Vulnerabilities > CVE-2016-5573 - Permissions, Privileges, and Access Controls vulnerability in Oracle JDK and JRE

047910
CVSS 8.3 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
oracle
CWE-264
nessus

Summary

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.

Vulnerable Configurations

Part Description Count
Application
Oracle
8

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3043-1.NASL
    descriptionThis update for java-1_7_1-ibm fixes the following issues : - Version update to 7.1-3.60 (bsc#1009280) Fixing the following CVE
    last seen2020-06-01
    modified2020-06-02
    plugin id95623
    published2016-12-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95623
    titleSUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2016:3043-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:3043-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(95623);
      script_version("3.6");
      script_cvs_date("Date: 2019/09/11 11:22:14");
    
      script_cve_id("CVE-2016-5542", "CVE-2016-5554", "CVE-2016-5556", "CVE-2016-5568", "CVE-2016-5573", "CVE-2016-5597");
    
      script_name(english:"SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2016:3043-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for java-1_7_1-ibm fixes the following issues :
    
      - Version update to 7.1-3.60 (bsc#1009280) Fixing the
        following CVE's: CVE-2016-5568, CVE-2016-5556,
        CVE-2016-5573, CVE-2016-5597, CVE-2016-5554,
        CVE-2016-5542
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1009280"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5542/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5554/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5556/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5568/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5573/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5597/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20163043-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5841a36a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
    patch SUSE-SLE-SDK-12-SP2-2016-1770=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
    patch SUSE-SLE-SDK-12-SP1-2016-1770=1
    
    SUSE Linux Enterprise Server for SAP 12:zypper in -t patch
    SUSE-SLE-SAP-12-2016-1770=1
    
    SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2016-1770=1
    
    SUSE Linux Enterprise Server 12-SP1:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2016-1770=1
    
    SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-2016-1770=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0|1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1/2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"java-1_7_1-ibm-alsa-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"java-1_7_1-ibm-plugin-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_1-ibm-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_1-ibm-jdbc-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_7_1-ibm-alsa-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_7_1-ibm-plugin-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_1-ibm-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_1-ibm-devel-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_1-ibm-jdbc-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-jdbc-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-alsa-1.7.1_sr3.60-31.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-plugin-1.7.1_sr3.60-31.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_1-ibm");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-795.NASL
    descriptionIt was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id97025
    published2017-02-07
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/97025
    titleAmazon Linux AMI : java-1.6.0-openjdk (ALAS-2017-795)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2017-795.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97025);
      script_version("3.2");
      script_cvs_date("Date: 2018/04/18 15:09:36");
    
      script_cve_id("CVE-2016-5542", "CVE-2016-5554", "CVE-2016-5573", "CVE-2016-5582", "CVE-2016-5597");
      script_xref(name:"ALAS", value:"2017-795");
    
      script_name(english:"Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2017-795)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the Hotspot component of OpenJDK did not
    properly check arguments of the System.arraycopy() function in certain
    cases. An untrusted Java application or applet could use this flaw to
    corrupt virtual machine's memory and completely bypass Java sandbox
    restrictions. (CVE-2016-5582)
    
    It was discovered that the Hotspot component of OpenJDK did not
    properly check received Java Debug Wire Protocol (JDWP) packets. An
    attacker could possibly use this flaw to send debugging commands to a
    Java program running with debugging enabled if they could make
    victim's browser send HTTP requests to the JDWP port of the debugged
    application. (CVE-2016-5573)
    
    It was discovered that the Libraries component of OpenJDK did not
    restrict the set of algorithms used for Jar integrity verification.
    This flaw could allow an attacker to modify content of the Jar file
    that used weak signing key or hash algorithm. (CVE-2016-5542)
    
    Note: After this update, MD2 hash algorithm and RSA keys with less
    than 1024 bits are no longer allowed to be used for Jar integrity
    verification by default. MD5 hash algorithm is expected to be disabled
    by default in the future updates. A newly introduced security property
    jdk.jar.disabledAlgorithms can be used to control the set of disabled
    algorithms.
    
    A flaw was found in the way the JMX component of OpenJDK handled
    classloaders. An untrusted Java application or applet could use this
    flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554)
    
    A flaw was found in the way the Networking component of OpenJDK
    handled HTTP proxy authentication. A Java application could possibly
    expose HTTPS server authentication credentials via a plain text
    network connection to an HTTP proxy if proxy asked for authentication.
    (CVE-2016-5597)
    
    Note: After this update, Basic HTTP proxy authentication can no longer
    be used when tunneling HTTPS connection through an HTTP proxy. Newly
    introduced system properties jdk.http.auth.proxying.disabledSchemes
    and jdk.http.auth.tunneling.disabledSchemes can be used to control
    which authentication schemes can be requested by an HTTP proxy when
    proxying HTTP and HTTPS connections respectively."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2017-795.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update java-1.6.0-openjdk' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-1.6.0.41-1.13.13.1.77.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.77.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.77.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.77.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.77.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.77.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3121-1.NASL
    descriptionIt was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5582) It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. (CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5554) It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could use this to send debugging commands to a Java application with debugging enabled. (CVE-2016-5573) It was discovered that OpenJDK did not properly handle HTTP proxy authentication. An attacker could use this to expose HTTPS server authentication credentials. (CVE-2016-5597). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id94510
    published2016-11-03
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94510
    titleUbuntu 16.04 LTS / 16.10 : openjdk-8 vulnerabilities (USN-3121-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3121-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94510);
      script_version("2.7");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2016-5542", "CVE-2016-5554", "CVE-2016-5573", "CVE-2016-5582", "CVE-2016-5597");
      script_xref(name:"USN", value:"3121-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 16.10 : openjdk-8 vulnerabilities (USN-3121-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the Hotspot component of OpenJDK did not
    properly check arguments of the System.arraycopy() function in certain
    cases. An attacker could use this to bypass Java sandbox restrictions.
    (CVE-2016-5582)
    
    It was discovered that OpenJDK did not restrict the set of algorithms
    used for Jar integrity verification. An attacker could use this to
    modify without detection the content of a JAR file, affecting system
    integrity. (CVE-2016-5542)
    
    It was discovered that the JMX component of OpenJDK did not
    sufficiently perform classloader consistency checks. An attacker could
    use this to bypass Java sandbox restrictions. (CVE-2016-5554)
    
    It was discovered that the Hotspot component of OpenJDK did not
    properly check received Java Debug Wire Protocol (JDWP) packets. An
    attacker could use this to send debugging commands to a Java
    application with debugging enabled. (CVE-2016-5573)
    
    It was discovered that OpenJDK did not properly handle HTTP proxy
    authentication. An attacker could use this to expose HTTPS server
    authentication credentials. (CVE-2016-5597).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3121-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/11/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 16.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jdk", pkgver:"8u111-b14-2ubuntu0.16.04.2")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jdk-headless", pkgver:"8u111-b14-2ubuntu0.16.04.2")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jre", pkgver:"8u111-b14-2ubuntu0.16.04.2")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jre-headless", pkgver:"8u111-b14-2ubuntu0.16.04.2")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jre-jamvm", pkgver:"8u111-b14-2ubuntu0.16.04.2")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jre-zero", pkgver:"8u111-b14-2ubuntu0.16.04.2")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"openjdk-8-jdk", pkgver:"8u111-b14-2ubuntu0.16.10.2")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"openjdk-8-jdk-headless", pkgver:"8u111-b14-2ubuntu0.16.10.2")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"openjdk-8-jre", pkgver:"8u111-b14-2ubuntu0.16.10.2")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"openjdk-8-jre-headless", pkgver:"8u111-b14-2ubuntu0.16.10.2")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"openjdk-8-jre-jamvm", pkgver:"8u111-b14-2ubuntu0.16.10.2")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"openjdk-8-jre-zero", pkgver:"8u111-b14-2ubuntu0.16.10.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjdk-8-jdk / openjdk-8-jdk-headless / openjdk-8-jre / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3010-1.NASL
    descriptionThis update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.35 (bsc#1009280) fixing the following CVE
    last seen2020-03-24
    modified2019-01-02
    plugin id119988
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119988
    titleSUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:3010-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:3010-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119988);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/23");
    
      script_cve_id("CVE-2016-5542", "CVE-2016-5554", "CVE-2016-5556", "CVE-2016-5568", "CVE-2016-5573", "CVE-2016-5597");
    
      script_name(english:"SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:3010-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for java-1_6_0-ibm fixes the following issues :
    
      - Version update to 6.0-16.35 (bsc#1009280) fixing the
        following CVE's: CVE-2016-5568, CVE-2016-5556,
        CVE-2016-5573, CVE-2016-5597, CVE-2016-5554,
        CVE-2016-5542
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1009280"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5542/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5554/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5556/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5568/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5573/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5597/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20163010-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8c45328c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Legacy Software 12:zypper in -t patch
    SUSE-SLE-Module-Legacy-12-2016-1752=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_6_0-ibm-plugin-1.6.0_sr16.35-43.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-1.6.0_sr16.35-43.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-fonts-1.6.0_sr16.35-43.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-jdbc-1.6.0_sr16.35-43.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_6_0-ibm");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-704.NASL
    descriptionSeveral vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in information disclosure, denial of service and arbitrary code execution. For Debian 7
    last seen2020-03-17
    modified2016-11-07
    plugin id94587
    published2016-11-07
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94587
    titleDebian DLA-704-1 : openjdk-7 security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-704-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94587);
      script_version("2.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2016-5542", "CVE-2016-5554", "CVE-2016-5573", "CVE-2016-5582", "CVE-2016-5597");
    
      script_name(english:"Debian DLA-704-1 : openjdk-7 security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in OpenJDK, an
    implementation of the Oracle Java platform, resulting in information
    disclosure, denial of service and arbitrary code execution.
    
    For Debian 7 'Wheezy', these problems have been fixed in version
    7u111-2.6.7-2~deb7u1.
    
    We recommend that you upgrade your openjdk-7 packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2016/11/msg00012.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/openjdk-7"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedtea-7-jre-cacao");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedtea-7-jre-jamvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-jdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-jre");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-jre-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-jre-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-jre-zero");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-source");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/11/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"icedtea-7-jre-cacao", reference:"7u111-2.6.7-2~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"icedtea-7-jre-jamvm", reference:"7u111-2.6.7-2~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"openjdk-7-dbg", reference:"7u111-2.6.7-2~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"openjdk-7-demo", reference:"7u111-2.6.7-2~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"openjdk-7-doc", reference:"7u111-2.6.7-2~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"openjdk-7-jdk", reference:"7u111-2.6.7-2~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"openjdk-7-jre", reference:"7u111-2.6.7-2~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"openjdk-7-jre-headless", reference:"7u111-2.6.7-2~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"openjdk-7-jre-lib", reference:"7u111-2.6.7-2~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"openjdk-7-jre-zero", reference:"7u111-2.6.7-2~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"openjdk-7-source", reference:"7u111-2.6.7-2~deb7u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1080.NASL
    descriptionAccording to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm.(CVE-2016-5542) - A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.(CVE-2016-5554) - It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim
    last seen2020-05-06
    modified2017-05-01
    plugin id99840
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99840
    titleEulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2016-1080)
  • NASL familyAIX Local Security Checks
    NASL idAIX_JAVA_OCT2016_ADVISORY.NASL
    descriptionThe version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents : - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5542) - An unspecified flaw exists in the JMX subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5554) - An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5556) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5568) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id97051
    published2017-02-07
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/97051
    titleAIX Java Advisory : java_oct2016_advisory.asc (October 2016 CPU)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0015.NASL
    descriptionAn update of [openjdk,openjre,postgresql] packages for PhotonOS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111849
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111849
    titlePhoton OS 1.0: Openjdk / Openjre / Postgresql PHSA-2016-0015 (deprecated)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170113_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL
    descriptionSecurity Fix(es) : - It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-03-18
    modified2017-01-16
    plugin id96526
    published2017-01-16
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96526
    titleScientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20170113)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2658.NASL
    descriptionFrom Red Hat Security Advisory 2016:2658 : An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id94621
    published2016-11-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94621
    titleOracle Linux 5 / 6 / 7 : java-1.7.0-openjdk (ELSA-2016-2658)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1357.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : - Update to 2.6.8 - OpenJDK 7u121 - Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (boo#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (boo#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (boo#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (boo#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (boo#1005527) + S8160838, CVE-2016-5597: Better HTTP service (boo#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (boo#1005524) - Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.jav a + S6882559: new JEditorPane(
    last seen2020-06-05
    modified2016-11-25
    plugin id95311
    published2016-11-25
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95311
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-1357)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0061.NASL
    descriptionAn update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id96480
    published2017-01-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96480
    titleRHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2017:0061)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0061.NASL
    descriptionAn update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id101406
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101406
    titleVirtuozzo 7 : java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc (VZLSA-2017-0061)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-771.NASL
    descriptionIt was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm. (CVE-2016-5542) A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim
    last seen2020-06-01
    modified2020-06-02
    plugin id94977
    published2016-11-21
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94977
    titleAmazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-771)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2658.NASL
    descriptionAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id94623
    published2016-11-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94623
    titleRHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2016:2658)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2090.NASL
    descriptionAn update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 131. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94190
    published2016-10-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94190
    titleRHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2016:2090)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3041-1.NASL
    descriptionThis update for java-1_7_1-ibm fixes the following issues : - Version update to 7.1-3.60 (bsc#1009280) fixing the following CVE
    last seen2020-06-01
    modified2020-06-02
    plugin id95608
    published2016-12-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95608
    titleSUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2016:3041-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3068-1.NASL
    descriptionThis update for java-1_7_0-ibm fixes the following issues : - Version update to 7.0-9.60 (bsc#1009280, bsc#992537) fixing the following CVE
    last seen2020-06-01
    modified2020-06-02
    plugin id95710
    published2016-12-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95710
    titleSUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:3068-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3707.NASL
    descriptionSeveral vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox or denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id94613
    published2016-11-08
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94613
    titleDebian DSA-3707-1 : openjdk-7 - security update
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-43.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-43 (IcedTea: Multiple vulnerabilities) Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP, exist which allows remote attackers to affect the confidentiality, integrity, and availability of vulnerable systems. Many of the vulnerabilities can only be exploited through sandboxed Java Web Start applications and java applets. Please review the CVE identifiers referenced below for details. Impact : Remote attackers may execute arbitrary code, compromise information, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96640
    published2017-01-20
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96640
    titleGLSA-201701-43 : IcedTea: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3078-1.NASL
    descriptionThis update for java-1_8_0-ibm fixes the following issues : - CVE-2016-5568: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT - CVE-2016-5556: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D - CVE-2016-5573: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot - CVE-2016-5597: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to Networking - CVE-2016-5554: Unspecified vulnerability allowed remote attackers to affect integrity via vectors related to JMX - CVE-2016-5542: Unspecified vulnerability allowed remote attackers to affect integrity via vectors related to Libraries Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id95711
    published2016-12-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95711
    titleSUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:3078-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3040-1.NASL
    descriptionThis update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.35 (bsc#1009280) fixing the following CVE
    last seen2020-06-01
    modified2020-06-02
    plugin id95607
    published2016-12-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95607
    titleSUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:3040-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-759.NASL
    descriptionIt was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id94341
    published2016-10-28
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94341
    titleAmazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-759)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2136.NASL
    descriptionAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP20. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94499
    published2016-11-03
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94499
    titleRHEL 6 / 7 : java-1.8.0-ibm (RHSA-2016:2136)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2138.NASL
    descriptionAn update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR9-FP60. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94501
    published2016-11-03
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94501
    titleRHEL 5 : java-1.7.0-ibm (RHSA-2016:2138)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1389.NASL
    description - Update to 2.6.8 - OpenJDK 7u121 - Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (boo#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (boo#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (boo#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (boo#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (boo#1005527) + S8160838, CVE-2016-5597: Better HTTP service (boo#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (boo#1005524) - Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.jav a + S6882559: new JEditorPane(
    last seen2020-06-05
    modified2016-12-06
    plugin id95549
    published2016-12-06
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95549
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-1389)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2079.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id94140
    published2016-10-20
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94140
    titleCentOS 6 / 7 : java-1.8.0-openjdk (CESA-2016:2079)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2137.NASL
    descriptionAn update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP60. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94500
    published2016-11-03
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94500
    titleRHEL 6 / 7 : java-1.7.1-ibm (RHSA-2016:2137)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20161019_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-03-18
    modified2016-10-20
    plugin id94151
    published2016-10-20
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94151
    titleScientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20161019)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1216.NASL
    descriptionAn update for java-1.7.1-ibm is now available for Red Hat Satellite 5.7 and Red Hat Satellite 5.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2017-3272, CVE-2017-3289, CVE-2017-3253, CVE-2017-3261, CVE-2017-3231, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2017-3241, CVE-2017-3259, CVE-2016-5573, CVE-2016-5554, CVE-2016-5542, CVE-2016-5597, CVE-2016-5556, CVE-2016-3598, CVE-2016-3511, CVE-2016-0363, CVE-2016-0686, CVE-2016-0687, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3422, CVE-2016-0376, CVE-2016-0264)
    last seen2020-06-01
    modified2020-06-02
    plugin id100094
    published2017-05-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100094
    titleRHEL 6 : java-1.7.1-ibm (RHSA-2017:1216)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1380.NASL
    descriptionOpenJDK Java was updated to jdk8u111 (icedtea 3.2.0) to fix the following issues : - Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8156794: Extend data sharing + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) - New features + PR1370: Provide option to build without debugging + PR1375: Provide option to strip and link debugging info after build + PR1537: Handle alternative Kerberos credential cache locations + PR1978: Allow use of system PCSC + PR2445: Support system libsctp + PR3182: Support building without pre-compiled headers + PR3183: Support Fedora/RHEL system crypto policy + PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries - Import of OpenJDK 8 u102 build 14 + S4515292: ReferenceType.isStatic() returns true for arrays + S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S6976636: JVM/TI test ex03t001 fails assertion + S7185591: jcmd-big-script.sh ERROR: could not find app
    last seen2020-06-05
    modified2016-12-05
    plugin id95532
    published2016-12-05
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/95532
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-1380)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1444.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : - Update to 2.6.8 - OpenJDK 7u121 - Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) - Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.jav a + S6882559: new JEditorPane(
    last seen2020-06-05
    modified2016-12-13
    plugin id95750
    published2016-12-13
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95750
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-1444)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2088.NASL
    descriptionAn update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 111. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94188
    published2016-10-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94188
    titleRHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:2088)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3130-1.NASL
    descriptionIt was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. (CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5554) It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could use this to send debugging commands to a Java application with debugging enabled. (CVE-2016-5573) It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5582) It was discovered that OpenJDK did not properly handle HTTP proxy authentication. An attacker could use this to expose HTTPS server authentication credentials. (CVE-2016-5597). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id94954
    published2016-11-18
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94954
    titleUbuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-3130-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0061.NASL
    descriptionAn update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id96457
    published2017-01-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96457
    titleCentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2017:0061)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2079.NASL
    descriptionFrom Red Hat Security Advisory 2016:2079 : An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id94149
    published2016-10-20
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94149
    titleOracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2016-2079)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1335.NASL
    descriptionOpenJDK java-1_8_0-openjdk was updated to jdk8u111 (icedtea 3.2.0) to fix the following issues : - Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (boo#1005522) + S8156794: Extend data sharing + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (boo#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (boo#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (boo#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (boo#1005527) + S8160838, CVE-2016-5597: Better HTTP service (boo#1005528) + PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (boo#1005524) - New features + PR1370: Provide option to build without debugging + PR1375: Provide option to strip and link debugging info after build + PR1537: Handle alternative Kerberos credential cache locations + PR1978: Allow use of system PCSC + PR2445: Support system libsctp + PR3182: Support building without pre-compiled headers + PR3183: Support Fedora/RHEL system crypto policy + PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries - Import of OpenJDK 8 u102 build 14 + S4515292: ReferenceType.isStatic() returns true for arrays + S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S6976636: JVM/TI test ex03t001 fails assertion + S7185591: jcmd-big-script.sh ERROR: could not find app
    last seen2020-06-05
    modified2016-11-21
    plugin id95023
    published2016-11-21
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/95023
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-1335)
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_OCT_2016.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 111, 7 Update 121, or 6 Update 131. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5542) - An unspecified flaw exists in the JMX subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5554) - An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5556) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5568) - Multiple unspecified flaws exist in the Hotspot subcomponent that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5573, CVE-2016-5582) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94138
    published2016-10-19
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94138
    titleOracle Java SE Multiple Vulnerabilities (October 2016 CPU)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2658.NASL
    descriptionAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id94740
    published2016-11-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94740
    titleCentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2016:2658)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0015_OPENJDK.NASL
    descriptionAn update of the openjdk package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121660
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121660
    titlePhoton OS 1.0: Openjdk PHSA-2016-0015
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20161107_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL
    descriptionSecurity Fix(es) : - It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-03-18
    modified2016-11-08
    plugin id94627
    published2016-11-08
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94627
    titleScientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x i386/x86_64 (20161107)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2079.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id94150
    published2016-10-20
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94150
    titleRHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:2079)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2659.NASL
    descriptionAn update for java-1.6.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP35. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94624
    published2016-11-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94624
    titleRHEL 5 / 6 : java-1.6.0-ibm (RHSA-2016:2659)
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_OCT_2016_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 111, 7 Update 121, or 6 Update 131. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5542) - An unspecified flaw exists in the JMX subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5554) - An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5556) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5568) - Multiple unspecified flaws exist in the Hotspot subcomponent that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5573, CVE-2016-5582) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94139
    published2016-10-19
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94139
    titleOracle Java SE Multiple Vulnerabilities (October 2016 CPU) (Unix)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2089.NASL
    descriptionAn update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 121. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597)
    last seen2020-06-01
    modified2020-06-02
    plugin id94189
    published2016-10-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94189
    titleRHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2016:2089)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0061.NASL
    descriptionFrom Red Hat Security Advisory 2017:0061 : An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id96476
    published2017-01-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96476
    titleOracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2017-0061)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0111_JAVA-1.8.0-OPENJDK.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has java-1.8.0-openjdk packages installed that are affected by multiple vulnerabilities: - It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory. (CVE-2017-3526) - An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. (CVE-2017-3511) - It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re- use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with credentials of a different user. (CVE-2017-3509) - A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application. (CVE-2017-3544) - It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2017-3539) - A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application. (CVE-2017-3533) - It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) - It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) - A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) - It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts). (CVE-2017-3231, CVE-2017-3261) - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) - It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) - It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). (CVE-2017-3272) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). (CVE-2017-3289) - It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm. (CVE-2016-5542) - A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) - It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim
    last seen2020-06-01
    modified2020-06-02
    plugin id127348
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127348
    titleNewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0111)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201611-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201611-04 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities exist in both Oracle&rsquo;s JRE and JDK. Please review the referenced CVE&rsquo;s for additional information. Impact : Remote attackers could gain access to information, remotely execute arbitrary code, or cause Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id94595
    published2016-11-07
    reporterThis script is Copyright (C) 2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94595
    titleGLSA-201611-04 : Oracle JRE/JDK: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2953-1.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : - Update to 2.6.8 - OpenJDK 7u121 - Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) - Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.jav a + S6882559: new JEditorPane(
    last seen2020-06-01
    modified2020-06-02
    plugin id95423
    published2016-12-01
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95423
    titleSUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:2953-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2887-1.NASL
    descriptionOpenJDK Java was updated to jdk8u111 (icedtea 3.2.0) to fix the following issues : - Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8156794: Extend data sharing + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) - New features + PR1370: Provide option to build without debugging + PR1375: Provide option to strip and link debugging info after build + PR1537: Handle alternative Kerberos credential cache locations + PR1978: Allow use of system PCSC + PR2445: Support system libsctp + PR3182: Support building without pre-compiled headers + PR3183: Support Fedora/RHEL system crypto policy + PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries - Import of OpenJDK 8 u102 build 14 + S4515292: ReferenceType.isStatic() returns true for arrays + S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S6976636: JVM/TI test ex03t001 fails assertion + S7185591: jcmd-big-script.sh ERROR: could not find app
    last seen2020-06-01
    modified2020-06-02
    plugin id95294
    published2016-11-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95294
    titleSUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:2887-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3154-1.NASL
    descriptionIt was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. (CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5554) It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could use this to send debugging commands to a Java application with debugging enabled. (CVE-2016-5573) It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5582) It was discovered that OpenJDK did not properly handle HTTP proxy authentication. An attacker could use this to expose HTTPS server authentication credentials. (CVE-2016-5597). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id95629
    published2016-12-08
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95629
    titleUbuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-3154-1)

Redhat

advisories
  • rhsa
    idRHSA-2016:2079
  • rhsa
    idRHSA-2016:2088
  • rhsa
    idRHSA-2016:2089
  • rhsa
    idRHSA-2016:2090
  • rhsa
    idRHSA-2016:2136
  • rhsa
    idRHSA-2016:2137
  • rhsa
    idRHSA-2016:2138
  • rhsa
    idRHSA-2016:2658
  • rhsa
    idRHSA-2016:2659
  • rhsa
    idRHSA-2017:0061
  • rhsa
    idRHSA-2017:1216
rpms
  • java-1.8.0-openjdk-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-accessibility-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-accessibility-debug-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-debug-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-debug-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-demo-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-demo-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-devel-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-devel-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-headless-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-headless-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-javadoc-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-javadoc-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-src-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-src-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-src-debug-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-src-debug-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-oracle-1:1.8.0.111-1jpp.4.el6_8
  • java-1.8.0-oracle-1:1.8.0.111-1jpp.4.el7
  • java-1.8.0-oracle-devel-1:1.8.0.111-1jpp.4.el6_8
  • java-1.8.0-oracle-devel-1:1.8.0.111-1jpp.4.el7
  • java-1.8.0-oracle-javafx-1:1.8.0.111-1jpp.4.el6_8
  • java-1.8.0-oracle-javafx-1:1.8.0.111-1jpp.4.el7
  • java-1.8.0-oracle-jdbc-1:1.8.0.111-1jpp.4.el6_8
  • java-1.8.0-oracle-jdbc-1:1.8.0.111-1jpp.4.el7
  • java-1.8.0-oracle-plugin-1:1.8.0.111-1jpp.4.el6_8
  • java-1.8.0-oracle-plugin-1:1.8.0.111-1jpp.4.el7
  • java-1.8.0-oracle-src-1:1.8.0.111-1jpp.4.el6_8
  • java-1.8.0-oracle-src-1:1.8.0.111-1jpp.4.el7
  • java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el5_11
  • java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el6_8
  • java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el7
  • java-1.7.0-oracle-devel-1:1.7.0.121-1jpp.1.el5_11
  • java-1.7.0-oracle-devel-1:1.7.0.121-1jpp.1.el6_8
  • java-1.7.0-oracle-devel-1:1.7.0.121-1jpp.1.el7
  • java-1.7.0-oracle-javafx-1:1.7.0.121-1jpp.1.el5_11
  • java-1.7.0-oracle-javafx-1:1.7.0.121-1jpp.1.el6_8
  • java-1.7.0-oracle-javafx-1:1.7.0.121-1jpp.1.el7
  • java-1.7.0-oracle-jdbc-1:1.7.0.121-1jpp.1.el5_11
  • java-1.7.0-oracle-jdbc-1:1.7.0.121-1jpp.1.el6_8
  • java-1.7.0-oracle-jdbc-1:1.7.0.121-1jpp.1.el7
  • java-1.7.0-oracle-plugin-1:1.7.0.121-1jpp.1.el5_11
  • java-1.7.0-oracle-plugin-1:1.7.0.121-1jpp.1.el6_8
  • java-1.7.0-oracle-plugin-1:1.7.0.121-1jpp.1.el7
  • java-1.7.0-oracle-src-1:1.7.0.121-1jpp.1.el5_11
  • java-1.7.0-oracle-src-1:1.7.0.121-1jpp.1.el6_8
  • java-1.7.0-oracle-src-1:1.7.0.121-1jpp.1.el7
  • java-1.6.0-sun-1:1.6.0.131-1jpp.1.el5_11
  • java-1.6.0-sun-1:1.6.0.131-1jpp.1.el6_8
  • java-1.6.0-sun-1:1.6.0.131-1jpp.1.el7
  • java-1.6.0-sun-demo-1:1.6.0.131-1jpp.1.el5_11
  • java-1.6.0-sun-demo-1:1.6.0.131-1jpp.1.el6_8
  • java-1.6.0-sun-demo-1:1.6.0.131-1jpp.1.el7
  • java-1.6.0-sun-devel-1:1.6.0.131-1jpp.1.el5_11
  • java-1.6.0-sun-devel-1:1.6.0.131-1jpp.1.el6_8
  • java-1.6.0-sun-devel-1:1.6.0.131-1jpp.1.el7
  • java-1.6.0-sun-jdbc-1:1.6.0.131-1jpp.1.el5_11
  • java-1.6.0-sun-jdbc-1:1.6.0.131-1jpp.1.el6_8
  • java-1.6.0-sun-jdbc-1:1.6.0.131-1jpp.1.el7
  • java-1.6.0-sun-plugin-1:1.6.0.131-1jpp.1.el5_11
  • java-1.6.0-sun-plugin-1:1.6.0.131-1jpp.1.el6_8
  • java-1.6.0-sun-plugin-1:1.6.0.131-1jpp.1.el7
  • java-1.6.0-sun-src-1:1.6.0.131-1jpp.1.el5_11
  • java-1.6.0-sun-src-1:1.6.0.131-1jpp.1.el6_8
  • java-1.6.0-sun-src-1:1.6.0.131-1jpp.1.el7
  • java-1.8.0-ibm-1:1.8.0.3.20-1jpp.1.el6_8
  • java-1.8.0-ibm-1:1.8.0.3.20-1jpp.1.el7_2
  • java-1.8.0-ibm-demo-1:1.8.0.3.20-1jpp.1.el6_8
  • java-1.8.0-ibm-demo-1:1.8.0.3.20-1jpp.1.el7_2
  • java-1.8.0-ibm-devel-1:1.8.0.3.20-1jpp.1.el6_8
  • java-1.8.0-ibm-devel-1:1.8.0.3.20-1jpp.1.el7_2
  • java-1.8.0-ibm-jdbc-1:1.8.0.3.20-1jpp.1.el6_8
  • java-1.8.0-ibm-jdbc-1:1.8.0.3.20-1jpp.1.el7_2
  • java-1.8.0-ibm-plugin-1:1.8.0.3.20-1jpp.1.el6_8
  • java-1.8.0-ibm-plugin-1:1.8.0.3.20-1jpp.1.el7_2
  • java-1.8.0-ibm-src-1:1.8.0.3.20-1jpp.1.el6_8
  • java-1.8.0-ibm-src-1:1.8.0.3.20-1jpp.1.el7_2
  • java-1.7.1-ibm-1:1.7.1.3.60-1jpp.1.el6_8
  • java-1.7.1-ibm-1:1.7.1.3.60-1jpp.1.el7_2
  • java-1.7.1-ibm-demo-1:1.7.1.3.60-1jpp.1.el6_8
  • java-1.7.1-ibm-demo-1:1.7.1.3.60-1jpp.1.el7_2
  • java-1.7.1-ibm-devel-1:1.7.1.3.60-1jpp.1.el6_8
  • java-1.7.1-ibm-devel-1:1.7.1.3.60-1jpp.1.el7_2
  • java-1.7.1-ibm-jdbc-1:1.7.1.3.60-1jpp.1.el6_8
  • java-1.7.1-ibm-jdbc-1:1.7.1.3.60-1jpp.1.el7_2
  • java-1.7.1-ibm-plugin-1:1.7.1.3.60-1jpp.1.el6_8
  • java-1.7.1-ibm-plugin-1:1.7.1.3.60-1jpp.1.el7_2
  • java-1.7.1-ibm-src-1:1.7.1.3.60-1jpp.1.el6_8
  • java-1.7.1-ibm-src-1:1.7.1.3.60-1jpp.1.el7_2
  • java-1.7.0-ibm-1:1.7.0.9.60-1jpp.1.el5_11
  • java-1.7.0-ibm-demo-1:1.7.0.9.60-1jpp.1.el5_11
  • java-1.7.0-ibm-devel-1:1.7.0.9.60-1jpp.1.el5_11
  • java-1.7.0-ibm-jdbc-1:1.7.0.9.60-1jpp.1.el5_11
  • java-1.7.0-ibm-plugin-1:1.7.0.9.60-1jpp.1.el5_11
  • java-1.7.0-ibm-src-1:1.7.0.9.60-1jpp.1.el5_11
  • java-1.7.0-openjdk-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-1:1.7.0.121-2.6.8.1.el5_11
  • java-1.7.0-openjdk-1:1.7.0.121-2.6.8.1.el6_8
  • java-1.7.0-openjdk-accessibility-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.121-2.6.8.1.el5_11
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.121-2.6.8.1.el6_8
  • java-1.7.0-openjdk-demo-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-demo-1:1.7.0.121-2.6.8.1.el5_11
  • java-1.7.0-openjdk-demo-1:1.7.0.121-2.6.8.1.el6_8
  • java-1.7.0-openjdk-devel-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-devel-1:1.7.0.121-2.6.8.1.el5_11
  • java-1.7.0-openjdk-devel-1:1.7.0.121-2.6.8.1.el6_8
  • java-1.7.0-openjdk-headless-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-javadoc-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-javadoc-1:1.7.0.121-2.6.8.1.el5_11
  • java-1.7.0-openjdk-javadoc-1:1.7.0.121-2.6.8.1.el6_8
  • java-1.7.0-openjdk-src-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-src-1:1.7.0.121-2.6.8.1.el5_11
  • java-1.7.0-openjdk-src-1:1.7.0.121-2.6.8.1.el6_8
  • java-1.6.0-ibm-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-1:1.6.0.16.35-1jpp.1.el6_8
  • java-1.6.0-ibm-accessibility-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-demo-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-demo-1:1.6.0.16.35-1jpp.1.el6_8
  • java-1.6.0-ibm-devel-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-devel-1:1.6.0.16.35-1jpp.1.el6_8
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.35-1jpp.1.el6_8
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.35-1jpp.1.el6_8
  • java-1.6.0-ibm-plugin-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-plugin-1:1.6.0.16.35-1jpp.1.el6_8
  • java-1.6.0-ibm-src-1:1.6.0.16.35-1jpp.1.el5_11
  • java-1.6.0-ibm-src-1:1.6.0.16.35-1jpp.1.el6_8
  • java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el5_11
  • java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el6_8
  • java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el7_3
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.41-1.13.13.1.el5_11
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.41-1.13.13.1.el6_8
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.41-1.13.13.1.el7_3
  • java-1.6.0-openjdk-demo-1:1.6.0.41-1.13.13.1.el5_11
  • java-1.6.0-openjdk-demo-1:1.6.0.41-1.13.13.1.el6_8
  • java-1.6.0-openjdk-demo-1:1.6.0.41-1.13.13.1.el7_3
  • java-1.6.0-openjdk-devel-1:1.6.0.41-1.13.13.1.el5_11
  • java-1.6.0-openjdk-devel-1:1.6.0.41-1.13.13.1.el6_8
  • java-1.6.0-openjdk-devel-1:1.6.0.41-1.13.13.1.el7_3
  • java-1.6.0-openjdk-javadoc-1:1.6.0.41-1.13.13.1.el5_11
  • java-1.6.0-openjdk-javadoc-1:1.6.0.41-1.13.13.1.el6_8
  • java-1.6.0-openjdk-javadoc-1:1.6.0.41-1.13.13.1.el7_3
  • java-1.6.0-openjdk-src-1:1.6.0.41-1.13.13.1.el5_11
  • java-1.6.0-openjdk-src-1:1.6.0.41-1.13.13.1.el6_8
  • java-1.6.0-openjdk-src-1:1.6.0.41-1.13.13.1.el7_3
  • java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8
  • java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8

References