Vulnerabilities > CVE-2016-5556 - Improper Access Control vulnerability in Oracle JDK and JRE

047910
CVSS 9.6 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
oracle
CWE-284
critical
nessus

Summary

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.

Vulnerable Configurations

Part Description Count
Application
Oracle
6

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3043-1.NASL
    descriptionThis update for java-1_7_1-ibm fixes the following issues : - Version update to 7.1-3.60 (bsc#1009280) Fixing the following CVE
    last seen2020-06-01
    modified2020-06-02
    plugin id95623
    published2016-12-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95623
    titleSUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2016:3043-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:3043-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(95623);
      script_version("3.6");
      script_cvs_date("Date: 2019/09/11 11:22:14");
    
      script_cve_id("CVE-2016-5542", "CVE-2016-5554", "CVE-2016-5556", "CVE-2016-5568", "CVE-2016-5573", "CVE-2016-5597");
    
      script_name(english:"SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2016:3043-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for java-1_7_1-ibm fixes the following issues :
    
      - Version update to 7.1-3.60 (bsc#1009280) Fixing the
        following CVE's: CVE-2016-5568, CVE-2016-5556,
        CVE-2016-5573, CVE-2016-5597, CVE-2016-5554,
        CVE-2016-5542
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1009280"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5542/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5554/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5556/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5568/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5573/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5597/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20163043-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5841a36a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
    patch SUSE-SLE-SDK-12-SP2-2016-1770=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
    patch SUSE-SLE-SDK-12-SP1-2016-1770=1
    
    SUSE Linux Enterprise Server for SAP 12:zypper in -t patch
    SUSE-SLE-SAP-12-2016-1770=1
    
    SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2016-1770=1
    
    SUSE Linux Enterprise Server 12-SP1:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2016-1770=1
    
    SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-2016-1770=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0|1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1/2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"java-1_7_1-ibm-alsa-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"java-1_7_1-ibm-plugin-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_1-ibm-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_1-ibm-jdbc-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_7_1-ibm-alsa-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_7_1-ibm-plugin-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_1-ibm-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_1-ibm-devel-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_1-ibm-jdbc-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-jdbc-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-alsa-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-plugin-1.7.1_sr3.60-31.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_1-ibm");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3010-1.NASL
    descriptionThis update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.35 (bsc#1009280) fixing the following CVE
    last seen2020-03-24
    modified2019-01-02
    plugin id119988
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119988
    titleSUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:3010-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:3010-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119988);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/23");
    
      script_cve_id("CVE-2016-5542", "CVE-2016-5554", "CVE-2016-5556", "CVE-2016-5568", "CVE-2016-5573", "CVE-2016-5597");
    
      script_name(english:"SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:3010-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for java-1_6_0-ibm fixes the following issues :
    
      - Version update to 6.0-16.35 (bsc#1009280) fixing the
        following CVE's: CVE-2016-5568, CVE-2016-5556,
        CVE-2016-5573, CVE-2016-5597, CVE-2016-5554,
        CVE-2016-5542
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1009280"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5542/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5554/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5556/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5568/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5573/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5597/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20163010-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8c45328c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Legacy Software 12:zypper in -t patch
    SUSE-SLE-Module-Legacy-12-2016-1752=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_6_0-ibm-plugin-1.6.0_sr16.35-43.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-1.6.0_sr16.35-43.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-fonts-1.6.0_sr16.35-43.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-jdbc-1.6.0_sr16.35-43.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_6_0-ibm");
    }
    
  • NASL familyAIX Local Security Checks
    NASL idAIX_JAVA_OCT2016_ADVISORY.NASL
    descriptionThe version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents : - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5542) - An unspecified flaw exists in the JMX subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5554) - An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5556) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5568) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id97051
    published2017-02-07
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/97051
    titleAIX Java Advisory : java_oct2016_advisory.asc (October 2016 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97051);
      script_version("3.5");
      script_cvs_date("Date: 2018/07/17 12:00:06");
    
      script_cve_id(
        "CVE-2016-5542",
        "CVE-2016-5554",
        "CVE-2016-5556",
        "CVE-2016-5568",
        "CVE-2016-5573",
        "CVE-2016-5597"
      );
      script_bugtraq_id(
        93618,
        93621,
        93623,
        93628,
        93636,
        93637,
        93643
      );
      script_xref(name:"EDB-ID", value:"118073");
    
      script_name(english:"AIX Java Advisory : java_oct2016_advisory.asc (October 2016 CPU)");
      script_summary(english:"Checks the version of the Java package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Java SDK installed on the remote AIX host is affected
    by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Java SDK installed on the remote AIX host is affected
    by multiple vulnerabilities in the following subcomponents :
    
      - An unspecified flaw exists in the Libraries subcomponent
        that allows an unauthenticated, remote attacker to
        impact integrity. (CVE-2016-5542)
    
      - An unspecified flaw exists in the JMX subcomponent that
        allows an unauthenticated, remote attacker to impact
        integrity. (CVE-2016-5554)
    
      - An unspecified flaw exists in the 2D subcomponent that
        allows an unauthenticated, remote attacker to execute
        arbitrary code. (CVE-2016-5556)
    
      - An unspecified flaw exists in the AWT subcomponent that
        allows an unauthenticated, remote attacker to execute
        arbitrary code. (CVE-2016-5568)
    
      - An unspecified flaw exists in the Networking
        subcomponent that allows an unauthenticated, remote
        attacker to disclose sensitive information.
        (CVE-2016-5597)");
      # http://aix.software.ibm.com/aix/efixes/security/java_oct2016_advisory.asc
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5c188e0d");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+32-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ce533d8f");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+64-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?17d05c61");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d4595696");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9abd5252");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4ee03dc1");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8f7a066c");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?52d4ddf3");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?343fa903");
      # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bac902d5");
      script_set_attribute(attribute:"solution", value:
    "Fixes are available by version and can be downloaded from the IBM AIX
    website.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/07");
    
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"AIX Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");
    
      exit(0);
    }
    
    include("aix.inc");
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    oslevel = get_kb_item_or_exit("Host/AIX/version");
    if ( oslevel != "AIX-5.3" && oslevel != "AIX-6.1" && oslevel != "AIX-7.1" && oslevel != "AIX-7.2" )
    {
      oslevel = ereg_replace(string:oslevel, pattern:"-", replace:" ");
      audit(AUDIT_OS_NOT, "AIX 5.3 / 6.1 / 7.1 / 7.2", oslevel);
    }
    
    if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    flag = 0;
    
    #Java6 6.0.0.635
    if (aix_check_package(release:"5.3", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;
    if (aix_check_package(release:"6.1", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;
    if (aix_check_package(release:"5.3", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;
    if (aix_check_package(release:"6.1", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;
    
    #Java7 7.0.0.560
    if (aix_check_package(release:"6.1", package:"Java7.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.559", fixpackagever:"7.0.0.560") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java7.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.559", fixpackagever:"7.0.0.560") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java7.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.559", fixpackagever:"7.0.0.560") > 0) flag++;
    if (aix_check_package(release:"6.1", package:"Java7_64.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.559", fixpackagever:"7.0.0.560") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java7_64.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.559", fixpackagever:"7.0.0.560") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java7_64.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.559", fixpackagever:"7.0.0.560") > 0) flag++;
    
    #Java7.1 7.1.0.360
    if (aix_check_package(release:"6.1", package:"Java7.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.359", fixpackagever:"7.1.0.360") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java7.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.359", fixpackagever:"7.1.0.360") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java7.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.359", fixpackagever:"7.1.0.360") > 0) flag++;
    if (aix_check_package(release:"6.1", package:"Java7_64.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.359", fixpackagever:"7.1.0.360") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java7_64.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.359", fixpackagever:"7.1.0.360") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java7_64.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.359", fixpackagever:"7.1.0.360") > 0) flag++;
    
    #Java8.0 8.0.0.321
    if (aix_check_package(release:"6.1", package:"Java8.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.320", fixpackagever:"8.0.0.321") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java8.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.320", fixpackagever:"8.0.0.321") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java8.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.320", fixpackagever:"8.0.0.321") > 0) flag++;
    if (aix_check_package(release:"6.1", package:"Java8_64.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.320", fixpackagever:"8.0.0.321") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java8_64.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.320", fixpackagever:"8.0.0.321") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java8_64.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.320", fixpackagever:"8.0.0.321") > 0) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : aix_report_get()
      );
    }
    else
    {
      tested = aix_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Java6 / Java7 / Java8");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0015.NASL
    descriptionAn update of [openjdk,openjre,postgresql] packages for PhotonOS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111849
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111849
    titlePhoton OS 1.0: Openjdk / Openjre / Postgresql PHSA-2016-0015 (deprecated)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1357.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : - Update to 2.6.8 - OpenJDK 7u121 - Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (boo#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (boo#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (boo#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (boo#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (boo#1005527) + S8160838, CVE-2016-5597: Better HTTP service (boo#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (boo#1005524) - Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.jav a + S6882559: new JEditorPane(
    last seen2020-06-05
    modified2016-11-25
    plugin id95311
    published2016-11-25
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95311
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-1357)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2090.NASL
    descriptionAn update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 131. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94190
    published2016-10-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94190
    titleRHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2016:2090)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3041-1.NASL
    descriptionThis update for java-1_7_1-ibm fixes the following issues : - Version update to 7.1-3.60 (bsc#1009280) fixing the following CVE
    last seen2020-06-01
    modified2020-06-02
    plugin id95608
    published2016-12-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95608
    titleSUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2016:3041-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3068-1.NASL
    descriptionThis update for java-1_7_0-ibm fixes the following issues : - Version update to 7.0-9.60 (bsc#1009280, bsc#992537) fixing the following CVE
    last seen2020-06-01
    modified2020-06-02
    plugin id95710
    published2016-12-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95710
    titleSUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:3068-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3078-1.NASL
    descriptionThis update for java-1_8_0-ibm fixes the following issues : - CVE-2016-5568: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT - CVE-2016-5556: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D - CVE-2016-5573: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot - CVE-2016-5597: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to Networking - CVE-2016-5554: Unspecified vulnerability allowed remote attackers to affect integrity via vectors related to JMX - CVE-2016-5542: Unspecified vulnerability allowed remote attackers to affect integrity via vectors related to Libraries Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id95711
    published2016-12-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95711
    titleSUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:3078-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3040-1.NASL
    descriptionThis update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.35 (bsc#1009280) fixing the following CVE
    last seen2020-06-01
    modified2020-06-02
    plugin id95607
    published2016-12-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95607
    titleSUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:3040-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2136.NASL
    descriptionAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP20. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94499
    published2016-11-03
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94499
    titleRHEL 6 / 7 : java-1.8.0-ibm (RHSA-2016:2136)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2138.NASL
    descriptionAn update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR9-FP60. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94501
    published2016-11-03
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94501
    titleRHEL 5 : java-1.7.0-ibm (RHSA-2016:2138)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1389.NASL
    description - Update to 2.6.8 - OpenJDK 7u121 - Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (boo#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (boo#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (boo#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (boo#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (boo#1005527) + S8160838, CVE-2016-5597: Better HTTP service (boo#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (boo#1005524) - Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.jav a + S6882559: new JEditorPane(
    last seen2020-06-05
    modified2016-12-06
    plugin id95549
    published2016-12-06
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95549
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-1389)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2137.NASL
    descriptionAn update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP60. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94500
    published2016-11-03
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94500
    titleRHEL 6 / 7 : java-1.7.1-ibm (RHSA-2016:2137)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1216.NASL
    descriptionAn update for java-1.7.1-ibm is now available for Red Hat Satellite 5.7 and Red Hat Satellite 5.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2017-3272, CVE-2017-3289, CVE-2017-3253, CVE-2017-3261, CVE-2017-3231, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2017-3241, CVE-2017-3259, CVE-2016-5573, CVE-2016-5554, CVE-2016-5542, CVE-2016-5597, CVE-2016-5556, CVE-2016-3598, CVE-2016-3511, CVE-2016-0363, CVE-2016-0686, CVE-2016-0687, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3422, CVE-2016-0376, CVE-2016-0264)
    last seen2020-06-01
    modified2020-06-02
    plugin id100094
    published2017-05-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100094
    titleRHEL 6 : java-1.7.1-ibm (RHSA-2017:1216)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1380.NASL
    descriptionOpenJDK Java was updated to jdk8u111 (icedtea 3.2.0) to fix the following issues : - Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8156794: Extend data sharing + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) - New features + PR1370: Provide option to build without debugging + PR1375: Provide option to strip and link debugging info after build + PR1537: Handle alternative Kerberos credential cache locations + PR1978: Allow use of system PCSC + PR2445: Support system libsctp + PR3182: Support building without pre-compiled headers + PR3183: Support Fedora/RHEL system crypto policy + PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries - Import of OpenJDK 8 u102 build 14 + S4515292: ReferenceType.isStatic() returns true for arrays + S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S6976636: JVM/TI test ex03t001 fails assertion + S7185591: jcmd-big-script.sh ERROR: could not find app
    last seen2020-06-05
    modified2016-12-05
    plugin id95532
    published2016-12-05
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/95532
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-1380)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1444.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : - Update to 2.6.8 - OpenJDK 7u121 - Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) - Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.jav a + S6882559: new JEditorPane(
    last seen2020-06-05
    modified2016-12-13
    plugin id95750
    published2016-12-13
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95750
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-1444)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2088.NASL
    descriptionAn update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 111. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94188
    published2016-10-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94188
    titleRHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:2088)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1335.NASL
    descriptionOpenJDK java-1_8_0-openjdk was updated to jdk8u111 (icedtea 3.2.0) to fix the following issues : - Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (boo#1005522) + S8156794: Extend data sharing + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (boo#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (boo#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (boo#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (boo#1005527) + S8160838, CVE-2016-5597: Better HTTP service (boo#1005528) + PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (boo#1005524) - New features + PR1370: Provide option to build without debugging + PR1375: Provide option to strip and link debugging info after build + PR1537: Handle alternative Kerberos credential cache locations + PR1978: Allow use of system PCSC + PR2445: Support system libsctp + PR3182: Support building without pre-compiled headers + PR3183: Support Fedora/RHEL system crypto policy + PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries - Import of OpenJDK 8 u102 build 14 + S4515292: ReferenceType.isStatic() returns true for arrays + S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S6976636: JVM/TI test ex03t001 fails assertion + S7185591: jcmd-big-script.sh ERROR: could not find app
    last seen2020-06-05
    modified2016-11-21
    plugin id95023
    published2016-11-21
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/95023
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-1335)
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_OCT_2016.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 111, 7 Update 121, or 6 Update 131. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5542) - An unspecified flaw exists in the JMX subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5554) - An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5556) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5568) - Multiple unspecified flaws exist in the Hotspot subcomponent that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5573, CVE-2016-5582) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94138
    published2016-10-19
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94138
    titleOracle Java SE Multiple Vulnerabilities (October 2016 CPU)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0015_OPENJDK.NASL
    descriptionAn update of the openjdk package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121660
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121660
    titlePhoton OS 1.0: Openjdk PHSA-2016-0015
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2659.NASL
    descriptionAn update for java-1.6.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP35. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94624
    published2016-11-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94624
    titleRHEL 5 / 6 : java-1.6.0-ibm (RHSA-2016:2659)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0015_POSTGRESQL.NASL
    descriptionAn update of the postgresql package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121662
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121662
    titlePhoton OS 1.0: Postgresql PHSA-2016-0015
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_OCT_2016_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 111, 7 Update 121, or 6 Update 131. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5542) - An unspecified flaw exists in the JMX subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5554) - An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5556) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5568) - Multiple unspecified flaws exist in the Hotspot subcomponent that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5573, CVE-2016-5582) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94139
    published2016-10-19
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94139
    titleOracle Java SE Multiple Vulnerabilities (October 2016 CPU) (Unix)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2089.NASL
    descriptionAn update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 121. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94189
    published2016-10-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94189
    titleRHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2016:2089)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0015_OPENJRE.NASL
    descriptionAn update of the openjre package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121661
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121661
    titlePhoton OS 1.0: Openjre PHSA-2016-0015
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201611-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201611-04 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities exist in both Oracle&rsquo;s JRE and JDK. Please review the referenced CVE&rsquo;s for additional information. Impact : Remote attackers could gain access to information, remotely execute arbitrary code, or cause Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id94595
    published2016-11-07
    reporterThis script is Copyright (C) 2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94595
    titleGLSA-201611-04 : Oracle JRE/JDK: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2953-1.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : - Update to 2.6.8 - OpenJDK 7u121 - Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) - Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.jav a + S6882559: new JEditorPane(
    last seen2020-06-01
    modified2020-06-02
    plugin id95423
    published2016-12-01
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95423
    titleSUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:2953-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2887-1.NASL
    descriptionOpenJDK Java was updated to jdk8u111 (icedtea 3.2.0) to fix the following issues : - Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8156794: Extend data sharing + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) - New features + PR1370: Provide option to build without debugging + PR1375: Provide option to strip and link debugging info after build + PR1537: Handle alternative Kerberos credential cache locations + PR1978: Allow use of system PCSC + PR2445: Support system libsctp + PR3182: Support building without pre-compiled headers + PR3183: Support Fedora/RHEL system crypto policy + PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries - Import of OpenJDK 8 u102 build 14 + S4515292: ReferenceType.isStatic() returns true for arrays + S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S6976636: JVM/TI test ex03t001 fails assertion + S7185591: jcmd-big-script.sh ERROR: could not find app
    last seen2020-06-01
    modified2020-06-02
    plugin id95294
    published2016-11-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95294
    titleSUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:2887-1)

Redhat

advisories
  • rhsa
    idRHSA-2016:2088
  • rhsa
    idRHSA-2016:2089
  • rhsa
    idRHSA-2016:2090
  • rhsa
    idRHSA-2016:2136
  • rhsa
    idRHSA-2016:2137
  • rhsa
    idRHSA-2016:2138
  • rhsa
    idRHSA-2016:2659
  • rhsa
    idRHSA-2017:1216
rpms
  • java-1.8.0-oracle-1:1.8.0.111-1jpp.4.el6_8
  • java-1.8.0-oracle-1:1.8.0.111-1jpp.4.el7
  • java-1.8.0-oracle-devel-1:1.8.0.111-1jpp.4.el6_8
  • java-1.8.0-oracle-devel-1:1.8.0.111-1jpp.4.el7
  • java-1.8.0-oracle-javafx-1:1.8.0.111-1jpp.4.el6_8
  • java-1.8.0-oracle-javafx-1:1.8.0.111-1jpp.4.el7
  • java-1.8.0-oracle-jdbc-1:1.8.0.111-1jpp.4.el6_8
  • java-1.8.0-oracle-jdbc-1:1.8.0.111-1jpp.4.el7
  • java-1.8.0-oracle-plugin-1:1.8.0.111-1jpp.4.el6_8
  • java-1.8.0-oracle-plugin-1:1.8.0.111-1jpp.4.el7
  • java-1.8.0-oracle-src-1:1.8.0.111-1jpp.4.el6_8
  • java-1.8.0-oracle-src-1:1.8.0.111-1jpp.4.el7
  • java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el5_11
  • java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el6_8
  • java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el7
  • java-1.7.0-oracle-devel-1:1.7.0.121-1jpp.1.el5_11
  • java-1.7.0-oracle-devel-1:1.7.0.121-1jpp.1.el6_8
  • java-1.7.0-oracle-devel-1:1.7.0.121-1jpp.1.el7
  • java-1.7.0-oracle-javafx-1:1.7.0.121-1jpp.1.el5_11
  • java-1.7.0-oracle-javafx-1:1.7.0.121-1jpp.1.el6_8
  • java-1.7.0-oracle-javafx-1:1.7.0.121-1jpp.1.el7
  • java-1.7.0-oracle-jdbc-1:1.7.0.121-1jpp.1.el5_11
  • java-1.7.0-oracle-jdbc-1:1.7.0.121-1jpp.1.el6_8
  • java-1.7.0-oracle-jdbc-1:1.7.0.121-1jpp.1.el7
  • java-1.7.0-oracle-plugin-1:1.7.0.121-1jpp.1.el5_11
  • java-1.7.0-oracle-plugin-1:1.7.0.121-1jpp.1.el6_8
  • java-1.7.0-oracle-plugin-1:1.7.0.121-1jpp.1.el7
  • java-1.7.0-oracle-src-1:1.7.0.121-1jpp.1.el5_11
  • java-1.7.0-oracle-src-1:1.7.0.121-1jpp.1.el6_8
  • java-1.7.0-oracle-src-1:1.7.0.121-1jpp.1.el7
  • java-1.6.0-sun-1:1.6.0.131-1jpp.1.el5_11
  • java-1.6.0-sun-1:1.6.0.131-1jpp.1.el6_8
  • java-1.6.0-sun-1:1.6.0.131-1jpp.1.el7
  • java-1.6.0-sun-demo-1:1.6.0.131-1jpp.1.el5_11
  • java-1.6.0-sun-demo-1:1.6.0.131-1jpp.1.el6_8
  • java-1.6.0-sun-demo-1:1.6.0.131-1jpp.1.el7
  • java-1.6.0-sun-devel-1:1.6.0.131-1jpp.1.el5_11
  • java-1.6.0-sun-devel-1:1.6.0.131-1jpp.1.el6_8
  • java-1.6.0-sun-devel-1:1.6.0.131-1jpp.1.el7
  • java-1.6.0-sun-jdbc-1:1.6.0.131-1jpp.1.el5_11
  • java-1.6.0-sun-jdbc-1:1.6.0.131-1jpp.1.el6_8
  • java-1.6.0-sun-jdbc-1:1.6.0.131-1jpp.1.el7
  • java-1.6.0-sun-plugin-1:1.6.0.131-1jpp.1.el5_11
  • java-1.6.0-sun-plugin-1:1.6.0.131-1jpp.1.el6_8
  • java-1.6.0-sun-plugin-1:1.6.0.131-1jpp.1.el7
  • java-1.6.0-sun-src-1:1.6.0.131-1jpp.1.el5_11
  • java-1.6.0-sun-src-1:1.6.0.131-1jpp.1.el6_8
  • java-1.6.0-sun-src-1:1.6.0.131-1jpp.1.el7
  • java-1.8.0-ibm-1:1.8.0.3.20-1jpp.1.el6_8
  • java-1.8.0-ibm-1:1.8.0.3.20-1jpp.1.el7_2
  • java-1.8.0-ibm-demo-1:1.8.0.3.20-1jpp.1.el6_8
  • java-1.8.0-ibm-demo-1:1.8.0.3.20-1jpp.1.el7_2
  • java-1.8.0-ibm-devel-1:1.8.0.3.20-1jpp.1.el6_8
  • java-1.8.0-ibm-devel-1:1.8.0.3.20-1jpp.1.el7_2
  • java-1.8.0-ibm-jdbc-1:1.8.0.3.20-1jpp.1.el6_8
  • java-1.8.0-ibm-jdbc-1:1.8.0.3.20-1jpp.1.el7_2
  • java-1.8.0-ibm-plugin-1:1.8.0.3.20-1jpp.1.el6_8
  • java-1.8.0-ibm-plugin-1:1.8.0.3.20-1jpp.1.el7_2
  • java-1.8.0-ibm-src-1:1.8.0.3.20-1jpp.1.el6_8
  • java-1.8.0-ibm-src-1:1.8.0.3.20-1jpp.1.el7_2
  • java-1.7.1-ibm-1:1.7.1.3.60-1jpp.1.el6_8
  • java-1.7.1-ibm-1:1.7.1.3.60-1jpp.1.el7_2
  • java-1.7.1-ibm-demo-1:1.7.1.3.60-1jpp.1.el6_8
  • java-1.7.1-ibm-demo-1:1.7.1.3.60-1jpp.1.el7_2
  • java-1.7.1-ibm-devel-1:1.7.1.3.60-1jpp.1.el6_8
  • java-1.7.1-ibm-devel-1:1.7.1.3.60-1jpp.1.el7_2
  • java-1.7.1-ibm-jdbc-1:1.7.1.3.60-1jpp.1.el6_8
  • java-1.7.1-ibm-jdbc-1:1.7.1.3.60-1jpp.1.el7_2
  • java-1.7.1-ibm-plugin-1:1.7.1.3.60-1jpp.1.el6_8
  • java-1.7.1-ibm-plugin-1:1.7.1.3.60-1jpp.1.el7_2
  • java-1.7.1-ibm-src-1:1.7.1.3.60-1jpp.1.el6_8
  • java-1.7.1-ibm-src-1:1.7.1.3.60-1jpp.1.el7_2
  • java-1.7.0-ibm-1:1.7.0.9.60-1jpp.1.el5_11
  • java-1.7.0-ibm-demo-1:1.7.0.9.60-1jpp.1.el5_11
  • java-1.7.0-ibm-devel-1:1.7.0.9.60-1jpp.1.el5_11
  • java-1.7.0-ibm-jdbc-1:1.7.0.9.60-1jpp.1.el5_11
  • java-1.7.0-ibm-plugin-1:1.7.0.9.60-1jpp.1.el5_11
  • java-1.7.0-ibm-src-1:1.7.0.9.60-1jpp.1.el5_11
  • java-1.6.0-ibm-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-1:1.6.0.16.35-1jpp.1.el6_8
  • java-1.6.0-ibm-accessibility-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-demo-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-demo-1:1.6.0.16.35-1jpp.1.el6_8
  • java-1.6.0-ibm-devel-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-devel-1:1.6.0.16.35-1jpp.1.el6_8
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.35-1jpp.1.el6_8
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.35-1jpp.1.el6_8
  • java-1.6.0-ibm-plugin-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-plugin-1:1.6.0.16.35-1jpp.1.el6_8
  • java-1.6.0-ibm-src-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-src-1:1.6.0.16.35-1jpp.1.el6_8
  • java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8
  • java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8

References