Vulnerabilities > CVE-2016-5552 - Remote Security vulnerability in Oracle Jdk, JRE and Jrockit

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
oracle
nessus

Summary

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts).

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0336.NASL
    descriptionAn update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289)
    last seen2020-06-01
    modified2020-06-02
    plugin id97460
    published2017-03-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97460
    titleRHEL 6 / 7 : java-1.7.1-ibm (RHSA-2017:0336)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:0336. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97460);
      script_version("3.9");
      script_cvs_date("Date: 2019/10/24 15:35:42");
    
      script_cve_id("CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2017-3231", "CVE-2017-3241", "CVE-2017-3252", "CVE-2017-3253", "CVE-2017-3259", "CVE-2017-3261", "CVE-2017-3272", "CVE-2017-3289");
      script_xref(name:"RHSA", value:"2017:0336");
    
      script_name(english:"RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2017:0336)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for java-1.7.1-ibm is now available for Red Hat Enterprise
    Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary.
    
    Red Hat Product Security has rated this update as having a security
    impact of Critical. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    IBM Java SE version 7 Release 1 includes the IBM Java Runtime
    Environment and the IBM Java Software Development Kit.
    
    This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1.
    
    Security Fix(es) :
    
    * This update fixes multiple vulnerabilities in the IBM Java Runtime
    Environment and the IBM Java Software Development Kit. Further
    information about these flaws can be found on the IBM Java Security
    alerts page, listed in the References section. (CVE-2016-2183,
    CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549,
    CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252,
    CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272,
    CVE-2017-3289)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2017:0336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-2183"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5546"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5547"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5548"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5549"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5552"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-3231"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-3241"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-3252"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-3253"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-3259"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-3261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-3272"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-3289"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x / 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2017:0336";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8")) flag++;
    
    
      if (rpm_check(release:"RHEL7", reference:"java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.1-ibm / java-1.7.1-ibm-demo / java-1.7.1-ibm-devel / etc");
      }
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0016_OPENJRE.NASL
    descriptionAn update of the openjre package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121694
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121694
    titlePhoton OS 1.0: Openjre PHSA-2017-0016
    code
    #
    # (C) Tenable Network Security, Inc.`
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2017-0016. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121694);
      script_version("1.2");
      script_cvs_date("Date: 2019/04/02 21:54:17");
    
      script_cve_id(
        "CVE-2016-5546",
        "CVE-2016-5547",
        "CVE-2016-5548",
        "CVE-2016-5549",
        "CVE-2016-5552",
        "CVE-2016-8328",
        "CVE-2017-3231",
        "CVE-2017-3241",
        "CVE-2017-3253",
        "CVE-2017-3259",
        "CVE-2017-3260",
        "CVE-2017-3261",
        "CVE-2017-3262",
        "CVE-2017-3272",
        "CVE-2017-3289"
      );
    
      script_name(english:"Photon OS 1.0: Openjre PHSA-2017-0016");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the openjre package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-41.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7889");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/05/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openjre");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjre-1.8.0.131-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjre-1.8.0.131-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjre-1.8.0.131-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjre-1.8.0.131-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjre-1.8.0.131-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjre-1.8.0.131-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjre-1.8.0.131-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjre-1.8.0.131-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjre-1.8.0.131-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjre-1.8.0.131-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjre-1.8.0.131-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjre-1.8.0.131-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjre-1.8.0.131-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjre-1.8.0.131-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjre-1.8.0.131-1.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjre");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170120_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. - Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) - A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) - It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) - It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) - It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) - It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) - It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) - Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
    last seen2020-03-18
    modified2017-01-25
    plugin id96757
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96757
    titleScientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20170120)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96757);
      script_version("3.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5552", "CVE-2017-3231", "CVE-2017-3241", "CVE-2017-3252", "CVE-2017-3253", "CVE-2017-3261", "CVE-2017-3272", "CVE-2017-3289");
    
      script_name(english:"Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20170120)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - It was discovered that the RMI registry and DCG
        implementations in the RMI component of OpenJDK
        performed deserialization of untrusted inputs. A remote
        attacker could possibly use this flaw to execute
        arbitrary code with the privileges of RMI registry or a
        Java RMI application. (CVE-2017-3241)
    
    This issue was addressed by introducing whitelists of classes that can
    be deserialized by RMI registry or DCG. These whitelists can be
    customized using the newly introduced sun.rmi.registry.registryFilter
    and sun.rmi.transport.dgcFilter security properties.
    
      - Multiple flaws were discovered in the Libraries and
        Hotspot components in OpenJDK. An untrusted Java
        application or applet could use these flaws to
        completely bypass Java sandbox restrictions.
        (CVE-2017-3272, CVE-2017-3289)
    
      - A covert timing channel flaw was found in the DSA
        implementation in the Libraries component of OpenJDK. A
        remote attacker could possibly use this flaw to extract
        certain information about the used key via a timing side
        channel. (CVE-2016-5548)
    
      - It was discovered that the Libraries component of
        OpenJDK accepted ECSDA signatures using non-canonical
        DER encoding. This could cause a Java application to
        accept signature in an incorrect format not accepted by
        other cryptographic tools. (CVE-2016-5546)
    
      - It was discovered that the 2D component of OpenJDK
        performed parsing of iTXt and zTXt PNG image chunks even
        when configured to ignore metadata. An attacker able to
        make a Java application parse a specially crafted PNG
        image could cause the application to consume an
        excessive amount of memory. (CVE-2017-3253)
    
      - It was discovered that the Libraries component of
        OpenJDK did not validate the length of the object
        identifier read from the DER input before allocating
        memory to store the OID. An attacker able to make a Java
        application decode a specially crafted DER input could
        cause the application to consume an excessive amount of
        memory. (CVE-2016-5547)
    
      - It was discovered that the JAAS component of OpenJDK did
        not use the correct way to extract user DN from the
        result of the user search LDAP query. A specially
        crafted user LDAP entry could cause the application to
        use an incorrect DN. (CVE-2017-3252)
    
      - It was discovered that the Networking component of
        OpenJDK failed to properly parse user info from the URL.
        A remote attacker could cause a Java application to
        incorrectly parse an attacker supplied URL and interpret
        it differently from other applications processing the
        same URL. (CVE-2016-5552)
    
      - Multiple flaws were found in the Networking components
        in OpenJDK. An untrusted Java application or applet
        could use these flaws to bypass certain Java sandbox
        restrictions. (CVE-2017-3261, CVE-2017-3231)
    
      - A flaw was found in the way the DES/3DES cipher was used
        as part of the TLS/SSL protocol. A man-in-the-middle
        attacker could use this flaw to recover some plaintext
        data by capturing large amounts of encrypted traffic
        between TLS/SSL server and client if the communication
        used a DES/3DES based ciphersuite. (CVE-2016-2183)
    
    This update mitigates the CVE-2016-2183 issue by adding 3DES cipher
    suites to the list of legacy algorithms (defined using the
    jdk.tls.legacyAlgorithms security property) so they are only used if
    connecting TLS/SSL client and server do not share any other non-legacy
    cipher suite.
    
    Note: If the web browser plug-in provided by the icedtea-web package
    was installed, the issues exposed via Java applets could have been
    exploited without user interaction if a user visited a malicious
    website."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1701&L=scientific-linux-errata&F=&S=&P=11488
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?508550e9"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src-debug");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el6_8")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el6_8")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el6_8")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el6_8")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el6_8")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el6_8")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el6_8")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el6_8")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-javadoc-1.8.0.121-0.b13.el6_8")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-javadoc-debug-1.8.0.121-0.b13.el6_8")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-src-1.8.0.121-0.b13.el6_8")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el6_8")) flag++;
    
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-accessibility-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-accessibility-debug-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", reference:"java-1.8.0-openjdk-javadoc-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", reference:"java-1.8.0-openjdk-javadoc-debug-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", reference:"java-1.8.0-openjdk-javadoc-zip-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", reference:"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-src-1.8.0.121-0.b13.el7_3")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el7_3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0269.NASL
    descriptionAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite.
    last seen2020-06-01
    modified2020-06-02
    plugin id97134
    published2017-02-14
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97134
    titleCentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2017:0269)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:0269 and 
    # CentOS Errata and Security Advisory 2017:0269 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97134);
      script_version("3.8");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5552", "CVE-2017-3231", "CVE-2017-3241", "CVE-2017-3252", "CVE-2017-3253", "CVE-2017-3261", "CVE-2017-3272", "CVE-2017-3289");
      script_xref(name:"RHSA", value:"2017:0269");
    
      script_name(english:"CentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2017:0269)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for java-1.7.0-openjdk is now available for Red Hat
    Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise
    Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Critical. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
    Environment and the OpenJDK 7 Java Software Development Kit.
    
    Security Fix(es) :
    
    * It was discovered that the RMI registry and DCG implementations in
    the RMI component of OpenJDK performed deserialization of untrusted
    inputs. A remote attacker could possibly use this flaw to execute
    arbitrary code with the privileges of RMI registry or a Java RMI
    application. (CVE-2017-3241)
    
    This issue was addressed by introducing whitelists of classes that can
    be deserialized by RMI registry or DCG. These whitelists can be
    customized using the newly introduced sun.rmi.registry.registryFilter
    and sun.rmi.transport.dgcFilter security properties.
    
    * Multiple flaws were discovered in the Libraries and Hotspot
    components in OpenJDK. An untrusted Java application or applet could
    use these flaws to completely bypass Java sandbox restrictions.
    (CVE-2017-3272, CVE-2017-3289)
    
    * A covert timing channel flaw was found in the DSA implementation in
    the Libraries component of OpenJDK. A remote attacker could possibly
    use this flaw to extract certain information about the used key via a
    timing side channel. (CVE-2016-5548)
    
    * It was discovered that the Libraries component of OpenJDK accepted
    ECSDA signatures using non-canonical DER encoding. This could cause a
    Java application to accept signature in an incorrect format not
    accepted by other cryptographic tools. (CVE-2016-5546)
    
    * It was discovered that the 2D component of OpenJDK performed parsing
    of iTXt and zTXt PNG image chunks even when configured to ignore
    metadata. An attacker able to make a Java application parse a
    specially crafted PNG image could cause the application to consume an
    excessive amount of memory. (CVE-2017-3253)
    
    * It was discovered that the Libraries component of OpenJDK did not
    validate the length of the object identifier read from the DER input
    before allocating memory to store the OID. An attacker able to make a
    Java application decode a specially crafted DER input could cause the
    application to consume an excessive amount of memory. (CVE-2016-5547)
    
    * It was discovered that the JAAS component of OpenJDK did not use the
    correct way to extract user DN from the result of the user search LDAP
    query. A specially crafted user LDAP entry could cause the application
    to use an incorrect DN. (CVE-2017-3252)
    
    * It was discovered that the Networking component of OpenJDK failed to
    properly parse user info from the URL. A remote attacker could cause a
    Java application to incorrectly parse an attacker supplied URL and
    interpret it differently from other applications processing the same
    URL. (CVE-2016-5552)
    
    * Multiple flaws were found in the Networking components in OpenJDK.
    An untrusted Java application or applet could use these flaws to
    bypass certain Java sandbox restrictions. (CVE-2017-3261,
    CVE-2017-3231)
    
    * A flaw was found in the way the DES/3DES cipher was used as part of
    the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw
    to recover some plaintext data by capturing large amounts of encrypted
    traffic between TLS/SSL server and client if the communication used a
    DES/3DES based ciphersuite. (CVE-2016-2183)
    
    This update mitigates the CVE-2016-2183 issue by adding 3DES cipher
    suites to the list of legacy algorithms (defined using the
    jdk.tls.legacyAlgorithms security property) so they are only used if
    connecting TLS/SSL client and server do not share any other non-legacy
    cipher suite."
      );
      # https://lists.centos.org/pipermail/centos-announce/2017-February/022269.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?44339ded"
      );
      # https://lists.centos.org/pipermail/centos-announce/2017-February/022270.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?de390d5c"
      );
      # https://lists.centos.org/pipermail/centos-announce/2017-February/022271.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?67689444"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1.7.0-openjdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3241");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.7.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x / 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"java-1.7.0-openjdk-javadoc-1.7.0.131-2.6.9.0.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el5_11")) flag++;
    
    if (rpm_check(release:"CentOS-6", reference:"java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el6_8")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el6_8")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el6_8")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"java-1.7.0-openjdk-javadoc-1.7.0.131-2.6.9.0.el6_8")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el6_8")) flag++;
    
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el7_3")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-accessibility-1.7.0.131-2.6.9.0.el7_3")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el7_3")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el7_3")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-headless-1.7.0.131-2.6.9.0.el7_3")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-javadoc-1.7.0.131-2.6.9.0.el7_3")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el7_3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-797.NASL
    descriptionIt was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. (CVE-2017-3241) Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272 , CVE-2017-3289) A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261 , CVE-2017-3231) A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. This update mitigates this issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. (CVE-2016-2183)
    last seen2020-06-01
    modified2020-06-02
    plugin id97147
    published2017-02-15
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97147
    titleAmazon Linux AMI : java-1.7.0-openjdk (ALAS-2017-797)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0269.NASL
    descriptionAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-10
    modified2017-07-13
    plugin id101422
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101422
    titleVirtuozzo 6 : java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc (VZLSA-2017-0269)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0176.NASL
    descriptionAn update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 131. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite.
    last seen2020-06-01
    modified2020-06-02
    plugin id96651
    published2017-01-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96651
    titleRHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2017:0176)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3194-1.NASL
    descriptionKarthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. (CVE-2016-2183) It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. (CVE-2016-5546) It was discovered that OpenJDK did not properly verify object identifier (OID) length when reading Distinguished Encoding Rules (DER) records, as used in x.509 certificates and elsewhere. An attacker could use this to cause a denial of service (memory consumption). (CVE-2016-5547) It was discovered that covert timing channel vulnerabilities existed in the DSA implementations in OpenJDK. A remote attacker could use this to expose sensitive information. (CVE-2016-5548) It was discovered that the URLStreamHandler class in OpenJDK did not properly parse user information from a URL. A remote attacker could use this to expose sensitive information. (CVE-2016-5552) It was discovered that the URLClassLoader class in OpenJDK did not properly check access control context when downloading class files. A remote attacker could use this to expose sensitive information. (CVE-2017-3231) It was discovered that the Remote Method Invocation (RMI) implementation in OpenJDK performed deserialization of untrusted inputs. A remote attacker could use this to execute arbitrary code. (CVE-2017-3241) It was discovered that the Java Authentication and Authorization Service (JAAS) component of OpenJDK did not properly perform user search LDAP queries. An attacker could use a specially constructed LDAP entry to expose or modify sensitive information. (CVE-2017-3252) It was discovered that the PNGImageReader class in OpenJDK did not properly handle iTXt and zTXt chunks. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-3253) It was discovered that integer overflows existed in the SocketInputStream and SocketOutputStream classes of OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-3261) It was discovered that the atomic field updaters in the java.util.concurrent.atomic package in OpenJDK did not properly restrict access to protected field members. An attacker could use this to specially craft a Java application or applet that could bypass Java sandbox restrictions. (CVE-2017-3272) It was discovered that a vulnerability existed in the class construction implementation in OpenJDK. An attacker could use this to specially craft a Java application or applet that could bypass Java sandbox restrictions. (CVE-2017-3289). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97084
    published2017-02-09
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97084
    titleUbuntu 12.04 LTS / 14.04 LTS : openjdk-7 vulnerabilities (USN-3194-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1028.NASL
    descriptionAccording to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) - Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) - A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) - It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) - It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) - It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) - It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) - It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) - Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-10
    modified2017-05-01
    plugin id99873
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99873
    titleEulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2017-1028)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0263.NASL
    descriptionAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289)
    last seen2020-06-01
    modified2020-06-02
    plugin id97095
    published2017-02-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97095
    titleRHEL 6 / 7 : java-1.8.0-ibm (RHSA-2017:0263)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0269.NASL
    descriptionAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite.
    last seen2020-06-01
    modified2020-06-02
    plugin id97121
    published2017-02-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97121
    titleRHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2017:0269)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0180.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS /SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
    last seen2020-06-01
    modified2020-06-02
    plugin id96693
    published2017-01-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96693
    titleRHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2017:0180)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0346-1.NASL
    descriptionThis update for java-1_8_0-openjdk fixes the following issues: Oracle Critical Patch Update of January 2017 (bsc#1020905) Upgrade to version jdk8u121 (icedtea 3.3.0) : - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution - S8156804, CVE-2017-3241: Better constraint checking - S8158406: Limited Parameter Processing - S8158997: JNDI Protocols Switch - S8159507: RuntimeVisibleAnnotation validation - S8161218: Better bytecode loading - S8161743, CVE-2017-3252: Provide proper login context - S8162577: Standardize logging levels - S8162973: Better component components - S8164143, CVE-2017-3260: Improve components for menu items - S8164147, CVE-2017-3261: Improve streaming socket output - S8165071, CVE-2016-2183: Expand TLS support - S8165344, CVE-2017-3272: Update concurrency support - S8166988, CVE-2017-3253: Improve image processing performance - S8167104, CVE-2017-3289: Additional class construction refinements - S8167223, CVE-2016-5552: URL handling improvements - S8168705, CVE-2016-5547: Better ObjectIdentifier validation - S8168714, CVE-2016-5546: Tighten ECDSA validation - S8168728, CVE-2016-5548: DSA signing improvements - S8168724, CVE-2016-5549: ECDSA signing improvements Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96926
    published2017-02-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96926
    titleSUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:0346-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1016.NASL
    descriptionAccording to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) - Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) - A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) - It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) - It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) - It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) - It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) - It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) - Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-21
    modified2017-05-01
    plugin id99862
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99862
    titleEulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2017-1016)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3198-1.NASL
    descriptionKarthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. (CVE-2016-2183) It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. (CVE-2016-5546) It was discovered that covert timing channel vulnerabilities existed in the DSA implementations in OpenJDK. A remote attacker could use this to expose sensitive information. (CVE-2016-5548) It was discovered that the URLStreamHandler class in OpenJDK did not properly parse user information from a URL. A remote attacker could use this to expose sensitive information. (CVE-2016-5552) It was discovered that the URLClassLoader class in OpenJDK did not properly check access control context when downloading class files. A remote attacker could use this to expose sensitive information. (CVE-2017-3231) It was discovered that the Remote Method Invocation (RMI) implementation in OpenJDK performed deserialization of untrusted inputs. A remote attacker could use this to execute arbitrary code. (CVE-2017-3241) It was discovered that the Java Authentication and Authorization Service (JAAS) component of OpenJDK did not properly perform user search LDAP queries. An attacker could use a specially constructed LDAP entry to expose or modify sensitive information. (CVE-2017-3252) It was discovered that the PNGImageReader class in OpenJDK did not properly handle iTXt and zTXt chunks. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-3253) It was discovered that integer overflows existed in the SocketInputStream and SocketOutputStream classes of OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-3261) It was discovered that the atomic field updaters in the java.util.concurrent.atomic package in OpenJDK did not properly restrict access to protected field members. An attacker could use this to specially craft a Java application or applet that could bypass Java sandbox restrictions. (CVE-2017-3272). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97209
    published2017-02-16
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97209
    titleUbuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-3198-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-791.NASL
    descriptionIt was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272 , CVE-2017-3289) A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261 , CVE-2017-3231) A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite.
    last seen2020-06-01
    modified2020-06-02
    plugin id96809
    published2017-01-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96809
    titleAmazon Linux AMI : java-1.8.0-openjdk (ALAS-2017-791)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0016.NASL
    descriptionAn update of [gnutls,openjdk,openjre] packages for PhotonOS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111865
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111865
    titlePhoton OS 1.0: Gnutls / Linux / Openjdk / Openjre PHSA-2017-0016 (deprecated)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0177.NASL
    descriptionAn update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 141. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite.
    last seen2020-06-01
    modified2020-06-02
    plugin id96652
    published2017-01-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96652
    titleRHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2017:0177)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1015.NASL
    descriptionAccording to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) - Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) - A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) - It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) - It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) - It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) - It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) - It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) - Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-21
    modified2017-05-01
    plugin id99861
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99861
    titleEulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2017-1015)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3179-1.NASL
    descriptionKarthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. (CVE-2016-2183) It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. (CVE-2016-5546) It was discovered that OpenJDK did not properly verify object identifier (OID) length when reading Distinguished Encoding Rules (DER) records, as used in x.509 certificates and elsewhere. An attacker could use this to cause a denial of service (memory consumption). (CVE-2016-5547) It was discovered that covert timing channel vulnerabilities existed in the DSA and ECDSA implementations in OpenJDK. A remote attacker could use this to expose sensitive information. (CVE-2016-5548, CVE-2016-5549) It was discovered that the URLStreamHandler class in OpenJDK did not properly parse user information from a URL. A remote attacker could use this to expose sensitive information. (CVE-2016-5552) It was discovered that the URLClassLoader class in OpenJDK did not properly check access control context when downloading class files. A remote attacker could use this to expose sensitive information. (CVE-2017-3231) It was discovered that the Remote Method Invocation (RMI) implementation in OpenJDK performed deserialization of untrusted inputs. A remote attacker could use this to execute arbitrary code. (CVE-2017-3241) It was discovered that the Java Authentication and Authorization Service (JAAS) component of OpenJDK did not properly perform user search LDAP queries. An attacker could use a specially constructed LDAP entry to expose or modify sensitive information. (CVE-2017-3252) It was discovered that the PNGImageReader class in OpenJDK did not properly handle iTXt and zTXt chunks. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-3253) It was discovered that integer overflows existed in the SocketInputStream and SocketOutputStream classes of OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-3261) It was discovered that the atomic field updaters in the java.util.concurrent.atomic package in OpenJDK did not properly restrict access to protected field members. An attacker could use this to specially craft a Java application or applet that could bypass Java sandbox restrictions. (CVE-2017-3272) It was discovered that a vulnerability existed in the class construction implementation in OpenJDK. An attacker could use this to specially craft a Java application or applet that could bypass Java sandbox restrictions. (CVE-2017-3289). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96796
    published2017-01-26
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96796
    titleUbuntu 16.04 LTS / 16.10 : openjdk-8 vulnerabilities (USN-3179-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1216.NASL
    descriptionAn update for java-1.7.1-ibm is now available for Red Hat Satellite 5.7 and Red Hat Satellite 5.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2017-3272, CVE-2017-3289, CVE-2017-3253, CVE-2017-3261, CVE-2017-3231, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2017-3241, CVE-2017-3259, CVE-2016-5573, CVE-2016-5554, CVE-2016-5542, CVE-2016-5597, CVE-2016-5556, CVE-2016-3598, CVE-2016-3511, CVE-2016-0363, CVE-2016-0686, CVE-2016-0687, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3422, CVE-2016-0376, CVE-2016-0264)
    last seen2020-06-01
    modified2020-06-02
    plugin id100094
    published2017-05-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100094
    titleRHEL 6 : java-1.7.1-ibm (RHSA-2017:1216)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0338.NASL
    descriptionAn update for java-1.6.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP41. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272)
    last seen2020-06-01
    modified2020-06-02
    plugin id97462
    published2017-03-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97462
    titleRHEL 5 / 6 : java-1.6.0-ibm (RHSA-2017:0338)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170213_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL
    descriptionSecurity Fix(es) : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. - Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) - A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) - It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) - It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) - It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) - It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) - It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) - Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite.
    last seen2020-03-18
    modified2017-02-13
    plugin id97122
    published2017-02-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97122
    titleScientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20170213)
  • NASL familyWindows
    NASL idORACLE_JROCKIT_CPU_JAN_2017.NASL
    descriptionThe version of Oracle JRockit installed on the remote Windows host is R28.3.12. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5546) - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-5547) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5552) - An unspecified flaw exists in the RMI subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3241) - An unspecified flaw exists in the JAAS subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2017-3252) - An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3253) Note that CVE-2017-3241 can only be exploited by supplying data to APIs in the specified component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service. Note that CVE-2016-5546, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, and CVE-2017-3253 can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. They can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
    last seen2020-06-01
    modified2020-06-02
    plugin id96627
    published2017-01-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96627
    titleOracle JRockit R28.3.12 Multiple Vulnerabilities (January 2017 CPU)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0337.NASL
    descriptionAn update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR10-FP1. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289)
    last seen2020-06-01
    modified2020-06-02
    plugin id97461
    published2017-03-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97461
    titleRHEL 5 : java-1.7.0-ibm (RHSA-2017:0337)
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_JAN_2017.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 121, 7 Update 131, or 6 Update 141. It is, therefore, affected by multiple vulnerabilities : - A vulnerability exists in the Libraries subcomponent, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a
    last seen2020-06-01
    modified2020-06-02
    plugin id96628
    published2017-01-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96628
    titleOracle Java SE Multiple Vulnerabilities (January 2017 CPU) (SWEET32)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0460-1.NASL
    descriptionThis update for java-1_8_0-ibm to version 8.0-4.0 fixes a lot of security issues (bsc#1024218): Following CVEs are fixed: CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 CVE-2016-2183 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2017-3252 More information can be found on: https://developer.ibm.com/javasdk/support/security-vulnerabilities/ Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97187
    published2017-02-15
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97187
    titleSUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:0460-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-821.NASL
    descriptionSeveral vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the bypass of Java sandbox restrictions, denial of service, arbitrary code execution, incorrect parsing or URLs/LDAP DNs or cryptoraphice timing side channel attacks. For Debian 7
    last seen2020-03-17
    modified2017-02-13
    plugin id97105
    published2017-02-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97105
    titleDebian DLA-821-1 : openjdk-7 security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0269.NASL
    descriptionFrom Red Hat Security Advisory 2017:0269 : An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite.
    last seen2020-06-01
    modified2020-06-02
    plugin id97139
    published2017-02-14
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97139
    titleOracle Linux 5 / 6 / 7 : java-1.7.0-openjdk (ELSA-2017-0269)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201707-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201707-01 (IcedTea: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers referenced below for details. Note: If the web browser plug-in provided by the dev-java/icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, gain access to information, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id101248
    published2017-07-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101248
    titleGLSA-201707-01 : IcedTea: Multiple vulnerabilities
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0016_OPENJDK.NASL
    descriptionAn update of the openjdk package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121693
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121693
    titlePhoton OS 1.0: Openjdk PHSA-2017-0016
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-65.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-65 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in in Oracle&rsquo;s JRE and JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, gain access to information, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96787
    published2017-01-26
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96787
    titleGLSA-201701-65 : Oracle JRE/JDK: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-278.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : - Oracle Critical Patch Update of January 2017 to OpenJDK 7u131 (bsc#1020905) : - Security Fixes - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution - S8156804, CVE-2017-3241: Better constraint checking - S8158406: Limited Parameter Processing - S8158997: JNDI Protocols Switch - S8159507: RuntimeVisibleAnnotation validation - S8161218: Better bytecode loading - S8161743, CVE-2017-3252: Provide proper login context - S8162577: Standardize logging levels - S8162973: Better component components - S8164143, CVE-2017-3260: Improve components for menu items - S8164147, CVE-2017-3261: Improve streaming socket output - S8165071, CVE-2016-2183: Expand TLS support - S8165344, CVE-2017-3272: Update concurrency support - S8166988, CVE-2017-3253: Improve image processing performance - S8167104, CVE-2017-3289: Additional class construction refinements - S8167223, CVE-2016-5552: URL handling improvements - S8168705, CVE-2016-5547: Better ObjectIdentifier validation - S8168714, CVE-2016-5546: Tighten ECDSA validation - S8168728, CVE-2016-5548: DSA signing improvments - S8168724, CVE-2016-5549: ECDSA signing improvments - S6253144: Long narrowing conversion should describe the algorithm used and implied
    last seen2020-06-05
    modified2017-02-21
    plugin id97287
    published2017-02-21
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97287
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-2017-278)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0180.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS /SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
    last seen2020-06-01
    modified2020-06-02
    plugin id96664
    published2017-01-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96664
    titleCentOS 6 / 7 : java-1.8.0-openjdk (CESA-2017:0180)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1027.NASL
    descriptionAccording to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) - Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) - A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) - It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) - It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) - It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) - It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) - It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) - Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-21
    modified2017-05-01
    plugin id99872
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99872
    titleEulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2017-1027)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0180.NASL
    descriptionFrom Red Hat Security Advisory 2017:0180 : An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS /SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
    last seen2020-06-01
    modified2020-06-02
    plugin id96692
    published2017-01-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96692
    titleOracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2017-0180)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0175.NASL
    descriptionAn update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 121. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-8328, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3262, CVE-2017-3272, CVE-2017-3289) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite.
    last seen2020-06-01
    modified2020-06-02
    plugin id96650
    published2017-01-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96650
    titleRHEL 6 / 7 : java-1.8.0-oracle (RHSA-2017:0175)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-201.NASL
    descriptionThis update for java-1_8_0-openjdk fixes the following issues: Oracle Critical Patch Update of January 2017 (bsc#1020905) Upgrade to version jdk8u121 (icedtea 3.3.0) : - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution - S8156804, CVE-2017-3241: Better constraint checking - S8158406: Limited Parameter Processing - S8158997: JNDI Protocols Switch - S8159507: RuntimeVisibleAnnotation validation - S8161218: Better bytecode loading - S8161743, CVE-2017-3252: Provide proper login context - S8162577: Standardize logging levels - S8162973: Better component components - S8164143, CVE-2017-3260: Improve components for menu items - S8164147, CVE-2017-3261: Improve streaming socket output - S8165071, CVE-2016-2183: Expand TLS support - S8165344, CVE-2017-3272: Update concurrency support - S8166988, CVE-2017-3253: Improve image processing performance - S8167104, CVE-2017-3289: Additional class construction refinements - S8167223, CVE-2016-5552: URL handling improvements - S8168705, CVE-2016-5547: Better ObjectIdentifier validation - S8168714, CVE-2016-5546: Tighten ECDSA validation - S8168728, CVE-2016-5548: DSA signing improvements - S8168724, CVE-2016-5549: ECDSA signing improvements This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-05
    modified2017-02-06
    plugin id97002
    published2017-02-06
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97002
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-201)
  • NASL familyAIX Local Security Checks
    NASL idAIX_JAVA_JAN2017_ADVISORY.NASL
    descriptionThe version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents : - A vulnerability exists in the Libraries subcomponent, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a
    last seen2020-06-01
    modified2020-06-02
    plugin id103190
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/103190
    titleAIX Java Advisory : java_jan2017_advisory.asc (January 2017 CPU) (SWEET32)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0490-1.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : - Oracle Critical Patch Update of January 2017 to OpenJDK 7u131 (bsc#1020905) : - Security Fixes - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution - S8156804, CVE-2017-3241: Better constraint checking - S8158406: Limited Parameter Processing - S8158997: JNDI Protocols Switch - S8159507: RuntimeVisibleAnnotation validation - S8161218: Better bytecode loading - S8161743, CVE-2017-3252: Provide proper login context - S8162577: Standardize logging levels - S8162973: Better component components - S8164143, CVE-2017-3260: Improve components for menu items - S8164147, CVE-2017-3261: Improve streaming socket output - S8165071, CVE-2016-2183: Expand TLS support - S8165344, CVE-2017-3272: Update concurrency support - S8166988, CVE-2017-3253: Improve image processing performance - S8167104, CVE-2017-3289: Additional class construction refinements - S8167223, CVE-2016-5552: URL handling improvements - S8168705, CVE-2016-5547: Better ObjectIdentifier validation - S8168714, CVE-2016-5546: Tighten ECDSA validation - S8168728, CVE-2016-5548: DSA signing improvments - S8168724, CVE-2016-5549: ECDSA signing improvments - S6253144: Long narrowing conversion should describe the algorithm used and implied
    last seen2020-06-01
    modified2020-06-02
    plugin id97296
    published2017-02-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97296
    titleSUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2017:0490-1)
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_JAN_2017_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 121, 7 Update 131, or 6 Update 141. It is, therefore, affected by multiple vulnerabilities : - A vulnerability exists in the Libraries subcomponent, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a
    last seen2020-06-01
    modified2020-06-02
    plugin id96629
    published2017-01-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96629
    titleOracle Java SE Multiple Vulnerabilities (January 2017 CPU) (Unix) (SWEET32)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0180.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS /SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2017-07-13
    plugin id101412
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101412
    titleVirtuozzo 6 : java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc (VZLSA-2017-0180)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0111_JAVA-1.8.0-OPENJDK.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has java-1.8.0-openjdk packages installed that are affected by multiple vulnerabilities: - It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory. (CVE-2017-3526) - An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. (CVE-2017-3511) - It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re- use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with credentials of a different user. (CVE-2017-3509) - A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application. (CVE-2017-3544) - It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2017-3539) - A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application. (CVE-2017-3533) - It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) - It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) - A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) - It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts). (CVE-2017-3231, CVE-2017-3261) - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) - It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) - It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). (CVE-2017-3272) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). (CVE-2017-3289) - It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm. (CVE-2016-5542) - A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) - It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim
    last seen2020-06-01
    modified2020-06-02
    plugin id127348
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127348
    titleNewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0111)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3782.NASL
    descriptionSeveral vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the bypass of Java sandbox restrictions, denial of service, arbitrary code execution, incorrect parsing of URLs/LDAP DNs or cryptographic timing side channel attacks.
    last seen2020-06-01
    modified2020-06-02
    plugin id97067
    published2017-02-09
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97067
    titleDebian DSA-3782-1 : openjdk-7 - security update

Redhat

advisories
  • rhsa
    idRHSA-2017:0175
  • rhsa
    idRHSA-2017:0176
  • rhsa
    idRHSA-2017:0177
  • rhsa
    idRHSA-2017:0180
  • rhsa
    idRHSA-2017:0263
  • rhsa
    idRHSA-2017:0269
  • rhsa
    idRHSA-2017:0336
  • rhsa
    idRHSA-2017:0337
  • rhsa
    idRHSA-2017:0338
  • rhsa
    idRHSA-2017:1216
rpms
  • java-1.8.0-oracle-1:1.8.0.121-1jpp.1.el6_8
  • java-1.8.0-oracle-1:1.8.0.121-1jpp.1.el7_3
  • java-1.8.0-oracle-devel-1:1.8.0.121-1jpp.1.el6_8
  • java-1.8.0-oracle-devel-1:1.8.0.121-1jpp.1.el7_3
  • java-1.8.0-oracle-javafx-1:1.8.0.121-1jpp.1.el6_8
  • java-1.8.0-oracle-javafx-1:1.8.0.121-1jpp.1.el7_3
  • java-1.8.0-oracle-jdbc-1:1.8.0.121-1jpp.1.el6_8
  • java-1.8.0-oracle-jdbc-1:1.8.0.121-1jpp.1.el7_3
  • java-1.8.0-oracle-plugin-1:1.8.0.121-1jpp.1.el6_8
  • java-1.8.0-oracle-plugin-1:1.8.0.121-1jpp.1.el7_3
  • java-1.8.0-oracle-src-1:1.8.0.121-1jpp.1.el6_8
  • java-1.8.0-oracle-src-1:1.8.0.121-1jpp.1.el7_3
  • java-1.7.0-oracle-1:1.7.0.131-1jpp.1.el5_11
  • java-1.7.0-oracle-1:1.7.0.131-1jpp.1.el6_8
  • java-1.7.0-oracle-1:1.7.0.131-1jpp.1.el7_3
  • java-1.7.0-oracle-devel-1:1.7.0.131-1jpp.1.el5_11
  • java-1.7.0-oracle-devel-1:1.7.0.131-1jpp.1.el6_8
  • java-1.7.0-oracle-devel-1:1.7.0.131-1jpp.1.el7_3
  • java-1.7.0-oracle-javafx-1:1.7.0.131-1jpp.1.el5_11
  • java-1.7.0-oracle-javafx-1:1.7.0.131-1jpp.1.el6_8
  • java-1.7.0-oracle-javafx-1:1.7.0.131-1jpp.1.el7_3
  • java-1.7.0-oracle-jdbc-1:1.7.0.131-1jpp.1.el5_11
  • java-1.7.0-oracle-jdbc-1:1.7.0.131-1jpp.1.el6_8
  • java-1.7.0-oracle-jdbc-1:1.7.0.131-1jpp.1.el7_3
  • java-1.7.0-oracle-plugin-1:1.7.0.131-1jpp.1.el5_11
  • java-1.7.0-oracle-plugin-1:1.7.0.131-1jpp.1.el6_8
  • java-1.7.0-oracle-plugin-1:1.7.0.131-1jpp.1.el7_3
  • java-1.7.0-oracle-src-1:1.7.0.131-1jpp.1.el5_11
  • java-1.7.0-oracle-src-1:1.7.0.131-1jpp.1.el6_8
  • java-1.7.0-oracle-src-1:1.7.0.131-1jpp.1.el7_3
  • java-1.6.0-sun-1:1.6.0.141-1jpp.1.el5_11
  • java-1.6.0-sun-1:1.6.0.141-1jpp.1.el6_8
  • java-1.6.0-sun-1:1.6.0.141-1jpp.1.el7_3
  • java-1.6.0-sun-demo-1:1.6.0.141-1jpp.1.el5_11
  • java-1.6.0-sun-demo-1:1.6.0.141-1jpp.1.el6_8
  • java-1.6.0-sun-demo-1:1.6.0.141-1jpp.1.el7_3
  • java-1.6.0-sun-devel-1:1.6.0.141-1jpp.1.el5_11
  • java-1.6.0-sun-devel-1:1.6.0.141-1jpp.1.el6_8
  • java-1.6.0-sun-devel-1:1.6.0.141-1jpp.1.el7_3
  • java-1.6.0-sun-jdbc-1:1.6.0.141-1jpp.1.el5_11
  • java-1.6.0-sun-jdbc-1:1.6.0.141-1jpp.1.el6_8
  • java-1.6.0-sun-jdbc-1:1.6.0.141-1jpp.1.el7_3
  • java-1.6.0-sun-plugin-1:1.6.0.141-1jpp.1.el5_11
  • java-1.6.0-sun-plugin-1:1.6.0.141-1jpp.1.el6_8
  • java-1.6.0-sun-plugin-1:1.6.0.141-1jpp.1.el7_3
  • java-1.6.0-sun-src-1:1.6.0.141-1jpp.1.el5_11
  • java-1.6.0-sun-src-1:1.6.0.141-1jpp.1.el6_8
  • java-1.6.0-sun-src-1:1.6.0.141-1jpp.1.el7_3
  • java-1.8.0-openjdk-1:1.8.0.121-0.b13.el6_8
  • java-1.8.0-openjdk-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-accessibility-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-accessibility-debug-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-debug-1:1.8.0.121-0.b13.el6_8
  • java-1.8.0-openjdk-debug-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.121-0.b13.el6_8
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-demo-1:1.8.0.121-0.b13.el6_8
  • java-1.8.0-openjdk-demo-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.121-0.b13.el6_8
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-devel-1:1.8.0.121-0.b13.el6_8
  • java-1.8.0-openjdk-devel-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.121-0.b13.el6_8
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-headless-1:1.8.0.121-0.b13.el6_8
  • java-1.8.0-openjdk-headless-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.121-0.b13.el6_8
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-javadoc-1:1.8.0.121-0.b13.el6_8
  • java-1.8.0-openjdk-javadoc-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.121-0.b13.el6_8
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-javadoc-zip-debug-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-src-1:1.8.0.121-0.b13.el6_8
  • java-1.8.0-openjdk-src-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-openjdk-src-debug-1:1.8.0.121-0.b13.el6_8
  • java-1.8.0-openjdk-src-debug-1:1.8.0.121-0.b13.el7_3
  • java-1.8.0-ibm-1:1.8.0.4.0-1jpp.1.el6_8
  • java-1.8.0-ibm-1:1.8.0.4.0-1jpp.1.el7
  • java-1.8.0-ibm-demo-1:1.8.0.4.0-1jpp.1.el6_8
  • java-1.8.0-ibm-demo-1:1.8.0.4.0-1jpp.1.el7
  • java-1.8.0-ibm-devel-1:1.8.0.4.0-1jpp.1.el6_8
  • java-1.8.0-ibm-devel-1:1.8.0.4.0-1jpp.1.el7
  • java-1.8.0-ibm-jdbc-1:1.8.0.4.0-1jpp.1.el6_8
  • java-1.8.0-ibm-jdbc-1:1.8.0.4.0-1jpp.1.el7
  • java-1.8.0-ibm-plugin-1:1.8.0.4.0-1jpp.1.el6_8
  • java-1.8.0-ibm-plugin-1:1.8.0.4.0-1jpp.1.el7
  • java-1.8.0-ibm-src-1:1.8.0.4.0-1jpp.1.el6_8
  • java-1.8.0-ibm-src-1:1.8.0.4.0-1jpp.1.el7
  • java-1.7.0-openjdk-1:1.7.0.131-2.6.9.0.el5_11
  • java-1.7.0-openjdk-1:1.7.0.131-2.6.9.0.el6_8
  • java-1.7.0-openjdk-1:1.7.0.131-2.6.9.0.el7_3
  • java-1.7.0-openjdk-accessibility-1:1.7.0.131-2.6.9.0.el7_3
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.131-2.6.9.0.el5_11
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.131-2.6.9.0.el6_8
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.131-2.6.9.0.el7_3
  • java-1.7.0-openjdk-demo-1:1.7.0.131-2.6.9.0.el5_11
  • java-1.7.0-openjdk-demo-1:1.7.0.131-2.6.9.0.el6_8
  • java-1.7.0-openjdk-demo-1:1.7.0.131-2.6.9.0.el7_3
  • java-1.7.0-openjdk-devel-1:1.7.0.131-2.6.9.0.el5_11
  • java-1.7.0-openjdk-devel-1:1.7.0.131-2.6.9.0.el6_8
  • java-1.7.0-openjdk-devel-1:1.7.0.131-2.6.9.0.el7_3
  • java-1.7.0-openjdk-headless-1:1.7.0.131-2.6.9.0.el7_3
  • java-1.7.0-openjdk-javadoc-1:1.7.0.131-2.6.9.0.el5_11
  • java-1.7.0-openjdk-javadoc-1:1.7.0.131-2.6.9.0.el6_8
  • java-1.7.0-openjdk-javadoc-1:1.7.0.131-2.6.9.0.el7_3
  • java-1.7.0-openjdk-src-1:1.7.0.131-2.6.9.0.el5_11
  • java-1.7.0-openjdk-src-1:1.7.0.131-2.6.9.0.el6_8
  • java-1.7.0-openjdk-src-1:1.7.0.131-2.6.9.0.el7_3
  • java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8
  • java-1.7.1-ibm-1:1.7.1.4.1-1jpp.2.el7
  • java-1.7.1-ibm-demo-1:1.7.1.4.1-1jpp.1.el6_8
  • java-1.7.1-ibm-demo-1:1.7.1.4.1-1jpp.2.el7
  • java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8
  • java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.2.el7
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.1-1jpp.1.el6_8
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.1-1jpp.2.el7
  • java-1.7.1-ibm-plugin-1:1.7.1.4.1-1jpp.1.el6_8
  • java-1.7.1-ibm-plugin-1:1.7.1.4.1-1jpp.2.el7
  • java-1.7.1-ibm-src-1:1.7.1.4.1-1jpp.1.el6_8
  • java-1.7.1-ibm-src-1:1.7.1.4.1-1jpp.2.el7
  • java-1.7.0-ibm-1:1.7.0.10.1-1jpp.1.el5_11
  • java-1.7.0-ibm-demo-1:1.7.0.10.1-1jpp.1.el5_11
  • java-1.7.0-ibm-devel-1:1.7.0.10.1-1jpp.1.el5_11
  • java-1.7.0-ibm-jdbc-1:1.7.0.10.1-1jpp.1.el5_11
  • java-1.7.0-ibm-plugin-1:1.7.0.10.1-1jpp.1.el5_11
  • java-1.7.0-ibm-src-1:1.7.0.10.1-1jpp.1.el5_11
  • java-1.6.0-ibm-1:1.6.0.16.41-1jpp.1.el5_11
  • java-1.6.0-ibm-1:1.6.0.16.41-1jpp.1.el6_8
  • java-1.6.0-ibm-accessibility-1:1.6.0.16.41-1jpp.1.el5_11
  • java-1.6.0-ibm-demo-1:1.6.0.16.41-1jpp.1.el5_11
  • java-1.6.0-ibm-demo-1:1.6.0.16.41-1jpp.1.el6_8
  • java-1.6.0-ibm-devel-1:1.6.0.16.41-1jpp.1.el5_11
  • java-1.6.0-ibm-devel-1:1.6.0.16.41-1jpp.1.el6_8
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.41-1jpp.1.el5_11
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.41-1jpp.1.el6_8
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.41-1jpp.1.el5_11
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.41-1jpp.1.el6_8
  • java-1.6.0-ibm-plugin-1:1.6.0.16.41-1jpp.1.el5_11
  • java-1.6.0-ibm-plugin-1:1.6.0.16.41-1jpp.1.el6_8
  • java-1.6.0-ibm-src-1:1.6.0.16.41-1jpp.1.el5_11
  • java-1.6.0-ibm-src-1:1.6.0.16.41-1jpp.1.el6_8
  • java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8
  • java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8