Vulnerabilities > CVE-2018-3211 - Unspecified vulnerability in Oracle JDK and JRE

047910
CVSS 6.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
local
low complexity
oracle
nessus

Summary

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serviceability). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). This vulnerability can only be exploited when Java Usage Tracker functionality is being used. CVSS 3.0 Base Score 6.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).

Vulnerable Configurations

Part Description Count
Application
Oracle
4

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201908-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201908-10 (Oracle JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Oracle’s JDK and JRE software suites. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id127959
    published2019-08-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127959
    titleGLSA-201908-10 : Oracle JDK/JRE: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201908-10.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127959);
      script_version("1.2");
      script_cvs_date("Date: 2019/09/24 11:01:33");
    
      script_cve_id("CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3150", "CVE-2018-3157", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3209", "CVE-2018-3211", "CVE-2018-3214", "CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2697", "CVE-2019-2698", "CVE-2019-2699");
      script_xref(name:"GLSA", value:"201908-10");
    
      script_name(english:"GLSA-201908-10 : Oracle JDK/JRE: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201908-10
    (Oracle JDK/JRE: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Oracle’s JDK and JRE
          software suites. Please review the CVE identifiers referenced below for
          details.
      
    Impact :
    
        Please review the referenced CVE identifiers for details.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201908-10"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Oracle JDK bin users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=dev-java/oracle-jdk-bin-1.8.0.202:1.8'
        All Oracle JRE bin users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=dev-java/oracle-jre-bin-1.8.0.202:1.8'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:oracle-jdk-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:oracle-jre-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-java/oracle-jre-bin", unaffected:make_list("ge 1.8.0.202"), vulnerable:make_list("lt 1.8.0.202"))) flag++;
    if (qpkg_check(package:"dev-java/oracle-jdk-bin", unaffected:make_list("ge 1.8.0.202"), vulnerable:make_list("lt 1.8.0.202"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Oracle JDK/JRE");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0192.NASL
    descriptionAn update of 'openjdk' packages of Photon OS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id118494
    published2018-10-29
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=118494
    titlePhoton OS 1.0: Openjdk PHSA-2018-1.0-0192 (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-1.0-0192. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118494);
      script_version("1.2");
      script_cvs_date("Date: 2019/02/07 18:59:50");
    
      script_cve_id(
        "CVE-2018-3149",
        "CVE-2018-3169",
        "CVE-2018-3183",
        "CVE-2018-3209",
        "CVE-2018-3211"
      );
    
      script_name(english:"Photon OS 1.0: Openjdk PHSA-2018-1.0-0192 (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of 'openjdk' packages of Photon OS has been released.");
      # https://github.com/vmware/photon/wiki/Security-Updates-1.0-192
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?030a1f9e");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3183");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/29");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openjdk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "openjdk-1.8.0.192-1.ph1",
      "openjdk-debuginfo-1.8.0.192-1.ph1",
      "openjdk-doc-1.8.0.192-1.ph1",
      "openjdk-sample-1.8.0.192-1.ph1",
      "openjdk-src-1.8.0.192-1.ph1"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjdk");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0290_OPENJDK11.NASL
    descriptionAn update of the openjdk11 package has been released.
    last seen2020-05-03
    modified2020-04-29
    plugin id136109
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136109
    titlePhoton OS 1.0: Openjdk11 PHSA-2020-1.0-0290
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-1.0-0290. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136109);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id(
        "CVE-2018-3136",
        "CVE-2018-3139",
        "CVE-2018-3149",
        "CVE-2018-3150",
        "CVE-2018-3157",
        "CVE-2018-3169",
        "CVE-2018-3180",
        "CVE-2018-3183",
        "CVE-2018-3211",
        "CVE-2018-11212",
        "CVE-2018-13785",
        "CVE-2018-14048",
        "CVE-2019-2422",
        "CVE-2019-2426",
        "CVE-2019-2602",
        "CVE-2019-2684",
        "CVE-2019-2745",
        "CVE-2019-2762",
        "CVE-2019-2766",
        "CVE-2019-2769",
        "CVE-2019-2786",
        "CVE-2019-2816",
        "CVE-2019-2818",
        "CVE-2019-2821",
        "CVE-2019-2894",
        "CVE-2019-2933",
        "CVE-2019-2945",
        "CVE-2019-2949",
        "CVE-2019-2958",
        "CVE-2019-2962",
        "CVE-2019-2964",
        "CVE-2019-2973",
        "CVE-2019-2975",
        "CVE-2019-2977",
        "CVE-2019-2978",
        "CVE-2019-2981",
        "CVE-2019-2983",
        "CVE-2019-2987",
        "CVE-2019-2988",
        "CVE-2019-2989",
        "CVE-2019-2992",
        "CVE-2019-2999",
        "CVE-2020-2583",
        "CVE-2020-2590",
        "CVE-2020-2593",
        "CVE-2020-2601",
        "CVE-2020-2654",
        "CVE-2020-2655",
        "CVE-2020-2754",
        "CVE-2020-2755",
        "CVE-2020-2756",
        "CVE-2020-2757",
        "CVE-2020-2767",
        "CVE-2020-2773",
        "CVE-2020-2778",
        "CVE-2020-2781",
        "CVE-2020-2800",
        "CVE-2020-2803",
        "CVE-2020-2805",
        "CVE-2020-2816",
        "CVE-2020-2830"
      );
      script_bugtraq_id(
        105587,
        105591,
        105595,
        105597,
        105599,
        105601,
        105602,
        105608,
        105617,
        105622,
        106583,
        106590,
        106596,
        107918,
        107922,
        109184,
        109185,
        109186,
        109187,
        109188,
        109189,
        109201,
        109210
      );
    
      script_name(english:"Photon OS 1.0: Openjdk11 PHSA-2020-1.0-0290");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the openjdk11 package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-290.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3183");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/29");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openjdk11");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-11.0.7-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-debuginfo-11.0.7-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-doc-11.0.7-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-src-11.0.7-1.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjdk11");
    }
    
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_OCT_2018.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 11 Update 1, 8 Update 191, 7 Update 201, or 6 Update 211. It is, therefore, affected by multiple vulnerabilities related to the following components : - An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Deployment (libpng) subcomponent could allow an unauthenticated, remote attacker with network access via HTTP to compromise Java SE, Java SE Embedded. (CVE-2018-13785) - An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Hotspot subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. (CVE-2018-3169) - An unspecified vulnerability in the Java SE component of Oracle Java SE in the JavaFX subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-3209) - An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in the JNDI subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. (CVE-2018-3149) - An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in the JSSE subcomponent could allow an unauthenticated, remote attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. (CVE-2018-3180) - An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Networking subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. (CVE-2018-3139) - An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in the Scripting subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. (CVE-2018-3183) - An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Security subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. (CVE-2018-3136) - An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Serviceability subcomponent could allow a low privileged attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. (CVE-2018-3211) - An unspecified vulnerability in the Java SE component of Oracle Java SE in the Sound subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-3157) - An unspecified vulnerability in the Java SE component of Oracle Java SE in the Utility subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-3150) Please consult the CVRF details for the applicable CVEs for additional information. Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id118228
    published2018-10-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118228
    titleOracle Java SE Multiple Vulnerabilities (October 2018 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(118228);
      script_version("1.4");
      script_cvs_date("Date: 2019/11/01");
    
      script_cve_id(
        "CVE-2018-3136",
        "CVE-2018-3139",
        "CVE-2018-3149",
        "CVE-2018-3150",
        "CVE-2018-3157",
        "CVE-2018-3169",
        "CVE-2018-3180",
        "CVE-2018-3183",
        "CVE-2018-3209",
        "CVE-2018-3211",
        "CVE-2018-3214",
        "CVE-2018-13785"
      );
      script_bugtraq_id(
        105587,
        105590,
        105591,
        105595,
        105597,
        105599,
        105601,
        105602,
        105608,
        105615,
        105617,
        105622
      );
    
      script_name(english:"Oracle Java SE Multiple Vulnerabilities (October 2018 CPU)");
      script_summary(english:"Checks the version of the JRE.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a programming platform that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle (formerly Sun) Java SE or Java for Business
    installed on the remote host is prior to 11 Update 1, 8 Update 191,
    7 Update 201, or 6 Update 211. It is, therefore, affected by
    multiple vulnerabilities related to the following components :
    
      - An unspecified vulnerability in the Java SE, Java SE
        Embedded component of Oracle Java SE in the Deployment
        (libpng) subcomponent could allow an unauthenticated,
        remote attacker with network access via HTTP to
        compromise Java SE, Java SE Embedded. (CVE-2018-13785)
    
      - An unspecified vulnerability in the Java SE, Java SE
        Embedded component of Oracle Java SE in the Hotspot
        subcomponent could allow an unauthenticated, remote
        attacker with network access via multiple protocols to
        compromise Java SE, Java SE Embedded. (CVE-2018-3169)
    
      - An unspecified vulnerability in the Java SE component
        of Oracle Java SE in the JavaFX subcomponent could allow
        an unauthenticated, remote attacker with network access
        via multiple protocols to compromise Java SE.
        (CVE-2018-3209)
    
      - An unspecified vulnerability in the Java SE, Java SE
        Embedded, JRockit component of Oracle Java SE in the
        JNDI subcomponent could allow an unauthenticated, remote
        attacker with network access via multiple protocols to
        compromise Java SE, Java SE Embedded, JRockit.
        (CVE-2018-3149)
     
      - An unspecified vulnerability in the Java SE, Java SE
        Embedded, JRockit component of Oracle Java SE in the
        JSSE subcomponent could allow an unauthenticated,
        remote attacker with network access via SSL/TLS to
        compromise Java SE, Java SE Embedded, JRockit.
        (CVE-2018-3180)
    
      - An unspecified vulnerability in the Java SE, Java SE
        Embedded component of Oracle Java SE in the
        Networking subcomponent could allow an unauthenticated,
        remote attacker with network access via multiple
        protocols to compromise Java SE, Java SE Embedded.
        (CVE-2018-3139)
    
      - An unspecified vulnerability in the Java SE, Java SE
        Embedded, JRockit component of Oracle Java SE in the
        Scripting subcomponent could allow an unauthenticated,
        remote attacker with network access via multiple
        protocols to compromise Java SE, Java SE Embedded,
        JRockit. (CVE-2018-3183)
    
      - An unspecified vulnerability in the Java SE, Java SE
        Embedded component of Oracle Java SE in the Security
        subcomponent could allow an unauthenticated, remote
        attacker with network access via multiple protocols to
        compromise Java SE, Java SE Embedded. (CVE-2018-3136)
    
      - An unspecified vulnerability in the Java SE, Java SE
        Embedded component of Oracle Java SE in the
        Serviceability subcomponent could allow a low privileged
        attacker with logon to the infrastructure where Java SE,
        Java SE Embedded executes to compromise Java SE, Java SE
        Embedded. (CVE-2018-3211)
    
      - An unspecified vulnerability in the Java SE component of
        Oracle Java SE in the Sound subcomponent could allow an
        unauthenticated, remote attacker with network access via
        multiple protocols to compromise Java SE.
        (CVE-2018-3157)
    
      - An unspecified vulnerability in the Java SE component of
        Oracle Java SE in the Utility subcomponent could allow
        an unauthenticated, remote attacker with network access
        via multiple protocols to compromise Java SE.
        (CVE-2018-3150)
    
    Please consult the CVRF details for the applicable CVEs for
    additional information.
    
    Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      # https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?705136d8");
      # https://www.oracle.com/technetwork/java/javase/11-0-1-relnotes-5032023.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?278f2590");
      # https://www.oracle.com/technetwork/java/javase/8u191-relnotes-5032181.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?adc8ef52");
      # https://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2fbcacca");
      # https://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?de812f33");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Oracle JDK / JRE 11 Update 1, 8 Update 191 / 7 Update 201 /
    6 Update 211 or later. If necessary, remove any affected versions.
    
    Note that an Extended Support contract with Oracle is needed to obtain
    JDK / JRE 6 Update 95 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3183");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("sun_java_jre_installed.nasl");
      script_require_keys("SMB/Java/JRE/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("SMB/Java/JRE/*");
    
    info = "";
    vuln = 0;
    installed_versions = "";
    
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "SMB/Java/JRE/";
      if (ver !~ "^[0-9.]+") continue;
    
      installed_versions = installed_versions + " & " + ver;
    
      # Fixes : (JDK|JRE) 11 Update 1 / 8 Update 191 / 7 Update 201 / 6 Update 211
      if (
        ver =~ '^1\\.6\\.0_([0-9]|[0-9][0-9]|1[0-9][0-9]|20[0-9]|210)([^0-9]|$)' ||
        ver =~ '^1\\.7\\.0_([0-9]|[0-9][0-9]|1[0-9][0-9]|200)([^0-9]|$)' ||
        ver =~ '^1\\.8\\.0_([0-9]|[0-9][0-9]|1[0-8][0-9]|190)([^0-9]|$)' ||
        ver =~ '^1\\.11\\.0_(0[0]|0?[0])([^0-9]|$)'
      )
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.6.0_211 / 1.7.0_201 / 1.8.0_191 / 1.11.0_1\n';
      }
    }
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
          info;
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
      exit(0);
    }
    else
    {
      installed_versions = substr(installed_versions, 3);
      if (" & " >< installed_versions)
        exit(0, "The Java "+installed_versions+" installations on the remote host are not affected.");
      else
        audit(AUDIT_INST_VER_NOT_VULN, "Java", installed_versions);
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0192_OPENJDK.NASL
    descriptionAn update of the openjdk package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121892
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121892
    titlePhoton OS 1.0: Openjdk PHSA-2018-1.0-0192
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_OCT_2018_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 11 Update 1, 8 Update 191, 7 Update 201, or 6 Update 211. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability in the Java SE Embedded component of Oracle Java SE in the Deployment (libpng) subcomponent could allow an unauthenticated, remote attacker with network access via HTTP to compromise Java SE. (CVE-2018-13785) - An unspecified vulnerability in the Java SE Embedded component of Oracle Java SE in the Hotspot subcomponent that could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE (CVE-2018-3169) - An unspecified vulnerability in the Java SE component of Oracle Java SE in the JavaFX subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-3209) - An unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit component of Oracle Java SE in the JNDI subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, and JRockit. (CVE-2018-3149) - An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in the JSSE subcomponent could allow an unauthenticated, remote attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, or JRockit. (CVE-2018-3180) - An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Networking subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE or Java SE Embedded. (CVE-2018-3139) - An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in the Scripting subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, or JRockit. (CVE-2018-3183) - An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Security subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. (CVE-2018-3136) - An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Serviceability subcomponent could allow a low privileged attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. (CVE-2018-3211) - An unspecified vulnerability in the Java SE component of Oracle Java SE in the Sound subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-3157) - An unspecified vulnerability in the Java SE component of Oracle Java SE in the Utility subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-3150) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id118227
    published2018-10-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118227
    titleOracle Java SE Multiple Vulnerabilities (October 2018 CPU) (Unix)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3002.NASL
    descriptionAn update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 191. Security Fix(es) : * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183) * Oracle JDK: unspecified vulnerability fixed in 8u191 (JavaFX) (CVE-2018-3209) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * Oracle JDK: unspecified vulnerability fixed in 8u191 and 11.0.1 (Serviceability) (CVE-2018-3211) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) * libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service (CVE-2018-13785) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118371
    published2018-10-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118371
    titleRHEL 7 : java-1.8.0-oracle (RHSA-2018:3002)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3003.NASL
    descriptionAn update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 191. Security Fix(es) : * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183) * Oracle JDK: unspecified vulnerability fixed in 8u191 (JavaFX) (CVE-2018-3209) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * Oracle JDK: unspecified vulnerability fixed in 8u191 and 11.0.1 (Serviceability) (CVE-2018-3211) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) * libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service (CVE-2018-13785) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118372
    published2018-10-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118372
    titleRHEL 6 : java-1.8.0-oracle (RHSA-2018:3003)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0106_OPENJDK8.NASL
    descriptionAn update of the openjdk8 package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id122001
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122001
    titlePhoton OS 2.0: Openjdk8 PHSA-2018-2.0-0106
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL
    descriptionAn update of the openjdk11 package has been released.
    last seen2020-05-03
    modified2020-04-29
    plugin id136100
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136100
    titlePhoton OS 3.0: Openjdk11 PHSA-2020-3.0-0084

Redhat

advisories
  • rhsa
    idRHSA-2018:3002
  • rhsa
    idRHSA-2018:3003
rpms
  • java-1.8.0-oracle-1:1.8.0.191-1jpp.1.el7
  • java-1.8.0-oracle-devel-1:1.8.0.191-1jpp.1.el7
  • java-1.8.0-oracle-javafx-1:1.8.0.191-1jpp.1.el7
  • java-1.8.0-oracle-jdbc-1:1.8.0.191-1jpp.1.el7
  • java-1.8.0-oracle-plugin-1:1.8.0.191-1jpp.1.el7
  • java-1.8.0-oracle-src-1:1.8.0.191-1jpp.1.el7
  • java-1.8.0-oracle-1:1.8.0.191-1jpp.1.el6
  • java-1.8.0-oracle-devel-1:1.8.0.191-1jpp.1.el6
  • java-1.8.0-oracle-javafx-1:1.8.0.191-1jpp.1.el6
  • java-1.8.0-oracle-jdbc-1:1.8.0.191-1jpp.1.el6
  • java-1.8.0-oracle-plugin-1:1.8.0.191-1jpp.1.el6
  • java-1.8.0-oracle-src-1:1.8.0.191-1jpp.1.el6