openssl-static-1:1.0.1e-51.el7_2.2
gnutls-0:2.8.5-19.el6_7
gnutls-0:3.3.8-14.el7_2
gnutls-c++-0:3.3.8-14.el7_2
gnutls-dane-0:3.3.8-14.el7_2
gnutls-debuginfo-0:2.8.5-19.el6_7
gnutls-debuginfo-0:3.3.8-14.el7_2
gnutls-devel-0:2.8.5-19.el6_7
gnutls-devel-0:3.3.8-14.el7_2
gnutls-guile-0:2.8.5-19.el6_7
gnutls-utils-0:2.8.5-19.el6_7
gnutls-utils-0:3.3.8-14.el7_2
java-1.8.0-openjdk-1:1.8.0.71-2.b15.el7_2
java-1.8.0-openjdk-accessibility-1:1.8.0.71-2.b15.el7_2
java-1.8.0-openjdk-accessibility-debug-1:1.8.0.71-2.b15.el7_2
java-1.8.0-openjdk-debug-1:1.8.0.71-2.b15.el7_2
java-1.8.0-openjdk-debuginfo-1:1.8.0.71-2.b15.el7_2
java-1.8.0-openjdk-demo-1:1.8.0.71-2.b15.el7_2
java-1.8.0-openjdk-demo-debug-1:1.8.0.71-2.b15.el7_2
java-1.8.0-openjdk-devel-1:1.8.0.71-2.b15.el7_2
java-1.8.0-openjdk-devel-debug-1:1.8.0.71-2.b15.el7_2
java-1.8.0-openjdk-headless-1:1.8.0.71-2.b15.el7_2
java-1.8.0-openjdk-headless-debug-1:1.8.0.71-2.b15.el7_2
java-1.8.0-openjdk-javadoc-1:1.8.0.71-2.b15.el7_2
java-1.8.0-openjdk-javadoc-debug-1:1.8.0.71-2.b15.el7_2
java-1.8.0-openjdk-src-1:1.8.0.71-2.b15.el7_2
java-1.8.0-openjdk-src-debug-1:1.8.0.71-2.b15.el7_2
java-1.8.0-openjdk-1:1.8.0.71-1.b15.el6_7
java-1.8.0-openjdk-debug-1:1.8.0.71-1.b15.el6_7
java-1.8.0-openjdk-debuginfo-1:1.8.0.71-1.b15.el6_7
java-1.8.0-openjdk-demo-1:1.8.0.71-1.b15.el6_7
java-1.8.0-openjdk-demo-debug-1:1.8.0.71-1.b15.el6_7
java-1.8.0-openjdk-devel-1:1.8.0.71-1.b15.el6_7
java-1.8.0-openjdk-devel-debug-1:1.8.0.71-1.b15.el6_7
java-1.8.0-openjdk-headless-1:1.8.0.71-1.b15.el6_7
java-1.8.0-openjdk-headless-debug-1:1.8.0.71-1.b15.el6_7
java-1.8.0-openjdk-javadoc-1:1.8.0.71-1.b15.el6_7
java-1.8.0-openjdk-javadoc-debug-1:1.8.0.71-1.b15.el6_7
java-1.8.0-openjdk-src-1:1.8.0.71-1.b15.el6_7
java-1.8.0-openjdk-src-debug-1:1.8.0.71-1.b15.el6_7
java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el6_7
java-1.7.0-openjdk-debuginfo-1:1.7.0.95-2.6.4.0.el6_7
java-1.7.0-openjdk-demo-1:1.7.0.95-2.6.4.0.el6_7
java-1.7.0-openjdk-devel-1:1.7.0.95-2.6.4.0.el6_7
java-1.7.0-openjdk-javadoc-1:1.7.0.95-2.6.4.0.el6_7
java-1.7.0-openjdk-src-1:1.7.0.95-2.6.4.0.el6_7
java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el7_2
java-1.7.0-openjdk-1:1.7.0.95-2.6.4.1.el5_11
java-1.7.0-openjdk-accessibility-1:1.7.0.95-2.6.4.0.el7_2
java-1.7.0-openjdk-debuginfo-1:1.7.0.95-2.6.4.0.el7_2
java-1.7.0-openjdk-debuginfo-1:1.7.0.95-2.6.4.1.el5_11
java-1.7.0-openjdk-demo-1:1.7.0.95-2.6.4.0.el7_2
java-1.7.0-openjdk-demo-1:1.7.0.95-2.6.4.1.el5_11
java-1.7.0-openjdk-devel-1:1.7.0.95-2.6.4.0.el7_2
java-1.7.0-openjdk-devel-1:1.7.0.95-2.6.4.1.el5_11
java-1.7.0-openjdk-headless-1:1.7.0.95-2.6.4.0.el7_2
java-1.7.0-openjdk-javadoc-1:1.7.0.95-2.6.4.0.el7_2
java-1.7.0-openjdk-javadoc-1:1.7.0.95-2.6.4.1.el5_11
java-1.7.0-openjdk-src-1:1.7.0.95-2.6.4.0.el7_2
java-1.7.0-openjdk-src-1:1.7.0.95-2.6.4.1.el5_11
java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el6_7
java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el7
java-1.8.0-oracle-devel-1:1.8.0.71-1jpp.1.el6_7
java-1.8.0-oracle-devel-1:1.8.0.71-1jpp.1.el7
java-1.8.0-oracle-javafx-1:1.8.0.71-1jpp.1.el6_7
java-1.8.0-oracle-javafx-1:1.8.0.71-1jpp.1.el7
java-1.8.0-oracle-jdbc-1:1.8.0.71-1jpp.1.el6_7
java-1.8.0-oracle-jdbc-1:1.8.0.71-1jpp.1.el7
java-1.8.0-oracle-plugin-1:1.8.0.71-1jpp.1.el6_7
java-1.8.0-oracle-plugin-1:1.8.0.71-1jpp.1.el7
java-1.8.0-oracle-src-1:1.8.0.71-1jpp.1.el6_7
java-1.8.0-oracle-src-1:1.8.0.71-1jpp.1.el7
java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el5_11
java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el6_7
java-1.7.0-oracle-1:1.7.0.95-1jpp.2.el7
java-1.7.0-oracle-devel-1:1.7.0.95-1jpp.1.el5_11
java-1.7.0-oracle-devel-1:1.7.0.95-1jpp.1.el6_7
java-1.7.0-oracle-devel-1:1.7.0.95-1jpp.2.el7
java-1.7.0-oracle-javafx-1:1.7.0.95-1jpp.1.el5_11
java-1.7.0-oracle-javafx-1:1.7.0.95-1jpp.1.el6_7
java-1.7.0-oracle-javafx-1:1.7.0.95-1jpp.2.el7
java-1.7.0-oracle-jdbc-1:1.7.0.95-1jpp.1.el5_11
java-1.7.0-oracle-jdbc-1:1.7.0.95-1jpp.1.el6_7
java-1.7.0-oracle-jdbc-1:1.7.0.95-1jpp.2.el7
java-1.7.0-oracle-plugin-1:1.7.0.95-1jpp.1.el5_11
java-1.7.0-oracle-plugin-1:1.7.0.95-1jpp.1.el6_7
java-1.7.0-oracle-plugin-1:1.7.0.95-1jpp.2.el7
java-1.7.0-oracle-src-1:1.7.0.95-1jpp.1.el5_11
java-1.7.0-oracle-src-1:1.7.0.95-1jpp.1.el6_7
java-1.7.0-oracle-src-1:1.7.0.95-1jpp.2.el7
java-1.8.0-ibm-1:1.8.0.2.10-1jpp.1.el7
java-1.8.0-ibm-demo-1:1.8.0.2.10-1jpp.1.el7
java-1.8.0-ibm-devel-1:1.8.0.2.10-1jpp.1.el7
java-1.8.0-ibm-jdbc-1:1.8.0.2.10-1jpp.1.el7
java-1.8.0-ibm-plugin-1:1.8.0.2.10-1jpp.1.el7
java-1.8.0-ibm-src-1:1.8.0.2.10-1jpp.1.el7
java-1.7.1-ibm-1:1.7.1.3.30-1jpp.1.el7
java-1.7.1-ibm-1:1.7.1.3.30-1jpp.2.el6_7
java-1.7.1-ibm-demo-1:1.7.1.3.30-1jpp.1.el7
java-1.7.1-ibm-demo-1:1.7.1.3.30-1jpp.2.el6_7
java-1.7.1-ibm-devel-1:1.7.1.3.30-1jpp.1.el7
java-1.7.1-ibm-devel-1:1.7.1.3.30-1jpp.2.el6_7
java-1.7.1-ibm-jdbc-1:1.7.1.3.30-1jpp.1.el7
java-1.7.1-ibm-jdbc-1:1.7.1.3.30-1jpp.2.el6_7
java-1.7.1-ibm-plugin-1:1.7.1.3.30-1jpp.1.el7
java-1.7.1-ibm-plugin-1:1.7.1.3.30-1jpp.2.el6_7
java-1.7.1-ibm-src-1:1.7.1.3.30-1jpp.1.el7
java-1.7.1-ibm-src-1:1.7.1.3.30-1jpp.2.el6_7
java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5
java-1.7.0-ibm-demo-1:1.7.0.9.30-1jpp.1.el5
java-1.7.0-ibm-devel-1:1.7.0.9.30-1jpp.1.el5
java-1.7.0-ibm-jdbc-1:1.7.0.9.30-1jpp.1.el5
java-1.7.0-ibm-plugin-1:1.7.0.9.30-1jpp.1.el5
java-1.7.0-ibm-src-1:1.7.0.9.30-1jpp.1.el5
java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el5
java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el6_7
java-1.6.0-ibm-accessibility-1:1.6.0.16.20-1jpp.1.el5
java-1.6.0-ibm-demo-1:1.6.0.16.20-1jpp.1.el5
java-1.6.0-ibm-demo-1:1.6.0.16.20-1jpp.1.el6_7
java-1.6.0-ibm-devel-1:1.6.0.16.20-1jpp.1.el5
java-1.6.0-ibm-devel-1:1.6.0.16.20-1jpp.1.el6_7
java-1.6.0-ibm-javacomm-1:1.6.0.16.20-1jpp.1.el5
java-1.6.0-ibm-javacomm-1:1.6.0.16.20-1jpp.1.el6_7
java-1.6.0-ibm-jdbc-1:1.6.0.16.20-1jpp.1.el5
java-1.6.0-ibm-jdbc-1:1.6.0.16.20-1jpp.1.el6_7
java-1.6.0-ibm-plugin-1:1.6.0.16.20-1jpp.1.el5
java-1.6.0-ibm-plugin-1:1.6.0.16.20-1jpp.1.el6_7
java-1.6.0-ibm-src-1:1.6.0.16.20-1jpp.1.el5
java-1.6.0-ibm-src-1:1.6.0.16.20-1jpp.1.el6_7
java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5
java-1.7.0-ibm-devel-1:1.7.0.9.40-1jpp.1.el5
java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7
java-1.7.1-ibm-devel-1:1.7.1.3.40-1jpp.1.el6_7
spacewalk-java-0:2.0.2-109.el5sat
spacewalk-java-0:2.0.2-109.el6sat
spacewalk-java-0:2.3.8-146.el6sat
spacewalk-java-config-0:2.0.2-109.el5sat
spacewalk-java-config-0:2.0.2-109.el6sat
spacewalk-java-config-0:2.3.8-146.el6sat
spacewalk-java-lib-0:2.0.2-109.el5sat
spacewalk-java-lib-0:2.0.2-109.el6sat
spacewalk-java-lib-0:2.3.8-146.el6sat
spacewalk-java-oracle-0:2.0.2-109.el5sat
spacewalk-java-oracle-0:2.0.2-109.el6sat
spacewalk-java-oracle-0:2.3.8-146.el6sat
spacewalk-java-postgresql-0:2.0.2-109.el5sat
spacewalk-java-postgresql-0:2.0.2-109.el6sat
spacewalk-java-postgresql-0:2.3.8-146.el6sat
spacewalk-taskomatic-0:2.0.2-109.el5sat
spacewalk-taskomatic-0:2.0.2-109.el6sat
spacewalk-taskomatic-0:2.3.8-146.el6sat

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References