Vulnerabilities > CVE-2016-5597 - Information Exposure vulnerability in Oracle JDK and JRE

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

oracle

CWE-200

nessus

NVD

Published: 2016-10-25

Updated: 2022-05-13

Summary

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle JDK 1.8.0 Oracle JDK 1.7.0 Oracle JDK 1.6.0 Oracle JRE 1.6.0 Oracle JRE 1.7.0 Oracle JRE 1.8.0	8

Common Weakness Enumeration (CWE)

CWE-200 - Information Exposure

Common Attack Pattern Enumeration and Classification (CAPEC)

Subverting Environment Variable Values
The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
Footprinting
An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
Exploiting Trust in Client (aka Make the Client Invisible)
An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
Browser Fingerprinting
An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-3043-1.NASL
description	This update for java-1_7_1-ibm fixes the following issues : - Version update to 7.1-3.60 (bsc#1009280) Fixing the following CVE
last seen	2020-06-01
modified	2020-06-02
plugin id	95623
published	2016-12-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95623
title	SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2016:3043-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:3043-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(95623); script_version("3.6"); script_cvs_date("Date: 2019/09/11 11:22:14"); script_cve_id("CVE-2016-5542", "CVE-2016-5554", "CVE-2016-5556", "CVE-2016-5568", "CVE-2016-5573", "CVE-2016-5597"); script_name(english:"SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2016:3043-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for java-1_7_1-ibm fixes the following issues : - Version update to 7.1-3.60 (bsc#1009280) Fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1009280" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5542/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5554/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5556/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5568/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5573/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5597/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20163043-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5841a36a" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1770=1 SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1770=1 SUSE Linux Enterprise Server for SAP 12:zypper in -t patch SUSE-SLE-SAP-12-2016-1770=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1770=1 SUSE Linux Enterprise Server 12-SP1:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1770=1 SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-2016-1770=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0\|1\|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1/2", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"java-1_7_1-ibm-alsa-1.7.1_sr3.60-31.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"java-1_7_1-ibm-plugin-1.7.1_sr3.60-31.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_1-ibm-1.7.1_sr3.60-31.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_1-ibm-jdbc-1.7.1_sr3.60-31.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_7_1-ibm-alsa-1.7.1_sr3.60-31.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_7_1-ibm-plugin-1.7.1_sr3.60-31.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_1-ibm-1.7.1_sr3.60-31.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_1-ibm-devel-1.7.1_sr3.60-31.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_1-ibm-jdbc-1.7.1_sr3.60-31.2")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-1.7.1_sr3.60-31.2")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-jdbc-1.7.1_sr3.60-31.2")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-alsa-1.7.1_sr3.60-31.2")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-plugin-1.7.1_sr3.60-31.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_1-ibm"); }

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2017-795.NASL
description	It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	97025
published	2017-02-07
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/97025
title	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2017-795)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2017-795. # include("compat.inc"); if (description) { script_id(97025); script_version("3.2"); script_cvs_date("Date: 2018/04/18 15:09:36"); script_cve_id("CVE-2016-5542", "CVE-2016-5554", "CVE-2016-5573", "CVE-2016-5582", "CVE-2016-5597"); script_xref(name:"ALAS", value:"2017-795"); script_name(english:"Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2017-795)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. (CVE-2016-5582) It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application. (CVE-2016-5573) It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2016-5542) Note: After this update, MD2 hash algorithm and RSA keys with less than 1024 bits are no longer allowed to be used for Jar integrity verification by default. MD5 hash algorithm is expected to be disabled by default in the future updates. A newly introduced security property jdk.jar.disabledAlgorithms can be used to control the set of disabled algorithms. A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) Note: After this update, Basic HTTP proxy authentication can no longer be used when tunneling HTTPS connection through an HTTP proxy. Newly introduced system properties jdk.http.auth.proxying.disabledSchemes and jdk.http.auth.tunneling.disabledSchemes can be used to control which authentication schemes can be requested by an HTTP proxy when proxying HTTP and HTTPS connections respectively." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2017-795.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update java-1.6.0-openjdk' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2017/02/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-1.6.0.41-1.13.13.1.77.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.77.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.77.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.77.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.77.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.77.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3121-1.NASL
description	It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5582) It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. (CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5554) It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could use this to send debugging commands to a Java application with debugging enabled. (CVE-2016-5573) It was discovered that OpenJDK did not properly handle HTTP proxy authentication. An attacker could use this to expose HTTPS server authentication credentials. (CVE-2016-5597). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	94510
published	2016-11-03
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94510
title	Ubuntu 16.04 LTS / 16.10 : openjdk-8 vulnerabilities (USN-3121-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3121-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(94510); script_version("2.7"); script_cvs_date("Date: 2019/09/18 12:31:46"); script_cve_id("CVE-2016-5542", "CVE-2016-5554", "CVE-2016-5573", "CVE-2016-5582", "CVE-2016-5597"); script_xref(name:"USN", value:"3121-1"); script_name(english:"Ubuntu 16.04 LTS / 16.10 : openjdk-8 vulnerabilities (USN-3121-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5582) It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. (CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5554) It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could use this to send debugging commands to a Java application with debugging enabled. (CVE-2016-5573) It was discovered that OpenJDK did not properly handle HTTP proxy authentication. An attacker could use this to expose HTTPS server authentication credentials. (CVE-2016-5597). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3121-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04\|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 16.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jdk", pkgver:"8u111-b14-2ubuntu0.16.04.2")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jdk-headless", pkgver:"8u111-b14-2ubuntu0.16.04.2")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jre", pkgver:"8u111-b14-2ubuntu0.16.04.2")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jre-headless", pkgver:"8u111-b14-2ubuntu0.16.04.2")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jre-jamvm", pkgver:"8u111-b14-2ubuntu0.16.04.2")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jre-zero", pkgver:"8u111-b14-2ubuntu0.16.04.2")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"openjdk-8-jdk", pkgver:"8u111-b14-2ubuntu0.16.10.2")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"openjdk-8-jdk-headless", pkgver:"8u111-b14-2ubuntu0.16.10.2")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"openjdk-8-jre", pkgver:"8u111-b14-2ubuntu0.16.10.2")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"openjdk-8-jre-headless", pkgver:"8u111-b14-2ubuntu0.16.10.2")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"openjdk-8-jre-jamvm", pkgver:"8u111-b14-2ubuntu0.16.10.2")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"openjdk-8-jre-zero", pkgver:"8u111-b14-2ubuntu0.16.10.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjdk-8-jdk / openjdk-8-jdk-headless / openjdk-8-jre / etc"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-3010-1.NASL
description	This update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.35 (bsc#1009280) fixing the following CVE
last seen	2020-03-24
modified	2019-01-02
plugin id	119988
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119988
title	SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:3010-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:3010-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(119988); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/23"); script_cve_id("CVE-2016-5542", "CVE-2016-5554", "CVE-2016-5556", "CVE-2016-5568", "CVE-2016-5573", "CVE-2016-5597"); script_name(english:"SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:3010-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.35 (bsc#1009280) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1009280" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5542/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5554/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5556/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5568/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5573/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5597/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20163010-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8c45328c" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Legacy Software 12:zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-1752=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_6_0-ibm-plugin-1.6.0_sr16.35-43.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-1.6.0_sr16.35-43.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-fonts-1.6.0_sr16.35-43.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-jdbc-1.6.0_sr16.35-43.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_6_0-ibm"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-704.NASL
description	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in information disclosure, denial of service and arbitrary code execution. For Debian 7
last seen	2020-03-17
modified	2016-11-07
plugin id	94587
published	2016-11-07
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94587
title	Debian DLA-704-1 : openjdk-7 security update
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-704-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(94587); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2016-5542", "CVE-2016-5554", "CVE-2016-5573", "CVE-2016-5582", "CVE-2016-5597"); script_name(english:"Debian DLA-704-1 : openjdk-7 security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in information disclosure, denial of service and arbitrary code execution. For Debian 7 'Wheezy', these problems have been fixed in version 7u111-2.6.7-2~deb7u1. We recommend that you upgrade your openjdk-7 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2016/11/msg00012.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/openjdk-7" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedtea-7-jre-cacao"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedtea-7-jre-jamvm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-jdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-jre"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-jre-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-jre-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-jre-zero"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7-source"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"icedtea-7-jre-cacao", reference:"7u111-2.6.7-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"icedtea-7-jre-jamvm", reference:"7u111-2.6.7-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-dbg", reference:"7u111-2.6.7-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-demo", reference:"7u111-2.6.7-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-doc", reference:"7u111-2.6.7-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-jdk", reference:"7u111-2.6.7-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-jre", reference:"7u111-2.6.7-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-jre-headless", reference:"7u111-2.6.7-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-jre-lib", reference:"7u111-2.6.7-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-jre-zero", reference:"7u111-2.6.7-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-source", reference:"7u111-2.6.7-2~deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2016-1080.NASL
description	According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm.(CVE-2016-5542) - A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.(CVE-2016-5554) - It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim
last seen	2020-05-06
modified	2017-05-01
plugin id	99840
published	2017-05-01
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99840
title	EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2016-1080)

NASL family	AIX Local Security Checks
NASL id	AIX_JAVA_OCT2016_ADVISORY.NASL
description	The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents : - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5542) - An unspecified flaw exists in the JMX subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5554) - An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5556) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5568) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5597)
last seen	2020-06-01
modified	2020-06-02
plugin id	97051
published	2017-02-07
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/97051
title	AIX Java Advisory : java_oct2016_advisory.asc (October 2016 CPU)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20170113_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL
description	Security Fix(es) : - It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
last seen	2020-03-18
modified	2017-01-16
plugin id	96526
published	2017-01-16
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96526
title	Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20170113)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-2658.NASL
description	From Red Hat Security Advisory 2016:2658 : An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	94621
published	2016-11-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94621
title	Oracle Linux 5 / 6 / 7 : java-1.7.0-openjdk (ELSA-2016-2658)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-1357.NASL
description	This update for java-1_7_0-openjdk fixes the following issues : - Update to 2.6.8 - OpenJDK 7u121 - Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (boo#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (boo#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (boo#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (boo#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (boo#1005527) + S8160838, CVE-2016-5597: Better HTTP service (boo#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (boo#1005524) - Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.jav a + S6882559: new JEditorPane(
last seen	2020-06-05
modified	2016-11-25
plugin id	95311
published	2016-11-25
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95311
title	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-1357)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2017-0061.NASL
description	An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	96480
published	2017-01-13
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96480
title	RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2017:0061)

NASL family	Virtuozzo Local Security Checks
NASL id	VIRTUOZZO_VZLSA-2017-0061.NASL
description	An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	101406
published	2017-07-13
reporter	This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/101406
title	Virtuozzo 7 : java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc (VZLSA-2017-0061)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2016-771.NASL
description	It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm. (CVE-2016-5542) A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim
last seen	2020-06-01
modified	2020-06-02
plugin id	94977
published	2016-11-21
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94977
title	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-771)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-2658.NASL
description	An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	94623
published	2016-11-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94623
title	RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2016:2658)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-2090.NASL
description	An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 131. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597)
last seen	2020-06-01
modified	2020-06-02
plugin id	94190
published	2016-10-21
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94190
title	RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2016:2090)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-3041-1.NASL
description	This update for java-1_7_1-ibm fixes the following issues : - Version update to 7.1-3.60 (bsc#1009280) fixing the following CVE
last seen	2020-06-01
modified	2020-06-02
plugin id	95608
published	2016-12-07
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95608
title	SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2016:3041-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-3068-1.NASL
description	This update for java-1_7_0-ibm fixes the following issues : - Version update to 7.0-9.60 (bsc#1009280, bsc#992537) fixing the following CVE
last seen	2020-06-01
modified	2020-06-02
plugin id	95710
published	2016-12-12
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95710
title	SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:3068-1)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3707.NASL
description	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox or denial of service.
last seen	2020-06-01
modified	2020-06-02
plugin id	94613
published	2016-11-08
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94613
title	Debian DSA-3707-1 : openjdk-7 - security update

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201701-43.NASL
description	The remote host is affected by the vulnerability described in GLSA-201701-43 (IcedTea: Multiple vulnerabilities) Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP, exist which allows remote attackers to affect the confidentiality, integrity, and availability of vulnerable systems. Many of the vulnerabilities can only be exploited through sandboxed Java Web Start applications and java applets. Please review the CVE identifiers referenced below for details. Impact : Remote attackers may execute arbitrary code, compromise information, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	96640
published	2017-01-20
reporter	This script is Copyright (C) 2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96640
title	GLSA-201701-43 : IcedTea: Multiple vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-3078-1.NASL
description	This update for java-1_8_0-ibm fixes the following issues : - CVE-2016-5568: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT - CVE-2016-5556: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D - CVE-2016-5573: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot - CVE-2016-5597: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to Networking - CVE-2016-5554: Unspecified vulnerability allowed remote attackers to affect integrity via vectors related to JMX - CVE-2016-5542: Unspecified vulnerability allowed remote attackers to affect integrity via vectors related to Libraries Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	95711
published	2016-12-12
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95711
title	SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:3078-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-3040-1.NASL
description	This update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.35 (bsc#1009280) fixing the following CVE
last seen	2020-06-01
modified	2020-06-02
plugin id	95607
published	2016-12-07
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95607
title	SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:3040-1)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2016-759.NASL
description	It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	94341
published	2016-10-28
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94341
title	Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-759)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-2136.NASL
description	An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP20. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597)
last seen	2020-06-01
modified	2020-06-02
plugin id	94499
published	2016-11-03
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94499
title	RHEL 6 / 7 : java-1.8.0-ibm (RHSA-2016:2136)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-2138.NASL
description	An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR9-FP60. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597)
last seen	2020-06-01
modified	2020-06-02
plugin id	94501
published	2016-11-03
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94501
title	RHEL 5 : java-1.7.0-ibm (RHSA-2016:2138)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-1389.NASL
description	- Update to 2.6.8 - OpenJDK 7u121 - Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (boo#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (boo#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (boo#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (boo#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (boo#1005527) + S8160838, CVE-2016-5597: Better HTTP service (boo#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (boo#1005524) - Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.jav a + S6882559: new JEditorPane(
last seen	2020-06-05
modified	2016-12-06
plugin id	95549
published	2016-12-06
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95549
title	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-1389)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-2079.NASL
description	An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	94140
published	2016-10-20
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94140
title	CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2016:2079)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-2137.NASL
description	An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP60. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597)
last seen	2020-06-01
modified	2020-06-02
plugin id	94500
published	2016-11-03
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94500
title	RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2016:2137)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20161019_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL
description	Security Fix(es) : - It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
last seen	2020-03-18
modified	2016-10-20
plugin id	94151
published	2016-10-20
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94151
title	Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20161019)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2017-1216.NASL
description	An update for java-1.7.1-ibm is now available for Red Hat Satellite 5.7 and Red Hat Satellite 5.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2017-3272, CVE-2017-3289, CVE-2017-3253, CVE-2017-3261, CVE-2017-3231, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2017-3241, CVE-2017-3259, CVE-2016-5573, CVE-2016-5554, CVE-2016-5542, CVE-2016-5597, CVE-2016-5556, CVE-2016-3598, CVE-2016-3511, CVE-2016-0363, CVE-2016-0686, CVE-2016-0687, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3422, CVE-2016-0376, CVE-2016-0264)
last seen	2020-06-01
modified	2020-06-02
plugin id	100094
published	2017-05-10
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/100094
title	RHEL 6 : java-1.7.1-ibm (RHSA-2017:1216)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-1380.NASL
description	OpenJDK Java was updated to jdk8u111 (icedtea 3.2.0) to fix the following issues : - Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8156794: Extend data sharing + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) - New features + PR1370: Provide option to build without debugging + PR1375: Provide option to strip and link debugging info after build + PR1537: Handle alternative Kerberos credential cache locations + PR1978: Allow use of system PCSC + PR2445: Support system libsctp + PR3182: Support building without pre-compiled headers + PR3183: Support Fedora/RHEL system crypto policy + PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries - Import of OpenJDK 8 u102 build 14 + S4515292: ReferenceType.isStatic() returns true for arrays + S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S6976636: JVM/TI test ex03t001 fails assertion + S7185591: jcmd-big-script.sh ERROR: could not find app
last seen	2020-06-05
modified	2016-12-05
plugin id	95532
published	2016-12-05
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/95532
title	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-1380)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-1444.NASL
description	This update for java-1_7_0-openjdk fixes the following issues : - Update to 2.6.8 - OpenJDK 7u121 - Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) - Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.jav a + S6882559: new JEditorPane(
last seen	2020-06-05
modified	2016-12-13
plugin id	95750
published	2016-12-13
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95750
title	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-1444)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-2088.NASL
description	An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 111. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597)
last seen	2020-06-01
modified	2020-06-02
plugin id	94188
published	2016-10-21
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94188
title	RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:2088)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3130-1.NASL
description	It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. (CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5554) It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could use this to send debugging commands to a Java application with debugging enabled. (CVE-2016-5573) It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5582) It was discovered that OpenJDK did not properly handle HTTP proxy authentication. An attacker could use this to expose HTTPS server authentication credentials. (CVE-2016-5597). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	94954
published	2016-11-18
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94954
title	Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-3130-1)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2017-0061.NASL
description	An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	96457
published	2017-01-13
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96457
title	CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2017:0061)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-2079.NASL
description	From Red Hat Security Advisory 2016:2079 : An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	94149
published	2016-10-20
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94149
title	Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2016-2079)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-1335.NASL
description	OpenJDK java-1_8_0-openjdk was updated to jdk8u111 (icedtea 3.2.0) to fix the following issues : - Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (boo#1005522) + S8156794: Extend data sharing + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (boo#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (boo#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (boo#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (boo#1005527) + S8160838, CVE-2016-5597: Better HTTP service (boo#1005528) + PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (boo#1005524) - New features + PR1370: Provide option to build without debugging + PR1375: Provide option to strip and link debugging info after build + PR1537: Handle alternative Kerberos credential cache locations + PR1978: Allow use of system PCSC + PR2445: Support system libsctp + PR3182: Support building without pre-compiled headers + PR3183: Support Fedora/RHEL system crypto policy + PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries - Import of OpenJDK 8 u102 build 14 + S4515292: ReferenceType.isStatic() returns true for arrays + S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S6976636: JVM/TI test ex03t001 fails assertion + S7185591: jcmd-big-script.sh ERROR: could not find app
last seen	2020-06-05
modified	2016-11-21
plugin id	95023
published	2016-11-21
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/95023
title	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-1335)

NASL family	Windows
NASL id	ORACLE_JAVA_CPU_OCT_2016.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 111, 7 Update 121, or 6 Update 131. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5542) - An unspecified flaw exists in the JMX subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5554) - An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5556) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5568) - Multiple unspecified flaws exist in the Hotspot subcomponent that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5573, CVE-2016-5582) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5597)
last seen	2020-06-01
modified	2020-06-02
plugin id	94138
published	2016-10-19
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94138
title	Oracle Java SE Multiple Vulnerabilities (October 2016 CPU)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-2658.NASL
description	An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	94740
published	2016-11-14
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94740
title	CentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2016:2658)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20161107_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL
description	Security Fix(es) : - It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
last seen	2020-03-18
modified	2016-11-08
plugin id	94627
published	2016-11-08
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94627
title	Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x i386/x86_64 (20161107)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-2079.NASL
description	An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	94150
published	2016-10-20
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94150
title	RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:2079)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-2659.NASL
description	An update for java-1.6.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP35. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597)
last seen	2020-06-01
modified	2020-06-02
plugin id	94624
published	2016-11-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94624
title	RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2016:2659)

NASL family	Misc.
NASL id	ORACLE_JAVA_CPU_OCT_2016_UNIX.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 111, 7 Update 121, or 6 Update 131. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5542) - An unspecified flaw exists in the JMX subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5554) - An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5556) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5568) - Multiple unspecified flaws exist in the Hotspot subcomponent that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5573, CVE-2016-5582) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5597)
last seen	2020-06-01
modified	2020-06-02
plugin id	94139
published	2016-10-19
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94139
title	Oracle Java SE Multiple Vulnerabilities (October 2016 CPU) (Unix)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-2089.NASL
description	An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 121. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597)
last seen	2020-06-01
modified	2020-06-02
plugin id	94189
published	2016-10-21
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94189
title	RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2016:2089)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2017-0061.NASL
description	From Red Hat Security Advisory 2017:0061 : An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	96476
published	2017-01-13
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96476
title	Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2017-0061)

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0111_JAVA-1.8.0-OPENJDK.NASL
description	The remote NewStart CGSL host, running version MAIN 4.05, has java-1.8.0-openjdk packages installed that are affected by multiple vulnerabilities: - It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory. (CVE-2017-3526) - An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. (CVE-2017-3511) - It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re- use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with credentials of a different user. (CVE-2017-3509) - A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application. (CVE-2017-3544) - It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2017-3539) - A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application. (CVE-2017-3533) - It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) - It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) - A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) - It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts). (CVE-2017-3231, CVE-2017-3261) - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) - It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) - It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). (CVE-2017-3272) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). (CVE-2017-3289) - It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm. (CVE-2016-5542) - A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) - It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim
last seen	2020-06-01
modified	2020-06-02
plugin id	127348
published	2019-08-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127348
title	NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0111)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201611-04.NASL
description	The remote host is affected by the vulnerability described in GLSA-201611-04 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please review the referenced CVE’s for additional information. Impact : Remote attackers could gain access to information, remotely execute arbitrary code, or cause Denial of Service. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	94595
published	2016-11-07
reporter	This script is Copyright (C) 2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94595
title	GLSA-201611-04 : Oracle JRE/JDK: Multiple vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-2953-1.NASL
description	This update for java-1_7_0-openjdk fixes the following issues : - Update to 2.6.8 - OpenJDK 7u121 - Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) - Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.jav a + S6882559: new JEditorPane(
last seen	2020-06-01
modified	2020-06-02
plugin id	95423
published	2016-12-01
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95423
title	SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:2953-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-2887-1.NASL
description	OpenJDK Java was updated to jdk8u111 (icedtea 3.2.0) to fix the following issues : - Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8156794: Extend data sharing + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) - New features + PR1370: Provide option to build without debugging + PR1375: Provide option to strip and link debugging info after build + PR1537: Handle alternative Kerberos credential cache locations + PR1978: Allow use of system PCSC + PR2445: Support system libsctp + PR3182: Support building without pre-compiled headers + PR3183: Support Fedora/RHEL system crypto policy + PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries - Import of OpenJDK 8 u102 build 14 + S4515292: ReferenceType.isStatic() returns true for arrays + S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S6976636: JVM/TI test ex03t001 fails assertion + S7185591: jcmd-big-script.sh ERROR: could not find app
last seen	2020-06-01
modified	2020-06-02
plugin id	95294
published	2016-11-23
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95294
title	SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:2887-1)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3154-1.NASL
description	It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. (CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5554) It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could use this to send debugging commands to a Java application with debugging enabled. (CVE-2016-5573) It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5582) It was discovered that OpenJDK did not properly handle HTTP proxy authentication. An attacker could use this to expose HTTPS server authentication credentials. (CVE-2016-5597). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	95629
published	2016-12-08
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95629
title	Ubuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-3154-1)

Redhat

advisories

bugzilla

id	1386103
title	CVE-2016-5597 OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.111-0.b15.el6_8
oval oval:com.redhat.rhsa:tst:20162079001
comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636012

AND

comment java-1.8.0-openjdk is earlier than 1:1.8.0.111-0.b15.el6_8
oval oval:com.redhat.rhsa:tst:20162079003
comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636008

AND

comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.111-0.b15.el6_8
oval oval:com.redhat.rhsa:tst:20162079005
comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636010

AND

comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.111-0.b15.el6_8
oval oval:com.redhat.rhsa:tst:20162079007
comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636006

AND

comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.111-0.b15.el6_8
oval oval:com.redhat.rhsa:tst:20162079009
comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919008

AND

comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.111-0.b15.el6_8
oval oval:com.redhat.rhsa:tst:20162079011
comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919016

AND

comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.111-0.b15.el6_8
oval oval:com.redhat.rhsa:tst:20162079013
comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919014

AND

comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.111-0.b15.el6_8
oval oval:com.redhat.rhsa:tst:20162079015
comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919022

AND

comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.111-0.b15.el6_8
oval oval:com.redhat.rhsa:tst:20162079017
comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919024

AND

comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.111-0.b15.el6_8
oval oval:com.redhat.rhsa:tst:20162079019
comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919020

AND

comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.111-0.b15.el6_8
oval oval:com.redhat.rhsa:tst:20162079021
comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636004

AND

comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.111-0.b15.el6_8
oval oval:com.redhat.rhsa:tst:20162079023
comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636002

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.111-1.b15.el7_2
oval oval:com.redhat.rhsa:tst:20162079026
comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636010

AND

comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.111-1.b15.el7_2
oval oval:com.redhat.rhsa:tst:20162079027
comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636012

AND

comment java-1.8.0-openjdk is earlier than 1:1.8.0.111-1.b15.el7_2
oval oval:com.redhat.rhsa:tst:20162079028
comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636008

AND

comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.111-1.b15.el7_2
oval oval:com.redhat.rhsa:tst:20162079029
comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919008

AND

comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.111-1.b15.el7_2
oval oval:com.redhat.rhsa:tst:20162079030
comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636006

AND

comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.111-1.b15.el7_2
oval oval:com.redhat.rhsa:tst:20162079031
comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919020

AND

comment java-1.8.0-openjdk-accessibility-debug is earlier than 1:1.8.0.111-1.b15.el7_2
oval oval:com.redhat.rhsa:tst:20162079032
comment java-1.8.0-openjdk-accessibility-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20160049002

AND

comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.111-1.b15.el7_2
oval oval:com.redhat.rhsa:tst:20162079034
comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919022

AND

comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.111-1.b15.el7_2
oval oval:com.redhat.rhsa:tst:20162079035
comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919016

AND

comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.111-1.b15.el7_2
oval oval:com.redhat.rhsa:tst:20162079036
comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919014

AND

comment java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.111-1.b15.el7_2
oval oval:com.redhat.rhsa:tst:20162079037
comment java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150809019

AND

comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.111-1.b15.el7_2
oval oval:com.redhat.rhsa:tst:20162079039
comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636002

AND

comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.111-1.b15.el7_2
oval oval:com.redhat.rhsa:tst:20162079040
comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919024

AND

comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.111-1.b15.el7_2
oval oval:com.redhat.rhsa:tst:20162079041
comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636004

rhsa

id	RHSA-2016:2079
released	2016-10-19
severity	Critical
title	RHSA-2016:2079: java-1.8.0-openjdk security update (Critical)

bugzilla

id	1386408
title	CVE-2016-5556 Oracle JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.111-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20162088001
comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080006

AND

comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.111-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20162088003
comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080012

AND

comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.111-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20162088005
comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080002

AND

comment java-1.8.0-oracle is earlier than 1:1.8.0.111-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20162088007
comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080004

AND

comment java-1.8.0-oracle-src is earlier than 1:1.8.0.111-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20162088009
comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080010

AND

comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.111-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20162088011
comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080008

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.8.0-oracle-src is earlier than 1:1.8.0.111-1jpp.4.el6_8
oval oval:com.redhat.rhsa:tst:20162088014
comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080010

AND

comment java-1.8.0-oracle is earlier than 1:1.8.0.111-1jpp.4.el6_8
oval oval:com.redhat.rhsa:tst:20162088015
comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080004

AND

comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.111-1jpp.4.el6_8
oval oval:com.redhat.rhsa:tst:20162088016
comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080002

AND

comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.111-1jpp.4.el6_8
oval oval:com.redhat.rhsa:tst:20162088017
comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080006

AND

comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.111-1jpp.4.el6_8
oval oval:com.redhat.rhsa:tst:20162088018
comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080012

AND

comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.111-1jpp.4.el6_8
oval oval:com.redhat.rhsa:tst:20162088019
comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080008

rhsa

id	RHSA-2016:2088
released	2016-10-20
severity	Critical
title	RHSA-2016:2088: java-1.8.0-oracle security update (Critical)

bugzilla

id	1386408
title	CVE-2016-5556 Oracle JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.121-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20162089001
comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413023

AND

comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.121-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20162089003
comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413025

AND

comment java-1.7.0-oracle is earlier than 1:1.7.0.121-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20162089005
comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413017

AND

comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.121-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20162089007
comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413015

AND

comment java-1.7.0-oracle-src is earlier than 1:1.7.0.121-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20162089009
comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413021

AND

comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.121-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20162089011
comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413019

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.121-1jpp.1.el6_8
oval oval:com.redhat.rhsa:tst:20162089014
comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413015

AND

comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.121-1jpp.1.el6_8
oval oval:com.redhat.rhsa:tst:20162089015
comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413025

AND

comment java-1.7.0-oracle is earlier than 1:1.7.0.121-1jpp.1.el6_8
oval oval:com.redhat.rhsa:tst:20162089016
comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413017

AND

comment java-1.7.0-oracle-src is earlier than 1:1.7.0.121-1jpp.1.el6_8
oval oval:com.redhat.rhsa:tst:20162089017
comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413021

AND

comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.121-1jpp.1.el6_8
oval oval:com.redhat.rhsa:tst:20162089018
comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413023

AND

comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.121-1jpp.1.el6_8
oval oval:com.redhat.rhsa:tst:20162089019
comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413019

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND

comment java-1.7.0-oracle-src is earlier than 1:1.7.0.121-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20162089021
comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413006

AND

comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.121-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20162089023
comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413008

AND

comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.121-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20162089025
comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413002

AND

comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.121-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20162089027
comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413012

AND

comment java-1.7.0-oracle is earlier than 1:1.7.0.121-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20162089029
comment java-1.7.0-oracle is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413004

AND

comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.121-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20162089031
comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413010

rhsa

id	RHSA-2016:2089
released	2016-10-20
severity	Critical
title	RHSA-2016:2089: java-1.7.0-oracle security update (Critical)

bugzilla

id	1386408
title	CVE-2016-5556 Oracle JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.6.0-sun-demo is earlier than 1:1.6.0.131-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20162090001
comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414015

AND

comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.131-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20162090003
comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414025

AND

comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.131-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20162090005
comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414023

AND

comment java-1.6.0-sun-src is earlier than 1:1.6.0.131-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20162090007
comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414019

AND

comment java-1.6.0-sun-devel is earlier than 1:1.6.0.131-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20162090009
comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414017

AND

comment java-1.6.0-sun is earlier than 1:1.6.0.131-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20162090011
comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414021

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.131-1jpp.1.el6_8
oval oval:com.redhat.rhsa:tst:20162090014
comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414025

AND

comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.131-1jpp.1.el6_8
oval oval:com.redhat.rhsa:tst:20162090015
comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414023

AND

comment java-1.6.0-sun-devel is earlier than 1:1.6.0.131-1jpp.1.el6_8
oval oval:com.redhat.rhsa:tst:20162090016
comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414017

AND

comment java-1.6.0-sun-demo is earlier than 1:1.6.0.131-1jpp.1.el6_8
oval oval:com.redhat.rhsa:tst:20162090017
comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414015

AND

comment java-1.6.0-sun-src is earlier than 1:1.6.0.131-1jpp.1.el6_8
oval oval:com.redhat.rhsa:tst:20162090018
comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414019

AND

comment java-1.6.0-sun is earlier than 1:1.6.0.131-1jpp.1.el6_8
oval oval:com.redhat.rhsa:tst:20162090019
comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414021

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND

comment java-1.6.0-sun-src is earlier than 1:1.6.0.131-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20162090021
comment java-1.6.0-sun-src is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140414006

AND

comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.131-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20162090023
comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140414012

AND

comment java-1.6.0-sun is earlier than 1:1.6.0.131-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20162090025
comment java-1.6.0-sun is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140414002

AND

comment java-1.6.0-sun-demo is earlier than 1:1.6.0.131-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20162090027
comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140414008

AND

comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.131-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20162090029
comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140414004

AND

comment java-1.6.0-sun-devel is earlier than 1:1.6.0.131-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20162090031
comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140414010

rhsa

id	RHSA-2016:2090
released	2016-10-20
severity	Important
title	RHSA-2016:2090: java-1.6.0-sun security update (Important)

bugzilla

id	1386103
title	CVE-2016-5597 OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND

comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.121-2.6.8.1.el5_11
oval oval:com.redhat.rhsa:tst:20162658001
comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20130165006

AND

comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.121-2.6.8.1.el5_11
oval oval:com.redhat.rhsa:tst:20162658003
comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20130165008

AND

comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.121-2.6.8.1.el5_11
oval oval:com.redhat.rhsa:tst:20162658005
comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20130165002

AND

comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.121-2.6.8.1.el5_11
oval oval:com.redhat.rhsa:tst:20162658007
comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20130165010

AND

comment java-1.7.0-openjdk is earlier than 1:1.7.0.121-2.6.8.1.el5_11
oval oval:com.redhat.rhsa:tst:20162658009
comment java-1.7.0-openjdk is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20130165004

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.121-2.6.8.1.el6_8
oval oval:com.redhat.rhsa:tst:20162658012
comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009002

AND

comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.121-2.6.8.1.el6_8
oval oval:com.redhat.rhsa:tst:20162658014
comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009008

AND

comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.121-2.6.8.1.el6_8
oval oval:com.redhat.rhsa:tst:20162658016
comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009006

AND

comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.121-2.6.8.1.el6_8
oval oval:com.redhat.rhsa:tst:20162658018
comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009004

AND

comment java-1.7.0-openjdk is earlier than 1:1.7.0.121-2.6.8.1.el6_8
oval oval:com.redhat.rhsa:tst:20162658020
comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009010

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.121-2.6.8.0.el7_3
oval oval:com.redhat.rhsa:tst:20162658023
comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009002

AND

comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.121-2.6.8.0.el7_3
oval oval:com.redhat.rhsa:tst:20162658024
comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009004

AND

comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.121-2.6.8.0.el7_3
oval oval:com.redhat.rhsa:tst:20162658025
comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009006

AND

comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.121-2.6.8.0.el7_3
oval oval:com.redhat.rhsa:tst:20162658026
comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009008

AND

comment java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.121-2.6.8.0.el7_3
oval oval:com.redhat.rhsa:tst:20162658027
comment java-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140675010

AND

comment java-1.7.0-openjdk is earlier than 1:1.7.0.121-2.6.8.0.el7_3
oval oval:com.redhat.rhsa:tst:20162658029
comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009010

AND

comment java-1.7.0-openjdk-headless is earlier than 1:1.7.0.121-2.6.8.0.el7_3
oval oval:com.redhat.rhsa:tst:20162658030
comment java-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140675006

rhsa

id	RHSA-2016:2658
released	2016-11-07
severity	Important
title	RHSA-2016:2658: java-1.7.0-openjdk security update (Important)

bugzilla

id	1386103
title	CVE-2016-5597 OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND

comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.41-1.13.13.1.el5_11
oval oval:com.redhat.rhsa:tst:20170061001
comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20090377004

AND

comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.41-1.13.13.1.el5_11
oval oval:com.redhat.rhsa:tst:20170061003
comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20090377002

AND

comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.41-1.13.13.1.el5_11
oval oval:com.redhat.rhsa:tst:20170061005
comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20090377010

AND

comment java-1.6.0-openjdk is earlier than 1:1.6.0.41-1.13.13.1.el5_11
oval oval:com.redhat.rhsa:tst:20170061007
comment java-1.6.0-openjdk is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20090377008

AND

comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.41-1.13.13.1.el5_11
oval oval:com.redhat.rhsa:tst:20170061009
comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20090377006

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.41-1.13.13.1.el6_8
oval oval:com.redhat.rhsa:tst:20170061012
comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100865002

AND

comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.41-1.13.13.1.el6_8
oval oval:com.redhat.rhsa:tst:20170061014
comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100865004

AND

comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.41-1.13.13.1.el6_8
oval oval:com.redhat.rhsa:tst:20170061016
comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100865008

AND

comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.41-1.13.13.1.el6_8
oval oval:com.redhat.rhsa:tst:20170061018
comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100865006

AND

comment java-1.6.0-openjdk is earlier than 1:1.6.0.41-1.13.13.1.el6_8
oval oval:com.redhat.rhsa:tst:20170061020
comment java-1.6.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100865010

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.41-1.13.13.1.el7_3
oval oval:com.redhat.rhsa:tst:20170061023
comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100865002

AND

comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.41-1.13.13.1.el7_3
oval oval:com.redhat.rhsa:tst:20170061024
comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100865006

AND

comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.41-1.13.13.1.el7_3
oval oval:com.redhat.rhsa:tst:20170061025
comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100865004

AND

comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.41-1.13.13.1.el7_3
oval oval:com.redhat.rhsa:tst:20170061026
comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100865008

AND

comment java-1.6.0-openjdk is earlier than 1:1.6.0.41-1.13.13.1.el7_3
oval oval:com.redhat.rhsa:tst:20170061027
comment java-1.6.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100865010

rhsa

id	RHSA-2017:0061
released	2017-01-13
severity	Important
title	RHSA-2017:0061: java-1.6.0-openjdk security update (Important)

rhsa
id RHSA-2016:2136
rhsa
id RHSA-2016:2137
rhsa
id RHSA-2016:2138
rhsa
id RHSA-2016:2659
rhsa
id RHSA-2017:1216

rpms

java-1.8.0-openjdk-1:1.8.0.111-0.b15.el6_8
java-1.8.0-openjdk-1:1.8.0.111-1.b15.el7_2
java-1.8.0-openjdk-accessibility-1:1.8.0.111-1.b15.el7_2
java-1.8.0-openjdk-accessibility-debug-1:1.8.0.111-1.b15.el7_2
java-1.8.0-openjdk-debug-1:1.8.0.111-0.b15.el6_8
java-1.8.0-openjdk-debug-1:1.8.0.111-1.b15.el7_2
java-1.8.0-openjdk-debuginfo-1:1.8.0.111-0.b15.el6_8
java-1.8.0-openjdk-debuginfo-1:1.8.0.111-1.b15.el7_2
java-1.8.0-openjdk-demo-1:1.8.0.111-0.b15.el6_8
java-1.8.0-openjdk-demo-1:1.8.0.111-1.b15.el7_2
java-1.8.0-openjdk-demo-debug-1:1.8.0.111-0.b15.el6_8
java-1.8.0-openjdk-demo-debug-1:1.8.0.111-1.b15.el7_2
java-1.8.0-openjdk-devel-1:1.8.0.111-0.b15.el6_8
java-1.8.0-openjdk-devel-1:1.8.0.111-1.b15.el7_2
java-1.8.0-openjdk-devel-debug-1:1.8.0.111-0.b15.el6_8
java-1.8.0-openjdk-devel-debug-1:1.8.0.111-1.b15.el7_2
java-1.8.0-openjdk-headless-1:1.8.0.111-0.b15.el6_8
java-1.8.0-openjdk-headless-1:1.8.0.111-1.b15.el7_2
java-1.8.0-openjdk-headless-debug-1:1.8.0.111-0.b15.el6_8
java-1.8.0-openjdk-headless-debug-1:1.8.0.111-1.b15.el7_2
java-1.8.0-openjdk-javadoc-1:1.8.0.111-0.b15.el6_8
java-1.8.0-openjdk-javadoc-1:1.8.0.111-1.b15.el7_2
java-1.8.0-openjdk-javadoc-debug-1:1.8.0.111-0.b15.el6_8
java-1.8.0-openjdk-javadoc-debug-1:1.8.0.111-1.b15.el7_2
java-1.8.0-openjdk-src-1:1.8.0.111-0.b15.el6_8
java-1.8.0-openjdk-src-1:1.8.0.111-1.b15.el7_2
java-1.8.0-openjdk-src-debug-1:1.8.0.111-0.b15.el6_8
java-1.8.0-openjdk-src-debug-1:1.8.0.111-1.b15.el7_2
java-1.8.0-oracle-1:1.8.0.111-1jpp.4.el6_8
java-1.8.0-oracle-1:1.8.0.111-1jpp.4.el7
java-1.8.0-oracle-devel-1:1.8.0.111-1jpp.4.el6_8
java-1.8.0-oracle-devel-1:1.8.0.111-1jpp.4.el7
java-1.8.0-oracle-javafx-1:1.8.0.111-1jpp.4.el6_8
java-1.8.0-oracle-javafx-1:1.8.0.111-1jpp.4.el7
java-1.8.0-oracle-jdbc-1:1.8.0.111-1jpp.4.el6_8
java-1.8.0-oracle-jdbc-1:1.8.0.111-1jpp.4.el7
java-1.8.0-oracle-plugin-1:1.8.0.111-1jpp.4.el6_8
java-1.8.0-oracle-plugin-1:1.8.0.111-1jpp.4.el7
java-1.8.0-oracle-src-1:1.8.0.111-1jpp.4.el6_8
java-1.8.0-oracle-src-1:1.8.0.111-1jpp.4.el7
java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el5_11
java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el6_8
java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el7
java-1.7.0-oracle-devel-1:1.7.0.121-1jpp.1.el5_11
java-1.7.0-oracle-devel-1:1.7.0.121-1jpp.1.el6_8
java-1.7.0-oracle-devel-1:1.7.0.121-1jpp.1.el7
java-1.7.0-oracle-javafx-1:1.7.0.121-1jpp.1.el5_11
java-1.7.0-oracle-javafx-1:1.7.0.121-1jpp.1.el6_8
java-1.7.0-oracle-javafx-1:1.7.0.121-1jpp.1.el7
java-1.7.0-oracle-jdbc-1:1.7.0.121-1jpp.1.el5_11
java-1.7.0-oracle-jdbc-1:1.7.0.121-1jpp.1.el6_8
java-1.7.0-oracle-jdbc-1:1.7.0.121-1jpp.1.el7
java-1.7.0-oracle-plugin-1:1.7.0.121-1jpp.1.el5_11
java-1.7.0-oracle-plugin-1:1.7.0.121-1jpp.1.el6_8
java-1.7.0-oracle-plugin-1:1.7.0.121-1jpp.1.el7
java-1.7.0-oracle-src-1:1.7.0.121-1jpp.1.el5_11
java-1.7.0-oracle-src-1:1.7.0.121-1jpp.1.el6_8
java-1.7.0-oracle-src-1:1.7.0.121-1jpp.1.el7
java-1.6.0-sun-1:1.6.0.131-1jpp.1.el5_11
java-1.6.0-sun-1:1.6.0.131-1jpp.1.el6_8
java-1.6.0-sun-1:1.6.0.131-1jpp.1.el7
java-1.6.0-sun-demo-1:1.6.0.131-1jpp.1.el5_11
java-1.6.0-sun-demo-1:1.6.0.131-1jpp.1.el6_8
java-1.6.0-sun-demo-1:1.6.0.131-1jpp.1.el7
java-1.6.0-sun-devel-1:1.6.0.131-1jpp.1.el5_11
java-1.6.0-sun-devel-1:1.6.0.131-1jpp.1.el6_8
java-1.6.0-sun-devel-1:1.6.0.131-1jpp.1.el7
java-1.6.0-sun-jdbc-1:1.6.0.131-1jpp.1.el5_11
java-1.6.0-sun-jdbc-1:1.6.0.131-1jpp.1.el6_8
java-1.6.0-sun-jdbc-1:1.6.0.131-1jpp.1.el7
java-1.6.0-sun-plugin-1:1.6.0.131-1jpp.1.el5_11
java-1.6.0-sun-plugin-1:1.6.0.131-1jpp.1.el6_8
java-1.6.0-sun-plugin-1:1.6.0.131-1jpp.1.el7
java-1.6.0-sun-src-1:1.6.0.131-1jpp.1.el5_11
java-1.6.0-sun-src-1:1.6.0.131-1jpp.1.el6_8
java-1.6.0-sun-src-1:1.6.0.131-1jpp.1.el7
java-1.8.0-ibm-1:1.8.0.3.20-1jpp.1.el6_8
java-1.8.0-ibm-1:1.8.0.3.20-1jpp.1.el7_2
java-1.8.0-ibm-demo-1:1.8.0.3.20-1jpp.1.el6_8
java-1.8.0-ibm-demo-1:1.8.0.3.20-1jpp.1.el7_2
java-1.8.0-ibm-devel-1:1.8.0.3.20-1jpp.1.el6_8
java-1.8.0-ibm-devel-1:1.8.0.3.20-1jpp.1.el7_2
java-1.8.0-ibm-jdbc-1:1.8.0.3.20-1jpp.1.el6_8
java-1.8.0-ibm-jdbc-1:1.8.0.3.20-1jpp.1.el7_2
java-1.8.0-ibm-plugin-1:1.8.0.3.20-1jpp.1.el6_8
java-1.8.0-ibm-plugin-1:1.8.0.3.20-1jpp.1.el7_2
java-1.8.0-ibm-src-1:1.8.0.3.20-1jpp.1.el6_8
java-1.8.0-ibm-src-1:1.8.0.3.20-1jpp.1.el7_2
java-1.7.1-ibm-1:1.7.1.3.60-1jpp.1.el6_8
java-1.7.1-ibm-1:1.7.1.3.60-1jpp.1.el7_2
java-1.7.1-ibm-demo-1:1.7.1.3.60-1jpp.1.el6_8
java-1.7.1-ibm-demo-1:1.7.1.3.60-1jpp.1.el7_2
java-1.7.1-ibm-devel-1:1.7.1.3.60-1jpp.1.el6_8
java-1.7.1-ibm-devel-1:1.7.1.3.60-1jpp.1.el7_2
java-1.7.1-ibm-jdbc-1:1.7.1.3.60-1jpp.1.el6_8
java-1.7.1-ibm-jdbc-1:1.7.1.3.60-1jpp.1.el7_2
java-1.7.1-ibm-plugin-1:1.7.1.3.60-1jpp.1.el6_8
java-1.7.1-ibm-plugin-1:1.7.1.3.60-1jpp.1.el7_2
java-1.7.1-ibm-src-1:1.7.1.3.60-1jpp.1.el6_8
java-1.7.1-ibm-src-1:1.7.1.3.60-1jpp.1.el7_2
java-1.7.0-ibm-1:1.7.0.9.60-1jpp.1.el5_11
java-1.7.0-ibm-demo-1:1.7.0.9.60-1jpp.1.el5_11
java-1.7.0-ibm-devel-1:1.7.0.9.60-1jpp.1.el5_11
java-1.7.0-ibm-jdbc-1:1.7.0.9.60-1jpp.1.el5_11
java-1.7.0-ibm-plugin-1:1.7.0.9.60-1jpp.1.el5_11
java-1.7.0-ibm-src-1:1.7.0.9.60-1jpp.1.el5_11
java-1.7.0-openjdk-1:1.7.0.121-2.6.8.0.el7_3
java-1.7.0-openjdk-1:1.7.0.121-2.6.8.1.el5_11
java-1.7.0-openjdk-1:1.7.0.121-2.6.8.1.el6_8
java-1.7.0-openjdk-accessibility-1:1.7.0.121-2.6.8.0.el7_3
java-1.7.0-openjdk-debuginfo-1:1.7.0.121-2.6.8.0.el7_3
java-1.7.0-openjdk-debuginfo-1:1.7.0.121-2.6.8.1.el5_11
java-1.7.0-openjdk-debuginfo-1:1.7.0.121-2.6.8.1.el6_8
java-1.7.0-openjdk-demo-1:1.7.0.121-2.6.8.0.el7_3
java-1.7.0-openjdk-demo-1:1.7.0.121-2.6.8.1.el5_11
java-1.7.0-openjdk-demo-1:1.7.0.121-2.6.8.1.el6_8
java-1.7.0-openjdk-devel-1:1.7.0.121-2.6.8.0.el7_3
java-1.7.0-openjdk-devel-1:1.7.0.121-2.6.8.1.el5_11
java-1.7.0-openjdk-devel-1:1.7.0.121-2.6.8.1.el6_8
java-1.7.0-openjdk-headless-1:1.7.0.121-2.6.8.0.el7_3
java-1.7.0-openjdk-javadoc-1:1.7.0.121-2.6.8.0.el7_3
java-1.7.0-openjdk-javadoc-1:1.7.0.121-2.6.8.1.el5_11
java-1.7.0-openjdk-javadoc-1:1.7.0.121-2.6.8.1.el6_8
java-1.7.0-openjdk-src-1:1.7.0.121-2.6.8.0.el7_3
java-1.7.0-openjdk-src-1:1.7.0.121-2.6.8.1.el5_11
java-1.7.0-openjdk-src-1:1.7.0.121-2.6.8.1.el6_8
java-1.6.0-ibm-1:1.6.0.16.35-1jpp.1.el5_11
java-1.6.0-ibm-1:1.6.0.16.35-1jpp.1.el6_8
java-1.6.0-ibm-accessibility-1:1.6.0.16.35-1jpp.1.el5_11
java-1.6.0-ibm-demo-1:1.6.0.16.35-1jpp.1.el5_11
java-1.6.0-ibm-demo-1:1.6.0.16.35-1jpp.1.el6_8
java-1.6.0-ibm-devel-1:1.6.0.16.35-1jpp.1.el5_11
java-1.6.0-ibm-devel-1:1.6.0.16.35-1jpp.1.el6_8
java-1.6.0-ibm-javacomm-1:1.6.0.16.35-1jpp.1.el5_11
java-1.6.0-ibm-javacomm-1:1.6.0.16.35-1jpp.1.el6_8
java-1.6.0-ibm-jdbc-1:1.6.0.16.35-1jpp.1.el5_11
java-1.6.0-ibm-jdbc-1:1.6.0.16.35-1jpp.1.el6_8
java-1.6.0-ibm-plugin-1:1.6.0.16.35-1jpp.1.el5_11
java-1.6.0-ibm-plugin-1:1.6.0.16.35-1jpp.1.el6_8
java-1.6.0-ibm-src-1:1.6.0.16.35-1jpp.1.el5_11
java-1.6.0-ibm-src-1:1.6.0.16.35-1jpp.1.el6_8
java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el5_11
java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el6_8
java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el7_3
java-1.6.0-openjdk-debuginfo-1:1.6.0.41-1.13.13.1.el5_11
java-1.6.0-openjdk-debuginfo-1:1.6.0.41-1.13.13.1.el6_8
java-1.6.0-openjdk-debuginfo-1:1.6.0.41-1.13.13.1.el7_3
java-1.6.0-openjdk-demo-1:1.6.0.41-1.13.13.1.el5_11
java-1.6.0-openjdk-demo-1:1.6.0.41-1.13.13.1.el6_8
java-1.6.0-openjdk-demo-1:1.6.0.41-1.13.13.1.el7_3
java-1.6.0-openjdk-devel-1:1.6.0.41-1.13.13.1.el5_11
java-1.6.0-openjdk-devel-1:1.6.0.41-1.13.13.1.el6_8
java-1.6.0-openjdk-devel-1:1.6.0.41-1.13.13.1.el7_3
java-1.6.0-openjdk-javadoc-1:1.6.0.41-1.13.13.1.el5_11
java-1.6.0-openjdk-javadoc-1:1.6.0.41-1.13.13.1.el6_8
java-1.6.0-openjdk-javadoc-1:1.6.0.41-1.13.13.1.el7_3
java-1.6.0-openjdk-src-1:1.6.0.41-1.13.13.1.el5_11
java-1.6.0-openjdk-src-1:1.6.0.41-1.13.13.1.el6_8
java-1.6.0-openjdk-src-1:1.6.0.41-1.13.13.1.el7_3
java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8
java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References