Vulnerabilities > CVE-2018-2783

047910
CVSS 7.4 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
high complexity
oracle
redhat
canonical
hp
nessus

Summary

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1723.NASL
    descriptionAn update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP25. Security Fix(es) : * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110117
    published2018-05-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110117
    titleRHEL 7 : java-1.7.1-ibm (RHSA-2018:1723)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:1723. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110117);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/24 15:35:45");
    
      script_cve_id("CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800");
      script_xref(name:"RHSA", value:"2018:1723");
    
      script_name(english:"RHEL 7 : java-1.7.1-ibm (RHSA-2018:1723)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for java-1.7.1-ibm is now available for Red Hat Enterprise
    Linux 7 Supplementary.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    IBM Java SE version 7 Release 1 includes the IBM Java Runtime
    Environment and the IBM Java Software Development Kit.
    
    This update upgrades IBM Java SE 7 to version 7R1 SR4-FP25.
    
    Security Fix(es) :
    
    * OpenJDK: unrestricted deserialization of data from JCEKS key stores
    (Security, 8189997) (CVE-2018-2794)
    
    * Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and
    8u161 (Security) (CVE-2018-2783)
    
    * OpenJDK: insufficient consistency checks in deserialization of
    multiple classes (Security, 8189977) (CVE-2018-2795)
    
    * OpenJDK: unbounded memory allocation during deserialization in
    PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)
    
    * OpenJDK: unbounded memory allocation during deserialization in
    TabularDataSupport (JMX, 8189985) (CVE-2018-2797)
    
    * OpenJDK: unbounded memory allocation during deserialization in
    Container (AWT, 8189989) (CVE-2018-2798)
    
    * OpenJDK: unbounded memory allocation during deserialization in
    NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)
    
    * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)
    (CVE-2018-2800)
    
    * OpenJDK: incorrect merging of sections in the JAR manifest
    (Security, 8189969) (CVE-2018-2790)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:1723"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2783"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2794"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2795"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2796"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2797"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2798"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2799"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2800"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:1723";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-1.7.1.4.25-1jpp.3.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-1.7.1.4.25-1jpp.3.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-demo-1.7.1.4.25-1jpp.3.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-demo-1.7.1.4.25-1jpp.3.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-devel-1.7.1.4.25-1jpp.3.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-devel-1.7.1.4.25-1jpp.3.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.25-1jpp.3.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.25-1jpp.3.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-plugin-1.7.1.4.25-1jpp.3.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-src-1.7.1.4.25-1jpp.3.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-src-1.7.1.4.25-1jpp.3.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.1-ibm / java-1.7.1-ibm-demo / java-1.7.1-ibm-devel / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1722.NASL
    descriptionAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP15. Security Fix(es) : * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110116
    published2018-05-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110116
    titleRHEL 6 : java-1.8.0-ibm (RHSA-2018:1722)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:1722. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110116);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/24 15:35:45");
    
      script_cve_id("CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800");
      script_xref(name:"RHSA", value:"2018:1722");
    
      script_name(english:"RHEL 6 : java-1.8.0-ibm (RHSA-2018:1722)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for java-1.8.0-ibm is now available for Red Hat Enterprise
    Linux 6 Supplementary.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    IBM Java SE version 8 includes the IBM Java Runtime Environment and
    the IBM Java Software Development Kit.
    
    This update upgrades IBM Java SE 8 to version 8 SR5-FP15.
    
    Security Fix(es) :
    
    * OpenJDK: unrestricted deserialization of data from JCEKS key stores
    (Security, 8189997) (CVE-2018-2794)
    
    * Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and
    8u161 (Security) (CVE-2018-2783)
    
    * OpenJDK: insufficient consistency checks in deserialization of
    multiple classes (Security, 8189977) (CVE-2018-2795)
    
    * OpenJDK: unbounded memory allocation during deserialization in
    PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)
    
    * OpenJDK: unbounded memory allocation during deserialization in
    TabularDataSupport (JMX, 8189985) (CVE-2018-2797)
    
    * OpenJDK: unbounded memory allocation during deserialization in
    Container (AWT, 8189989) (CVE-2018-2798)
    
    * OpenJDK: unbounded memory allocation during deserialization in
    NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)
    
    * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)
    (CVE-2018-2800)
    
    * OpenJDK: incorrect merging of sections in the JAR manifest
    (Security, 8189969) (CVE-2018-2790)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:1722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2783"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2794"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2795"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2796"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2797"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2798"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2799"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-2800"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:1722";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.8.0-ibm-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.8.0-ibm-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.8.0-ibm-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.8.0-ibm-demo-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.8.0-ibm-demo-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.8.0-ibm-demo-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.8.0-ibm-devel-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.8.0-ibm-devel-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.8.0-ibm-devel-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.8.0-ibm-jdbc-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.8.0-ibm-jdbc-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.8.0-ibm-jdbc-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.8.0-ibm-plugin-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.8.0-ibm-plugin-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.8.0-ibm-src-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.8.0-ibm-src-1.8.0.5.15-1jpp.2.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.8.0-ibm-src-1.8.0.5.15-1jpp.2.el6_9")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.8.0-ibm / java-1.8.0-ibm-demo / java-1.8.0-ibm-devel / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-0100.NASL
    descriptionAn update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 171. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)
    last seen2020-06-01
    modified2020-06-02
    plugin id106183
    published2018-01-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106183
    titleRHEL 6 / 7 : java-1.7.0-oracle (RHSA-2018:0100)
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_APR_2018.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 1, 8 Update 171, 7 Update 181, or 6 Update 191. It is, therefore, affected by multiple vulnerabilities related to the following components : - AWT - Concurrency - Hotspot - Install - JAXP - JMX - Libraries - RMI - Security - Serialization
    last seen2020-06-01
    modified2020-06-02
    plugin id109202
    published2018-04-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109202
    titleOracle Java SE Multiple Vulnerabilities (April 2018 CPU)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0130_MYSQL.NASL
    descriptionAn update of the mysql package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121834
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121834
    titlePhoton OS 1.0: Mysql PHSA-2018-1.0-0130
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1721.NASL
    descriptionAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP15. Security Fix(es) : * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110115
    published2018-05-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110115
    titleRHEL 7 : java-1.8.0-ibm (RHSA-2018:1721)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1205.NASL
    descriptionAn update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 191. Security Fix(es) : * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id109306
    published2018-04-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109306
    titleRHEL 7 : java-1.6.0-sun (RHSA-2018:1205)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1447-1.NASL
    descriptionIBM Java was updated to 7.1.4.25 [bsc#1093311, bsc#1085449] Security fixes : - CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110186
    published2018-05-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110186
    titleSUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:1447-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1724.NASL
    descriptionAn update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP25. Security Fix(es) : * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110118
    published2018-05-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110118
    titleRHEL 6 : java-1.7.1-ibm (RHSA-2018:1724)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1974.NASL
    descriptionAn update for java-1.7.1-ibm is now available for Red Hat Satellite 5.6 and Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP25. Security Fix(es) : * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110692
    published2018-06-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110692
    titleRHEL 6 : java-1.7.1-ibm (RHSA-2018:1974)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1764-1.NASL
    descriptionIBM Java was updated to 7.1.4.25 [bsc#1093311, bsc#1085449]: Security fixes : - CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110638
    published2018-06-21
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110638
    titleSUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:1764-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1975.NASL
    descriptionAn update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP15. Security Fix(es) : * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110793
    published2018-06-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110793
    titleRHEL 6 : java-1.8.0-ibm (RHSA-2018:1975)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0130.NASL
    descriptionAn update of 'mysql', 'openjdk',openjre packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111932
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111932
    titlePhoton OS 1.0: Mysql / Openjdk PHSA-2018-1.0-0130 (deprecated)
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_APR_2018_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 1, 8 Update 171, 7 Update 181, or 6 Update 191. It is, therefore, affected by multiple vulnerabilities related to the following components : - AWT - Concurrency - Hotspot - Install - JAXP - JMX - Libraries - RMI - Security - Serialization
    last seen2020-06-01
    modified2020-06-02
    plugin id109203
    published2018-04-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109203
    titleOracle Java SE Multiple Vulnerabilities (April 2018 CPU) (Unix)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0130_OPENJDK.NASL
    descriptionAn update of the openjdk package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121835
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121835
    titlePhoton OS 1.0: Openjdk PHSA-2018-1.0-0130
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1764-2.NASL
    descriptionIBM Java was updated to 7.1.4.25 [bsc#1093311, bsc#1085449] : Security fixes : CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118268
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118268
    titleSUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:1764-2)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL44923228.NASL
    descriptionVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). (CVE-2018-2783) Impact BIG-IP, BIG-IQ, F5 iWorkflow, Enterprise Manager, and Traffix SDC Attacker with network access via multiple protocols may exploit this vulnerability with unauthorized access and manipulation to the affected data of all Java SE components. LineRate There is no impact; thisF5 productis not affected by this vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id118663
    published2018-11-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118663
    titleF5 Networks BIG-IP : Oracle Java SE vulnerability (K44923228)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1738-2.NASL
    descriptionIBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes : CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118267
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118267
    titleSUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:1738-2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1458-1.NASL
    descriptionThis update for java-1_7_0-ibm fixes the following issues: IBM Java was updated to 7.1.4.25 (bsc#1093311, bsc#1085449) Security fixes : - CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110223
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110223
    titleSUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:1458-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1738-1.NASL
    descriptionIBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes : - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110620
    published2018-06-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110620
    titleSUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:1738-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3644-1.NASL
    descriptionIt was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. (CVE-2018-2790) Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Security component of OpenJDK did not restrict which classes could be used when deserializing keys from the JCEKS key stores. An attacker could use this to specially craft a JCEKS key store to execute arbitrary code. (CVE-2018-2794) It was discovered that the Security component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2795) It was discovered that the Concurrency component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2796) It was discovered that the JMX component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2797) It was discovered that the AWT component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2798) It was discovered that the JAXP component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2799) Moritz Bechler discovered that the RMI component of OpenJDK enabled HTTP transport for RMI servers by default. A remote attacker could use this to gain access to restricted services. (CVE-2018-2800) It was discovered that a vulnerability existed in the Hotspot component of OpenJDK affecting confidentiality, data integrity, and availability. An attacker could use this to specially craft an Java application that caused a denial of service or bypassed sandbox restrictions. (CVE-2018-2814) Apostolos Giannakidis discovered that the Serialization component of OpenJDK did not properly bound memory allocations in some situations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2815) David Benjamin discovered a vulnerability in the Security component of OpenJDK related to data integrity and confidentiality. A remote attacker could possibly use this to expose sensitive information. (CVE-2018-2783). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109723
    published2018-05-11
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109723
    titleUbuntu 16.04 LTS / 17.10 : openjdk-8 vulnerabilities (USN-3644-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1203.NASL
    descriptionAn update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 191. Security Fix(es) : * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id109304
    published2018-04-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109304
    titleRHEL 6 : java-1.6.0-sun (RHSA-2018:1203)
  • NASL familyWindows
    NASL idORACLE_JROCKIT_CPU_APR_2018.NASL
    descriptionThe version of Oracle JRockit installed on the remote Windows host is R28.3.17. It is, therefore, affected by multiple vulnerabilities. See advisory for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id109207
    published2018-04-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109207
    titleOracle JRockit R28.3.17 Multiple Vulnerabilities (April 2018 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2068-1.NASL
    descriptionIBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes : - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-21
    modified2019-01-02
    plugin id120060
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120060
    titleSUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2018:2068-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-0099.NASL
    descriptionAn update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 161. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2018-2579, CVE-2018-2581, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2627, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)
    last seen2020-06-01
    modified2020-06-02
    plugin id106182
    published2018-01-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106182
    titleRHEL 6 / 7 : java-1.8.0-oracle (RHSA-2018:0099)

Redhat

advisories
  • bugzilla
    id1535354
    titleCVE-2018-2581 Oracle JDK: unspecified vulnerability fixed in 7u171, 8u161, and 9.0.4 (JavaFX)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentjava-1.8.0-oracle is earlier than 1:1.8.0.161-1jpp.2.el7
            ovaloval:com.redhat.rhsa:tst:20180099001
          • commentjava-1.8.0-oracle is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150080004
        • AND
          • commentjava-1.8.0-oracle-plugin is earlier than 1:1.8.0.161-1jpp.2.el7
            ovaloval:com.redhat.rhsa:tst:20180099003
          • commentjava-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150080008
        • AND
          • commentjava-1.8.0-oracle-src is earlier than 1:1.8.0.161-1jpp.2.el7
            ovaloval:com.redhat.rhsa:tst:20180099005
          • commentjava-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150080010
        • AND
          • commentjava-1.8.0-oracle-javafx is earlier than 1:1.8.0.161-1jpp.2.el7
            ovaloval:com.redhat.rhsa:tst:20180099007
          • commentjava-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150080002
        • AND
          • commentjava-1.8.0-oracle-devel is earlier than 1:1.8.0.161-1jpp.2.el7
            ovaloval:com.redhat.rhsa:tst:20180099009
          • commentjava-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150080006
        • AND
          • commentjava-1.8.0-oracle-jdbc is earlier than 1:1.8.0.161-1jpp.2.el7
            ovaloval:com.redhat.rhsa:tst:20180099011
          • commentjava-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150080012
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentjava-1.8.0-oracle is earlier than 1:1.8.0.161-1jpp.1.el6_9
            ovaloval:com.redhat.rhsa:tst:20180099014
          • commentjava-1.8.0-oracle is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150080004
        • AND
          • commentjava-1.8.0-oracle-src is earlier than 1:1.8.0.161-1jpp.1.el6_9
            ovaloval:com.redhat.rhsa:tst:20180099015
          • commentjava-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150080010
        • AND
          • commentjava-1.8.0-oracle-plugin is earlier than 1:1.8.0.161-1jpp.1.el6_9
            ovaloval:com.redhat.rhsa:tst:20180099016
          • commentjava-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150080008
        • AND
          • commentjava-1.8.0-oracle-devel is earlier than 1:1.8.0.161-1jpp.1.el6_9
            ovaloval:com.redhat.rhsa:tst:20180099017
          • commentjava-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150080006
        • AND
          • commentjava-1.8.0-oracle-javafx is earlier than 1:1.8.0.161-1jpp.1.el6_9
            ovaloval:com.redhat.rhsa:tst:20180099018
          • commentjava-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150080002
        • AND
          • commentjava-1.8.0-oracle-jdbc is earlier than 1:1.8.0.161-1jpp.1.el6_9
            ovaloval:com.redhat.rhsa:tst:20180099019
          • commentjava-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150080012
    rhsa
    idRHSA-2018:0099
    released2018-01-18
    severityCritical
    titleRHSA-2018:0099: java-1.8.0-oracle security update (Critical)
  • bugzilla
    id1535354
    titlenerability fixed in 7u171, 8u161, and 9.0.4 (JavaFX)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentjava-1.7.0-oracle-src is earlier than 1:1.7.0.171-1jpp.1.el7
            ovaloval:com.redhat.rhsa:tst:20180100001
          • commentjava-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413021
        • AND
          • commentjava-1.7.0-oracle-javafx is earlier than 1:1.7.0.171-1jpp.1.el7
            ovaloval:com.redhat.rhsa:tst:20180100003
          • commentjava-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413019
        • AND
          • commentjava-1.7.0-oracle-plugin is earlier than 1:1.7.0.171-1jpp.1.el7
            ovaloval:com.redhat.rhsa:tst:20180100005
          • commentjava-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413025
        • AND
          • commentjava-1.7.0-oracle-jdbc is earlier than 1:1.7.0.171-1jpp.1.el7
            ovaloval:com.redhat.rhsa:tst:20180100007
          • commentjava-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413023
        • AND
          • commentjava-1.7.0-oracle is earlier than 1:1.7.0.171-1jpp.1.el7
            ovaloval:com.redhat.rhsa:tst:20180100009
          • commentjava-1.7.0-oracle is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413017
        • AND
          • commentjava-1.7.0-oracle-devel is earlier than 1:1.7.0.171-1jpp.1.el7
            ovaloval:com.redhat.rhsa:tst:20180100011
          • commentjava-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413015
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentjava-1.7.0-oracle-javafx is earlier than 1:1.7.0.171-1jpp.1.el6_9
            ovaloval:com.redhat.rhsa:tst:20180100014
          • commentjava-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413019
        • AND
          • commentjava-1.7.0-oracle-jdbc is earlier than 1:1.7.0.171-1jpp.1.el6_9
            ovaloval:com.redhat.rhsa:tst:20180100015
          • commentjava-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413023
        • AND
          • commentjava-1.7.0-oracle is earlier than 1:1.7.0.171-1jpp.1.el6_9
            ovaloval:com.redhat.rhsa:tst:20180100016
          • commentjava-1.7.0-oracle is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413017
        • AND
          • commentjava-1.7.0-oracle-src is earlier than 1:1.7.0.171-1jpp.1.el6_9
            ovaloval:com.redhat.rhsa:tst:20180100017
          • commentjava-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413021
        • AND
          • commentjava-1.7.0-oracle-plugin is earlier than 1:1.7.0.171-1jpp.1.el6_9
            ovaloval:com.redhat.rhsa:tst:20180100018
          • commentjava-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413025
        • AND
          • commentjava-1.7.0-oracle-devel is earlier than 1:1.7.0.171-1jpp.1.el6_9
            ovaloval:com.redhat.rhsa:tst:20180100019
          • commentjava-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140413015
    rhsa
    idRHSA-2018:0100
    released2018-01-18
    severityImportant
    titleRHSA-2018:0100: java-1.7.0-oracle security update (Important)
  • rhsa
    idRHSA-2018:1203
  • rhsa
    idRHSA-2018:1205
  • rhsa
    idRHSA-2018:1721
  • rhsa
    idRHSA-2018:1722
  • rhsa
    idRHSA-2018:1723
  • rhsa
    idRHSA-2018:1724
  • rhsa
    idRHSA-2018:1974
  • rhsa
    idRHSA-2018:1975
rpms
  • java-1.8.0-oracle-1:1.8.0.161-1jpp.1.el6_9
  • java-1.8.0-oracle-1:1.8.0.161-1jpp.2.el7
  • java-1.8.0-oracle-devel-1:1.8.0.161-1jpp.1.el6_9
  • java-1.8.0-oracle-devel-1:1.8.0.161-1jpp.2.el7
  • java-1.8.0-oracle-javafx-1:1.8.0.161-1jpp.1.el6_9
  • java-1.8.0-oracle-javafx-1:1.8.0.161-1jpp.2.el7
  • java-1.8.0-oracle-jdbc-1:1.8.0.161-1jpp.1.el6_9
  • java-1.8.0-oracle-jdbc-1:1.8.0.161-1jpp.2.el7
  • java-1.8.0-oracle-plugin-1:1.8.0.161-1jpp.1.el6_9
  • java-1.8.0-oracle-plugin-1:1.8.0.161-1jpp.2.el7
  • java-1.8.0-oracle-src-1:1.8.0.161-1jpp.1.el6_9
  • java-1.8.0-oracle-src-1:1.8.0.161-1jpp.2.el7
  • java-1.7.0-oracle-1:1.7.0.171-1jpp.1.el6_9
  • java-1.7.0-oracle-1:1.7.0.171-1jpp.1.el7
  • java-1.7.0-oracle-devel-1:1.7.0.171-1jpp.1.el6_9
  • java-1.7.0-oracle-devel-1:1.7.0.171-1jpp.1.el7
  • java-1.7.0-oracle-javafx-1:1.7.0.171-1jpp.1.el6_9
  • java-1.7.0-oracle-javafx-1:1.7.0.171-1jpp.1.el7
  • java-1.7.0-oracle-jdbc-1:1.7.0.171-1jpp.1.el6_9
  • java-1.7.0-oracle-jdbc-1:1.7.0.171-1jpp.1.el7
  • java-1.7.0-oracle-plugin-1:1.7.0.171-1jpp.1.el6_9
  • java-1.7.0-oracle-plugin-1:1.7.0.171-1jpp.1.el7
  • java-1.7.0-oracle-src-1:1.7.0.171-1jpp.1.el6_9
  • java-1.7.0-oracle-src-1:1.7.0.171-1jpp.1.el7
  • java-1.6.0-sun-1:1.6.0.191-1jpp.2.el6
  • java-1.6.0-sun-demo-1:1.6.0.191-1jpp.2.el6
  • java-1.6.0-sun-devel-1:1.6.0.191-1jpp.2.el6
  • java-1.6.0-sun-jdbc-1:1.6.0.191-1jpp.2.el6
  • java-1.6.0-sun-plugin-1:1.6.0.191-1jpp.2.el6
  • java-1.6.0-sun-src-1:1.6.0.191-1jpp.2.el6
  • java-1.6.0-sun-1:1.6.0.191-1jpp.1.el7
  • java-1.6.0-sun-demo-1:1.6.0.191-1jpp.1.el7
  • java-1.6.0-sun-devel-1:1.6.0.191-1jpp.1.el7
  • java-1.6.0-sun-jdbc-1:1.6.0.191-1jpp.1.el7
  • java-1.6.0-sun-plugin-1:1.6.0.191-1jpp.1.el7
  • java-1.6.0-sun-src-1:1.6.0.191-1jpp.1.el7
  • java-1.8.0-ibm-1:1.8.0.5.15-1jpp.5.el7
  • java-1.8.0-ibm-demo-1:1.8.0.5.15-1jpp.5.el7
  • java-1.8.0-ibm-devel-1:1.8.0.5.15-1jpp.5.el7
  • java-1.8.0-ibm-jdbc-1:1.8.0.5.15-1jpp.5.el7
  • java-1.8.0-ibm-plugin-1:1.8.0.5.15-1jpp.5.el7
  • java-1.8.0-ibm-src-1:1.8.0.5.15-1jpp.5.el7
  • java-1.8.0-ibm-1:1.8.0.5.15-1jpp.2.el6_9
  • java-1.8.0-ibm-demo-1:1.8.0.5.15-1jpp.2.el6_9
  • java-1.8.0-ibm-devel-1:1.8.0.5.15-1jpp.2.el6_9
  • java-1.8.0-ibm-jdbc-1:1.8.0.5.15-1jpp.2.el6_9
  • java-1.8.0-ibm-plugin-1:1.8.0.5.15-1jpp.2.el6_9
  • java-1.8.0-ibm-src-1:1.8.0.5.15-1jpp.2.el6_9
  • java-1.7.1-ibm-1:1.7.1.4.25-1jpp.3.el7
  • java-1.7.1-ibm-demo-1:1.7.1.4.25-1jpp.3.el7
  • java-1.7.1-ibm-devel-1:1.7.1.4.25-1jpp.3.el7
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.25-1jpp.3.el7
  • java-1.7.1-ibm-plugin-1:1.7.1.4.25-1jpp.3.el7
  • java-1.7.1-ibm-src-1:1.7.1.4.25-1jpp.3.el7
  • java-1.7.1-ibm-1:1.7.1.4.25-1jpp.2.el6_9
  • java-1.7.1-ibm-demo-1:1.7.1.4.25-1jpp.2.el6_9
  • java-1.7.1-ibm-devel-1:1.7.1.4.25-1jpp.2.el6_9
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.25-1jpp.2.el6_9
  • java-1.7.1-ibm-plugin-1:1.7.1.4.25-1jpp.2.el6_9
  • java-1.7.1-ibm-src-1:1.7.1.4.25-1jpp.2.el6_9
  • java-1.7.1-ibm-1:1.7.1.4.25-1jpp.3.el6
  • java-1.7.1-ibm-devel-1:1.7.1.4.25-1jpp.3.el6
  • java-1.8.0-ibm-1:1.8.0.5.15-1jpp.2.el6
  • java-1.8.0-ibm-devel-1:1.8.0.5.15-1jpp.2.el6

References